Contact

Simple Ways to Change Jenkins Default Port

Introduction

By default, Jenkins runs on port 8080. While this works for quick testing, it can cause problems in real environments. Port 8080 is commonly scanned by attackers, often blocked in enterprise networks, and sometimes already used by other applications. Because of this, changing or abstracting the Jenkins port is a common and important DevOps task 42488ef8-2d8d-4c70-95d8-d5f8090….

In this blog, we’ll go through three practical and industry-accepted methods to change how Jenkins is accessed. Each method solves the problem in a different way, and we’ll also explain when you should use each one.

Method 1: Change Jenkins Port Using systemd Override (Recommended)

This is the best and safest method for most setups, especially on modern Ubuntu systems. Jenkins on Ubuntu is managed by systemd, and it does not reliably read /etc/default/jenkins. Instead of modifying core files, systemd allows us to override configuration in a clean and upgrade-safe way 42488ef8-2d8d-4c70-95d8-d5f8090….

How this method works

Jenkins runs as a system service. Using a systemd override, we inject an environment variable (JENKINS_PORT) at runtime. This changes the port without touching Jenkins core files.

Step-by-step commands

1. Confirm Jenkins is managed by systemd

systemctl cat jenkins

2. Create an override directory

sudo mkdir -p /etc/systemd/system/jenkins.service.d

3. Create the override configuration

sudo nano /etc/systemd/system/jenkins.service.d/override.conf

Add the following content:

[Service]
Environment="JENKINS_PORT=5555"

4. Reload systemd and restart Jenkins

sudo systemctl daemon-reload
sudo systemctl restart jenkins

5. Verify the new port

sudo ss -tulnp | grep jenkins

You should now see Jenkins listening on port 5555.

When to use this method
  • Production environments
  • When you want upgrade-safe configuration
  • When Jenkins runs as a system service

Method 2: Expose Jenkins Using Nginx Reverse Proxy (Enterprise Pattern)

In real production systems, Jenkins should not be exposed directly to the internet. Instead, it should sit behind a reverse proxy like Nginx, which handles traffic on standard ports like 80 or 443. Jenkins continues running internally on port 8080, but users never see that port

How this method works

User requests go to Nginx on port 80 or 443. Nginx forwards those requests internally to Jenkins running on localhos

Architecture overview

Browser → Nginx (80/443) → Jenkins (8080)
Step-by-step commands

Confirm Jenkins internal port

sudo ss -tulnp | grep jenkins

Install Nginx

sudo apt update
sudo apt install -y nginx

Create Nginx configuration

sudo nano /etc/nginx/sites-available/jenkins

Add:

server {
    listen 80;
    server_name _;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable the configuration

sudo ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default

Test and reload Nginx

sudo nginx -t
sudo systemctl reload nginx

Now Jenkins is accessible using:

http://<server-ip>
When to use this method
  • Enterprise or production environments
  • When SSL, domains, or firewalls are needed
  • When Jenkins should not be publicly exposed

Method 3: Start Jenkins Manually Using WAR File (Testing Only)

This method is useful only for testing or debugging. Jenkins is started manually using Java, and the port is passed as an argument. It is not persistent and stops when the terminal closes

Step-by-step commands

Stop the Jenkins service

sudo systemctl stop jenkins

Start Jenkins manually

java -jar /usr/share/java/jenkins.war --httpPort=7777

Verify

sudo ss -tulnp | grep java

Jenkins will now run on port 7777, but only while the terminal session is active.

When to use this method
  • Debugging startup issues
  • Temporary testing
  • Learning how Jenkins starts internally

🚫 Not recommended for production

Conclusion

Changing the Jenkins default port is a small task, but it has a big impact on security and reliability. In this guide, we explored three different approaches—systemd overrides, Nginx reverse proxy, and manual startup—each suited for different scenarios. Understanding these methods helps you choose the right solution based on environment needs, security requirements, and operational maturity. This is a common real-world DevOps task and a frequent interview topic, making it an essential skill for any aspiring DevOps engineer