New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dhparam directory required by nginx #264
Comments
Can you explain what exactly you had to solve ? I run this container with the latest version of |
@buchdag In my case, If the path is not corrected (in the
I am not expert, but this is what I think is happening: since this change to nginx.tmpl: nginx-proxy/nginx-proxy@02121df#diff-6c19a779564e1e2f88854a4a2fffbb78, which adds the default should be updated with the correct path to Or maybe should it be the other way round : https://github.com/jwilder/nginx-proxy/blob/master/nginx.tmpl#L45 should be update with the This is true for Have not tried using |
I really don't get how you end up with this error, I tried again with a fresh three container setup on a new VM and the latest nginx.tmpl, I did not manage to trigger it. In which case is this default dhparam file supposed to be used (by nginx) ? If you provide a certificate and a key but no dhparam ? |
Did you also manually generate |
So if I understand correctly, this default dhparam is used if you also have a (self signed, obviously) |
That is my understanding too. But I am no expert. I do not understand why this happens.... But I guess a ver small amount of people is in my situation and would not notice this happening (i.e.: generating self signed default certs to achieve this nginx-proxy/nginx-proxy#950 There is either a problem somewhere or it is me doing something wrong... |
Can you give a try to this diff from the latest
|
BTW:
Because of 1), if you use |
OK with your modified I think I understand what you mean, although, I am using |
I don't think you are doing anything wrong, I mean when the dhparam stuff was added to The problem would be exactly the same if you didn't use I'll submit a PR for this change to the If you still want better security with your self signed SSL, you can create a DH parameter file with this command:
and then mount it inside you nginx container:
|
I can now rest in peace :) |
Should I close this or you want to reference it in your PR? |
@buchdag Thanks for the help closing this issue. |
@slyrus nginx-proxy/nginx-proxy#955 took care of this issue, could you close please ? |
My previous workflow had me creating certs/dhparam.pem. Apparently new (?) nginx images look for /etc/nginx/dhparam/dhparam.pem instead of /etc/nginx/certs/dhparam.pem.
I've solved this by creating the dhparam directory and adding a volume for it in the nginx container.
If my interpretation is correct, can you update the documentation?
The text was updated successfully, but these errors were encountered: