web: split TLS configuration and make it stronger

Resources: - https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - https://weakdh.org/sysadmin.html
2018-11-07 09:55:59 +01:00
parent c34b4814df
commit 415f10406f
3 changed files with 26 additions and 3 deletions
--- a/web/rootfs/etc/cont-init.d/10-config
+++ b/web/rootfs/etc/cont-init.d/10-config
@@ -12,6 +12,14 @@ if [[ ! -f /config/nginx/nginx.conf ]]; then
    cp /defaults/nginx.conf /config/nginx/nginx.conf
 fi

+if [[ ! -f /config/nginx/ssl.conf ]]; then
+    cp /defaults/ssl.conf /config/nginx/ssl.conf
+fi
+
+if [ ! -f "/config/nginx/dhparams.pem" ]; then
+    openssl dhparam -out /config/nginx/dhparams.pem 2048
+fi
+
 if [[ ! -f /config/nginx/site-confs/default ]]; then
    tpl /defaults/default > /config/nginx/site-confs/default
 fi