thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-11-04 11:09:20 +00:00
Code Issues Releases Wiki Activity

Added note about background generation

Browse Source
This commit is contained in:
Steve Kamerman
2017-01-11 22:49:55 -05:00
parent dfdd67f5a4
commit ebfe5e9c17
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -151,12 +151,17 @@ By default, Docker is not able to mount directories on the host machine to conta
#### Diffie-Hellman Groups #### Diffie-Hellman Groups
Diffie-Hellman groups are enabled by default, with a pregenerated key in `/etc/nginx/dhparam.pem`. Diffie-Hellman groups are enabled by default, with a pregenerated key in `/etc/nginx/dhparam/dhparam.pem`.
You can mount a different `dhparam.pem` file at that location to override the default cert. You can mount a different `dhparam.pem` file at that location to override the default cert.
To use custom `dhparam.pem` files per-virtual-host, the files should be named after the virtual host with a To use custom `dhparam.pem` files per-virtual-host, the files should be named after the virtual host with a
`dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` `dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com`
should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory. should have a `foo.bar.com.dhparam.pem` file in the `/etc/nginx/certs` directory.
> NOTE: If you don't mount a `dhparam.pem` file at `/etc/nginx/dhparam/dhparam.pem`, one will be generated
at startup. Since it can take minutes to generate a new `dhparam.pem`, it is done at low priority in the
background. Once generation is complete, the `dhparams.pem` is saved on a persistent volume and nginx
is reloaded. This generation process only occurs the first time you start `nginx-proxy`.
#### Wildcard Certificates #### Wildcard Certificates
Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension. Wildcard certificates and keys should be named after the domain name with a `.crt` and `.key` extension.