mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 20:06:30 +00:00
Merge pull request #170 from kcyeu/master
Add support for ssl_dhparam to prevent 'Logjam' attack
This commit is contained in:
commit
02bc7d2c1b
@ -83,6 +83,12 @@ hosts in use. The certificate and keys should be named after the virtual host w
|
|||||||
`.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
|
`.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
|
||||||
`foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
|
`foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
|
||||||
|
|
||||||
|
#### Diffie-Hellman Groups
|
||||||
|
|
||||||
|
If you have Diffie-Hellman groups enabled, the files should be named after the virtual host with a
|
||||||
|
`dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com`
|
||||||
|
should have a `foo.bar.com.dhparam.pem` file in the certs directory.
|
||||||
|
|
||||||
#### Wildcard Certificates
|
#### Wildcard Certificates
|
||||||
|
|
||||||
Wildcard certificates and keys should be name after the domain name with a `.crt` and `.key` extension.
|
Wildcard certificates and keys should be name after the domain name with a `.crt` and `.key` extension.
|
||||||
|
@ -105,6 +105,10 @@ server {
|
|||||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
||||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
||||||
|
|
||||||
|
{{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $cert)) }}
|
||||||
|
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000";
|
add_header Strict-Transport-Security "max-age=31536000";
|
||||||
|
|
||||||
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
|
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
|
||||||
|
Loading…
Reference in New Issue
Block a user