thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 11:56:31 +00:00
Code Issues Releases Wiki Activity

Added DHParam compatibility note

Browse Source
This commit is contained in:
Steve Kamerman 2017-06-18 21:30:59 -04:00
parent 761bbf9dbc
commit 026ba7cdac
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -184,6 +184,11 @@ at startup. Since it can take minutes to generate a new `dhparam.pem`, it is do
background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx
is reloaded. This generation process only occurs the first time you start `nginx-proxy`. is reloaded. This generation process only occurs the first time you start `nginx-proxy`.
> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some
> older clients (like Java 6 and 7) do not support DH keys with over 1024 bits. In order to support these
> clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit
> key on startup by passing `-e DHPARAM_BITS=1024`.
#### Wildcard Certificates #### Wildcard Certificates
Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension. Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.