From ebfe5e9c17b76d671a03ac6ef1b1ab17797c6954 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Wed, 11 Jan 2017 22:49:55 -0500 Subject: [PATCH] Added note about background generation --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b3e1702..e7d3f5f 100644 --- a/README.md +++ b/README.md @@ -151,12 +151,17 @@ By default, Docker is not able to mount directories on the host machine to conta #### Diffie-Hellman Groups -Diffie-Hellman groups are enabled by default, with a pregenerated key in `/etc/nginx/dhparam.pem`. +Diffie-Hellman groups are enabled by default, with a pregenerated key in `/etc/nginx/dhparam/dhparam.pem`. You can mount a different `dhparam.pem` file at that location to override the default cert. To use custom `dhparam.pem` files per-virtual-host, the files should be named after the virtual host with a `dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory. +> NOTE: If you don't mount a `dhparam.pem` file at `/etc/nginx/dhparam/dhparam.pem`, one will be generated +at startup. Since it can take minutes to generate a new `dhparam.pem`, it is done at low priority in the +background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx +is reloaded. This generation process only occurs the first time you start `nginx-proxy`. + #### Wildcard Certificates Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.