Configure 2048 bit DH parameters for nginx
authorTom Hughes <tom@compton.nu>
Sun, 17 May 2015 21:32:17 +0000 (22:32 +0100)
committerTom Hughes <tom@compton.nu>
Sun, 17 May 2015 21:32:17 +0000 (22:32 +0100)
cookbooks/ssl/files/default/dhparam.pem [new file with mode: 0644]
cookbooks/ssl/recipes/default.rb
cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb

diff --git a/cookbooks/ssl/files/default/dhparam.pem b/cookbooks/ssl/files/default/dhparam.pem
new file mode 100644 (file)
index 0000000..c895dd7
--- /dev/null
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEApDYHQhAm+Wje/kmAWAzCIOhzxJj6RjjKbOfsUp31PpBaeQKwdIZZ
+jStXfkdo1/c4FfpKczO4WMQJBJjCts6nmEfaPTq/ybcVtG0GQDwO6NIjM8sSymUF
+Qcnd9aH2jfUyciPqkAfTavvy+zZIU+3HxTvCA3I6JY5qLZ4YOpNheRu5Q9azBMLo
+vfb+6oQGMnMvUVCSU8aw8BQ1qwhzJJQNAszQqA3DrxG17jsk0mBzsR3KSs4eNcjx
++65YhKArG76J1NolcP1rocehK5nrH2IO3cU2G/m2Y09DkXSP9thRSxUQ7rVKSgbC
+KhA263146gEf+bbKdMf6zrsNpjisMZ62ewIBAg==
+-----END DH PARAMETERS-----
index f5239e6..f737fe1 100644 (file)
@@ -22,7 +22,7 @@ keys = data_bag_item("ssl", "keys")
 package "openssl"
 package "ssl-cert"
 
-%w(rapidssl startcom).each do |certificate|
+%w(rapidssl startcom dhparam).each do |certificate|
   cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
     owner "root"
     group "root"
index 20f94dc..77e2c6f 100644 (file)
@@ -13,6 +13,7 @@ server {
     ssl_session_cache shared:SSL:30m;
     ssl_session_timeout 15m;
     ssl_stapling on;
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
     resolver <%= @resolvers.join(" ") %>;
 
     location / { proxy_pass http://127.0.0.1; proxy_set_header X-Forwarded-For $remote_addr; }