Generate and use custom primes for DH

This commit is contained in:
Marius 2016-11-09 21:44:24 +01:00
parent d5e3ca60af
commit 2ef7e5c975
2 changed files with 9 additions and 1 deletions

View File

@ -224,6 +224,10 @@ deploy {
name = "nginx | Create nginx configuration" name = "nginx | Create nginx configuration"
copy = "src=./files/nginx.conf dest=/etc/nginx/sites-enabled/default" copy = "src=./files/nginx.conf dest=/etc/nginx/sites-enabled/default"
} }
tasks {
name = "nginx | Create DH parameters"
command = "openssl dhparam -out /etc/nginx/dhparams.pem 2048 creates=/etc/nginx/dhparams.pem"
}
} }
} }
@ -237,7 +241,7 @@ restart {
} }
} }
playbooks { playbooks {
hosts = "nginx" hosts = "tusd"
name = "Restart nginx" name = "Restart nginx"
tasks { tasks {
action = "service name=nginx state=restarted" action = "service name=nginx state=restarted"

View File

@ -8,6 +8,10 @@ server {
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem; ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
# Load custom parameters for Diffie Hellman key exchange to avoid the usage
# of common primes
ssl_dhparam /etc/nginx/dhparams.pem;
server_name master.tus.io; server_name master.tus.io;
# certbot will place the files required for the HTTP challenge in the # certbot will place the files required for the HTTP challenge in the