From e8cc09db04bdebd2d1196357ce91d7f9db73ca36 Mon Sep 17 00:00:00 2001 From: Pan Teparak Date: Fri, 25 Aug 2017 14:03:52 +0700 Subject: [PATCH 1/2] Add ability to override default DH_PARAM_SIZE --- app/entrypoint.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/entrypoint.sh b/app/entrypoint.sh index b100b613..32d9bcdd 100755 --- a/app/entrypoint.sh +++ b/app/entrypoint.sh @@ -77,9 +77,15 @@ function check_writable_directory { } function check_dh_group { + local DHPARAM_BITS="${DHPARAM_BITS:-2048}" + re='^[0-9]*$' + if ! [[ "$DHPARAM_BITS" =~ $re ]] ; then + echo "Error: invalid Diffie-Hellman size of $DHPARAM_BITS !" >&2 + exit 1 + fi if [[ ! -f /etc/nginx/certs/dhparam.pem ]]; then echo "Creating Diffie-Hellman group (can take several minutes...)" - openssl dhparam -out /etc/nginx/certs/.dhparam.pem.tmp 2048 + openssl dhparam -out /etc/nginx/certs/.dhparam.pem.tmp $DHPARAM_BITS mv /etc/nginx/certs/.dhparam.pem.tmp /etc/nginx/certs/dhparam.pem || exit 1 fi } From cf6e2357bef74690b6f7145b5af7dc7948f87a1c Mon Sep 17 00:00:00 2001 From: Pan Teparak Date: Fri, 25 Aug 2017 14:04:14 +0700 Subject: [PATCH 2/2] Update Readme to reflect change --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ac7b736d..bc4f20d7 100644 --- a/README.md +++ b/README.md @@ -219,6 +219,8 @@ $ docker run -d \ * No value (empty, not set): no change in behavior. * `ecs` [Amazon ECS using ECS_CONTAINER_METADATA_FILE environment variable](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-metadata.html) +* `DHPARAM_BITS` - Change the size of the Diffie-Hellman key generated by the container from the default value of 2048 bits. For example `-e DHPARAM_BITS=1024` to support some older clients like Java 6 and 7. + #### Examples: If you want other examples how to use this container, look at: