faster better dhparams that actually get used

This commit is contained in:
cronekorkn 2024-06-05 21:34:28 +02:00
parent ff51b41c38
commit d62e609863
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
2 changed files with 2 additions and 1 deletions

View file

@ -21,6 +21,7 @@ http {
server_names_hash_bucket_size 128;
tcp_nopush on;
client_max_body_size 32G;
ssl_dhparam "/etc/nginx/dhparams.pem";
% if node.has_bundle('php'):
upstream php-handler {

View file

@ -76,7 +76,7 @@ files = {
actions = {
'nginx-generate-dhparam': {
'command': 'openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048',
'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096',
'unless': 'test -f /etc/ssl/certs/dhparam.pem',
},
}