thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-12-14 06:19:21 +00:00
Code Issues Releases Wiki Activity

feat: Bring back ability to skip default DH params

Browse Source 
Adds back the ability to avoid using DH params, provided no file was explicitly supplied.

This used to be `DHPARAM_GENERATION=false`, the equivalent is now `DHPARAM_SKIP=1` (default 0). Previous name was no longer appropriate.

Ensures that if a user has explicitly provided their own dhparam file to still output a warning instead of the skip message, since `DHPARAM_SKIP=1` doesn't disable the support in nginx.
This commit is contained in:
polarathene
2021-09-28 21:49:06 +13:00
parent fd35a09240
commit 1d2f308cdf
4 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker-entrypoint.sh
View File

@@ -47,6 +47,9 @@ function _setup_dhparam() {
if [[ -f ${DHPARAM_FILE} ]]; then
echo 'Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.' >&2
return 0
elif [[ ${DHPARAM_SKIP:=0} -eq 1 ]]; then
echo 'Skipping Diffie-Hellman parameters setup.'
return 0
elif [[ ! ${DHPARAM_BITS} =~ ^(2048|3072|4096)$ ]]; then
echo "ERROR: Unsupported DHPARAM_BITS size: ${DHPARAM_BITS}. Use: 2048, 3072, or 4096 (default)." >&2
exit 1