From: riking <rikingcoding@gmail.com>
Date: Thu, 21 May 2015 01:40:25 +0000 (-0700)
Subject: Generate unique DHE parameters on first bootstrap
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=421b9abef0fec6d495d009a82aa1311c43203cf3;p=discourse_docker.git

Generate unique DHE parameters on first bootstrap
---

diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index 740311f..fd72cf2 100644
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -1,4 +1,9 @@
 run:
+  - exec:
+     cmd:
+       # Generate strong Diffie-Hellman parameters
+       - "mkdir -p /shared/ssl/"
+       - "[ ! -e /shared/ssl/dhparams.pem ] && openssl dhparam -out /shared/ssl/dhparams.pem 2048 || true"
   - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /server.+{/
@@ -22,6 +27,7 @@ run:
 
        ssl_certificate /shared/ssl/ssl.crt;
        ssl_certificate_key /shared/ssl/ssl.key;
+       ssl_dhparam /shared/ssl/dhparams.pem;
 
        ssl_session_tickets off;
        ssl_session_cache shared:SSL:1m;