Generate unique DHE parameters on first bootstrap

author riking <rikingcoding@gmail.com>

Thu, 21 May 2015 01:40:25 +0000 (18:40 -0700)

committer riking <rikingcoding@gmail.com>

Thu, 21 May 2015 02:01:56 +0000 (19:01 -0700)
author riking <rikingcoding@gmail.com>
Thu, 21 May 2015 01:40:25 +0000 (18:40 -0700)
committer riking <rikingcoding@gmail.com>
Thu, 21 May 2015 02:01:56 +0000 (19:01 -0700)
diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml

index 740311f0db75d5df1f5f181baed9ab8d6f5a86df..fd72cf293770bb5508fc0861b99d9e0e93980565 100644 (file)
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -1,4 +1,9 @@
  run:
+  - exec:
+     cmd:
+       # Generate strong Diffie-Hellman parameters
+       - "mkdir -p /shared/ssl/"
+       - "[ ! -e /shared/ssl/dhparams.pem ] && openssl dhparam -out /shared/ssl/dhparams.pem 2048 || true"
    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: /server.+{/
@@ -22,6 +27,7 @@ run:
  
         ssl_certificate /shared/ssl/ssl.crt;
         ssl_certificate_key /shared/ssl/ssl.key;
+       ssl_dhparam /shared/ssl/dhparams.pem;
  
         ssl_session_tickets off;
         ssl_session_cache shared:SSL:1m;
author	riking <rikingcoding@gmail.com>
	Thu, 21 May 2015 01:40:25 +0000 (18:40 -0700)
committer	riking <rikingcoding@gmail.com>
	Thu, 21 May 2015 02:01:56 +0000 (19:01 -0700)