mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-25 05:16:30 +00:00
Update Diffie-Hellman Groups doc
+ corrected a typo
This commit is contained in:
parent
2528a35656
commit
3ac478f284
@ -210,7 +210,7 @@ should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory
|
|||||||
|
|
||||||
> NOTE: If you don't mount a `dhparam.pem` file at `/etc/nginx/dhparam/dhparam.pem`, one will be generated
|
> NOTE: If you don't mount a `dhparam.pem` file at `/etc/nginx/dhparam/dhparam.pem`, one will be generated
|
||||||
at startup. Since it can take minutes to generate a new `dhparam.pem`, it is done at low priority in the
|
at startup. Since it can take minutes to generate a new `dhparam.pem`, it is done at low priority in the
|
||||||
background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx
|
background. Once generation is complete, the `dhparam.pem` is saved on a persistent volume and nginx
|
||||||
is reloaded. This generation process only occurs the first time you start `nginx-proxy`.
|
is reloaded. This generation process only occurs the first time you start `nginx-proxy`.
|
||||||
|
|
||||||
> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some
|
> COMPATIBILITY WARNING: The default generated `dhparam.pem` key is 2048 bits for A+ security. Some
|
||||||
@ -218,6 +218,12 @@ is reloaded. This generation process only occurs the first time you start `ngin
|
|||||||
> clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit
|
> clients, you must either provide your own `dhparam.pem`, or tell `nginx-proxy` to generate a 1024-bit
|
||||||
> key on startup by passing `-e DHPARAM_BITS=1024`.
|
> key on startup by passing `-e DHPARAM_BITS=1024`.
|
||||||
|
|
||||||
|
In the separate container setup, no pregenerated key will be available and neither the
|
||||||
|
[jwilder/docker-gen](https://index.docker.io/u/jwilder/docker-gen/) image nor the offical
|
||||||
|
[nginx](https://registry.hub.docker.com/_/nginx/) image will generate one. If you still want A+ security
|
||||||
|
in a separate container setup, you'll have to generate a 2048 bits DH key file manually and mount it on the
|
||||||
|
nginx container, at `/etc/nginx/dhparam/dhparam.pem`.
|
||||||
|
|
||||||
#### Wildcard Certificates
|
#### Wildcard Certificates
|
||||||
|
|
||||||
Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.
|
Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.
|
||||||
|
Loading…
Reference in New Issue
Block a user