Generate and use custom primes for DH
This commit is contained in:
parent
d5e3ca60af
commit
2ef7e5c975
|
@ -224,6 +224,10 @@ deploy {
|
||||||
name = "nginx | Create nginx configuration"
|
name = "nginx | Create nginx configuration"
|
||||||
copy = "src=./files/nginx.conf dest=/etc/nginx/sites-enabled/default"
|
copy = "src=./files/nginx.conf dest=/etc/nginx/sites-enabled/default"
|
||||||
}
|
}
|
||||||
|
tasks {
|
||||||
|
name = "nginx | Create DH parameters"
|
||||||
|
command = "openssl dhparam -out /etc/nginx/dhparams.pem 2048 creates=/etc/nginx/dhparams.pem"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -237,7 +241,7 @@ restart {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
playbooks {
|
playbooks {
|
||||||
hosts = "nginx"
|
hosts = "tusd"
|
||||||
name = "Restart nginx"
|
name = "Restart nginx"
|
||||||
tasks {
|
tasks {
|
||||||
action = "service name=nginx state=restarted"
|
action = "service name=nginx state=restarted"
|
||||||
|
|
|
@ -8,6 +8,10 @@ server {
|
||||||
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/master.tus.io/privkey.pem;
|
||||||
|
|
||||||
|
# Load custom parameters for Diffie Hellman key exchange to avoid the usage
|
||||||
|
# of common primes
|
||||||
|
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||||
|
|
||||||
server_name master.tus.io;
|
server_name master.tus.io;
|
||||||
|
|
||||||
# certbot will place the files required for the HTTP challenge in the
|
# certbot will place the files required for the HTTP challenge in the
|
||||||
|
|
Loading…
Reference in New Issue