Domů Procházet Nápověda
Přihlásit se
mirrors
/
nginx-proxy
zrcadlo https://github.com/nginx-proxy/nginx-proxy.git
2
0
Rozštěpit 0
Soubory
Procházet zdrojové kódy

Merge pull request #170 from kcyeu/master

Add support for ssl_dhparam to prevent 'Logjam' attack
Jason Wilder před 10 roky
rodič
2b270c9353 d74a4146c8
revize
02bc7d2c1b
2 změnil soubory, kde provedl 10 přidání a 0 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 6 0
      README.md
  2. 4 0
      nginx.tmpl

+ 6 - 0
README.md
Zobrazit soubor 

@@ -83,6 +83,12 @@ hosts in use.  The certificate and keys should be named after the virtual host w
 
 `.key` extension.  For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
 
 `foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
 
 
+#### Diffie-Hellman Groups
 
+
 
+If you have Diffie-Hellman groups enabled, the files should be named after the virtual host with a
 
+`dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com`
 
+should have a `foo.bar.com.dhparam.pem` file in the certs directory.
 
+
 
 #### Wildcard Certificates
 
 
 Wildcard certificates and keys should be name after the domain name with a `.crt` and `.key` extension.

+ 4 - 0
nginx.tmpl
Zobrazit soubor 

@@ -105,6 +105,10 @@ server {
 
 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
 
 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
 
 
+	{{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $cert)) }}
 
+	ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
 
+	{{ end }}
 
+
 
 	add_header Strict-Transport-Security "max-age=31536000";
 
 
 	{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}