Setting up Nginx SSL-PFS + Jenkins on Ubuntu 12.04

jenkins_nginx_ssl_ubuntu.sh

# Install Jenkins
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get install jenkins

ACTION: check that Jenkins is running on yourdomain.com:8080

# SSL certificates with Perfect Forward Secrecy
# (assuming /etc/ssl/certs/yourdomain.com.pem already exists)
openssl dhparam -rand - 1024 >> /etc/ssl/certs/yourdomain.com.pem


# Nginx
apt-get install nginx
rm /etc/nginx/sites-enabled/default  (OPTIONAL: only if you don't want default nginx page showing)

# setup Nginx config
nano /etc/nginx/sites-available/yourdomain.com
  server {
    listen 443;
    server_name yourdomain.com;

    ssl on;
    ssl_certificate /etc/ssl/certs/yourdomain.com.pem;
    ssl_certificate_key /etc/ssl/certs/yourdomain.com.pem;
    ssl_session_timeout 5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA:EECDH:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

    location / {
		  proxy_pass http://127.0.0.1:8080;               
    }
  }
  


# restart nginx
ln -s /etc/nginx/sites-available/build /etc/nginx/sites-enabled/build 
/etc/init.d/nginx restart


# FINAL CHECKLIST:
#   - ensure your firewall is setup to only allow incoming TCP connections on ports 22 and 443.


ACTION: check that https://yourdomain.com shows Jenkins

ACTION: check perfect forward secrecy by visitng https://www.ssllabs.com/ssltest/ and entering your URL. 
The above PFS settings were obtained from http://baudehlo.wordpress.com/2013/06/24/setting-up-perfect-forward-secrecy-for-nginx-or-stud/