diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f43a127..a413877 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -15,7 +15,8 @@ if [[ $DOCKER_HOST = unix://* ]]; then fi # Generate dhparam file if required -/app/generate-dhparam.sh +# Note: if $DHPARAM_BITS is not defined, generate-dhparam.sh will use 2048 as a default +/app/generate-dhparam.sh $DHPARAM_BITS # If the user has run the default command and the socket doesn't exist, fail if [ "$socketMissing" = 1 -a "$1" = forego -a "$2" = start -a "$3" = '-r' ]; then diff --git a/generate-dhparam.sh b/generate-dhparam.sh index 0097754..9f5d4ff 100755 --- a/generate-dhparam.sh +++ b/generate-dhparam.sh @@ -1,10 +1,12 @@ #!/bin/bash -e +# The first argument is the bit depth of the dhparam, or 2048 if unspecified +DHPARAM_BITS=${1:-2048} + # If a dhparam file is not available, use the pre-generated one and generate a new one in the background. # Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts. PREGEN_DHPARAM_FILE="/app/dhparam.pem.default" DHPARAM_FILE="/etc/nginx/dhparam/dhparam.pem" -DHPARAM_BITS="2048" GEN_LOCKFILE="/tmp/dhparam_generating.lock" # The hash of the pregenerated dhparam file is used to check if the pregen dhparam is already in use diff --git a/test/ssl_dhparam.bats b/test/ssl_dhparam.bats index c5470a6..c193c5c 100644 --- a/test/ssl_dhparam.bats +++ b/test/ssl_dhparam.bats @@ -7,7 +7,7 @@ function setup { stop_bats_containers web } -@test "[$TEST_FILE] test dhparam.pem is generated if missing (WARNING: this test is slow)" { +@test "[$TEST_FILE] test dhparam.pem is generated if missing" { SUT_CONTAINER=bats-nginx-proxy-${TEST_FILE}-1 # WHEN @@ -16,6 +16,7 @@ function setup { --label bats-type="nginx-proxy" \ --name $SUT_CONTAINER \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ + -e DHPARAM=256 \ $SUT_IMAGE \ && wait_for_nginxproxy_container_to_start $SUT_CONTAINER \ && docker logs $SUT_CONTAINER @@ -23,7 +24,7 @@ function setup { DEFAULT_HASH=$(docker exec $SUT_CONTAINER md5sum /etc/nginx/dhparam/dhparam.pem | cut -d" " -f1) assert_success - docker_wait_for_log $SUT_CONTAINER 9 "Generating DH parameters" + docker_wait_for_log $SUT_CONTAINER 30 "Generating DH parameters" # THEN docker_wait_for_log $SUT_CONTAINER 240 "dhparam generation complete, reloading nginx" @@ -56,13 +57,14 @@ function setup { --name $SUT_CONTAINER \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ -v $TMP_DIR:/etc/nginx/dhparam \ + -e DHPARAM=256 \ $SUT_IMAGE \ && wait_for_nginxproxy_container_to_start $SUT_CONTAINER \ && docker logs $SUT_CONTAINER # THEN assert_success - docker_wait_for_log $SUT_CONTAINER 9 "Generating DH parameters" + docker_wait_for_log $SUT_CONTAINER 30 "Generating DH parameters" docker exec $SUT_CONTAINER rm -rf /etc/nginx/dhparam/* }