Merge pull request #170 from andreasfaerber/master

Create and use SSL dhparam file if not mounted, NGINX_SSL_DHPARAM_BITS variable in .env.dist file
master
kaiyou 8 years ago committed by GitHub
commit f421bee148

@ -69,6 +69,13 @@ RELAYHOST=
# Fetchmail delay # Fetchmail delay
FETCHMAIL_DELAY=600 FETCHMAIL_DELAY=600
###################################
# Nginx settings
###################################
# SSL DHPARAM Bits
NGINX_SSL_DHPARAM_BITS=2048
################################### ###################################
# Developers # Developers
################################### ###################################

@ -35,6 +35,7 @@ http {
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_certificate /certs/cert.pem; ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/key.pem; ssl_certificate_key /certs/key.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security max-age=15768000;

@ -30,6 +30,7 @@ http {
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_certificate /tmp/snakeoil.pem; ssl_certificate /tmp/snakeoil.pem;
ssl_certificate_key /tmp/snakeoil.pem; ssl_certificate_key /tmp/snakeoil.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security max-age=15768000;

@ -9,4 +9,8 @@ L=None/O=None/CN=$DOMAIN"
cp /etc/nginx/nginx.conf.fallback /etc/nginx/nginx.conf cp /etc/nginx/nginx.conf.fallback /etc/nginx/nginx.conf
fi fi
if [ ! -r /etc/nginx/dhparam.pem ]; then
openssl dhparam -out /etc/nginx/dhparam.pem $NGINX_SSL_DHPARAM_BITS
fi
nginx -g 'daemon off;' nginx -g 'daemon off;'

Loading…
Cancel
Save