From 421b9abef0fec6d495d009a82aa1311c43203cf3 Mon Sep 17 00:00:00 2001 From: riking Date: Wed, 20 May 2015 18:40:25 -0700 Subject: [PATCH] Generate unique DHE parameters on first bootstrap --- templates/web.ssl.template.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml index 740311f..fd72cf2 100644 --- a/templates/web.ssl.template.yml +++ b/templates/web.ssl.template.yml @@ -1,4 +1,9 @@ run: + - exec: + cmd: + # Generate strong Diffie-Hellman parameters + - "mkdir -p /shared/ssl/" + - "[ ! -e /shared/ssl/dhparams.pem ] && openssl dhparam -out /shared/ssl/dhparams.pem 2048 || true" - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /server.+{/ @@ -22,6 +27,7 @@ run: ssl_certificate /shared/ssl/ssl.crt; ssl_certificate_key /shared/ssl/ssl.key; + ssl_dhparam /shared/ssl/dhparams.pem; ssl_session_tickets off; ssl_session_cache shared:SSL:1m; -- 2.25.1