Merge pull request #170 from andreasfaerber/master

Create and use SSL dhparam file if not mounted, NGINX_SSL_DHPARAM_BITS variable in .env.dist file

.env.dist

@@ -69,6 +69,13 @@ RELAYHOST=
 # Fetchmail delay
 FETCHMAIL_DELAY=600
 
+###################################
+# Nginx settings
+###################################
+
+# SSL DHPARAM Bits
+NGINX_SSL_DHPARAM_BITS=2048
+
 ###################################
 # Developers
 ###################################

nginx/nginx.conf.default

@@ -35,6 +35,7 @@ http {
       ssl_session_cache shared:SSL:50m;
       ssl_certificate /certs/cert.pem;
       ssl_certificate_key /certs/key.pem;
+      ssl_dhparam /etc/nginx/dhparam.pem;
 
       add_header Strict-Transport-Security max-age=15768000;
 

nginx/nginx.conf.fallback

@@ -30,6 +30,7 @@ http {
       ssl_session_cache shared:SSL:50m;
       ssl_certificate /tmp/snakeoil.pem;
       ssl_certificate_key /tmp/snakeoil.pem;
+      ssl_dhparam /etc/nginx/dhparam.pem;
 
       add_header Strict-Transport-Security max-age=15768000;
 

nginx/start.sh

@@ -9,4 +9,8 @@ L=None/O=None/CN=$DOMAIN"
   cp /etc/nginx/nginx.conf.fallback /etc/nginx/nginx.conf
 fi
 
+if [ ! -r /etc/nginx/dhparam.pem ]; then
+  openssl dhparam -out /etc/nginx/dhparam.pem $NGINX_SSL_DHPARAM_BITS
+fi
+
 nginx -g 'daemon off;'