Skip to content

Instantly share code, notes, and snippets.

Last active January 4, 2016 08:09
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save hiddentao/8593447 to your computer and use it in GitHub Desktop.
Setting up Nginx SSL-PFS + Jenkins on Ubuntu 12.04
# Install Jenkins
wget -q -O - | sudo apt-key add -
sudo sh -c 'echo deb binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get install jenkins
ACTION: check that Jenkins is running on
# SSL certificates with Perfect Forward Secrecy
# (assuming /etc/ssl/certs/ already exists)
openssl dhparam -rand - 1024 >> /etc/ssl/certs/
# Nginx
apt-get install nginx
rm /etc/nginx/sites-enabled/default (OPTIONAL: only if you don't want default nginx page showing)
# setup Nginx config
nano /etc/nginx/sites-available/
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/;
ssl_certificate_key /etc/ssl/certs/;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# restart nginx
ln -s /etc/nginx/sites-available/build /etc/nginx/sites-enabled/build
/etc/init.d/nginx restart
# - ensure your firewall is setup to only allow incoming TCP connections on ports 22 and 443.
ACTION: check that shows Jenkins
ACTION: check perfect forward secrecy by visitng and entering your URL.
The above PFS settings were obtained from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment