From be8084e37408938831c305e308bce03b3a0a31df Mon Sep 17 00:00:00 2001 From: Kevin MacMartin Date: Thu, 28 Apr 2016 00:14:19 -0400 Subject: [PATCH] Increase the nginx diffie hellman parameter generate command bitrate to 4096 and add a line to the readme --- README.md | 9 +++++---- nginx/sites-available/REPLACEME.TLD.conf | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7c57ca4..56b595e 100644 --- a/README.md +++ b/README.md @@ -25,10 +25,11 @@ nginx, php, systemd 4. Rename `/etc/nginx/sites-available/REPLACEME.TLD.conf` so that `REPLACEME.TLD` is replaced with the FQDN 5. Add your site files to `/srv/http/REPLACEME.TLD` where public assets are located in `/srv/http/REPLACEME.TLD/public` (replacing `REPLACEME.TLD` with the FQDN) 6. Create a symlink from `/etc/nginx/sites-available/REPLACEME.tld.conf` to `/etc/nginx/sites-enabled/REPLACEME.tld.conf` (replacing `REPLACEME.TLD` with the FQDN) -7. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors -8. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the web services at boot -9. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates -10. Run `systemctl enable letsencrypt.timer` to enable the auto-renewal process +7. Run `openssl dhparam -out /etc/nginx/dhparam.pem 4096` to generate the diffie-hellman parameter +8. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors +9. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the web services at boot +10. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates +11. Run `systemctl enable letsencrypt.timer` to enable the auto-renewal process ### MySQL Config diff --git a/nginx/sites-available/REPLACEME.TLD.conf b/nginx/sites-available/REPLACEME.TLD.conf index 4a00e81..23cffa9 100644 --- a/nginx/sites-available/REPLACEME.TLD.conf +++ b/nginx/sites-available/REPLACEME.TLD.conf @@ -33,7 +33,7 @@ server { ssl_session_cache shared:SSL:50m; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits - # Generate with: openssl dhparam -out /etc/nginx/dhparam.pem 2048 + # Generate with: openssl dhparam -out /etc/nginx/dhparam.pem 4096 ssl_dhparam /etc/nginx/dhparam.pem; # Mozilla "Intermediate configuration" copied from https://mozilla.github.io/server-side-tls/ssl-config-generator/