From d62e6098635a8ee002558d97203204f6c7222500 Mon Sep 17 00:00:00 2001
From: cronekorkn <git@ckn.li>
Date: Wed, 5 Jun 2024 21:34:28 +0200
Subject: [PATCH] faster better dhparams that actually get used

---
 bundles/nginx/files/nginx.conf | 1 +
 bundles/nginx/items.py         | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/bundles/nginx/files/nginx.conf b/bundles/nginx/files/nginx.conf
index 08f6693..ef65a3e 100644
--- a/bundles/nginx/files/nginx.conf
+++ b/bundles/nginx/files/nginx.conf
@@ -21,6 +21,7 @@ http {
     server_names_hash_bucket_size 128;
     tcp_nopush on;
     client_max_body_size 32G;
+    ssl_dhparam "/etc/nginx/dhparams.pem";
 
     % if node.has_bundle('php'):
     upstream php-handler {
diff --git a/bundles/nginx/items.py b/bundles/nginx/items.py
index ec1a56b..0fddc0c 100644
--- a/bundles/nginx/items.py
+++ b/bundles/nginx/items.py
@@ -76,7 +76,7 @@ files = {
 
 actions = {
     'nginx-generate-dhparam': {
-        'command': 'openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048',
+        'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096',
         'unless': 'test -f /etc/ssl/certs/dhparam.pem',
     },
 }