Increase the nginx diffie hellman parameter generate command bitrate to 4096 and add a line to the readme

This commit is contained in:
Kevin MacMartin 2016-04-28 00:14:19 -04:00
parent 14b623547f
commit be8084e374
2 changed files with 6 additions and 5 deletions

View file

@ -25,10 +25,11 @@ nginx, php, systemd
4. Rename `/etc/nginx/sites-available/REPLACEME.TLD.conf` so that `REPLACEME.TLD` is replaced with the FQDN 4. Rename `/etc/nginx/sites-available/REPLACEME.TLD.conf` so that `REPLACEME.TLD` is replaced with the FQDN
5. Add your site files to `/srv/http/REPLACEME.TLD` where public assets are located in `/srv/http/REPLACEME.TLD/public` (replacing `REPLACEME.TLD` with the FQDN) 5. Add your site files to `/srv/http/REPLACEME.TLD` where public assets are located in `/srv/http/REPLACEME.TLD/public` (replacing `REPLACEME.TLD` with the FQDN)
6. Create a symlink from `/etc/nginx/sites-available/REPLACEME.tld.conf` to `/etc/nginx/sites-enabled/REPLACEME.tld.conf` (replacing `REPLACEME.TLD` with the FQDN) 6. Create a symlink from `/etc/nginx/sites-available/REPLACEME.tld.conf` to `/etc/nginx/sites-enabled/REPLACEME.tld.conf` (replacing `REPLACEME.TLD` with the FQDN)
7. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors 7. Run `openssl dhparam -out /etc/nginx/dhparam.pem 4096` to generate the diffie-hellman parameter
8. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the web services at boot 8. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors
9. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates 9. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the web services at boot
10. Run `systemctl enable letsencrypt.timer` to enable the auto-renewal process 10. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates
11. Run `systemctl enable letsencrypt.timer` to enable the auto-renewal process
### MySQL Config ### MySQL Config

View file

@ -33,7 +33,7 @@ server {
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
# Generate with: openssl dhparam -out /etc/nginx/dhparam.pem 2048 # Generate with: openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_dhparam /etc/nginx/dhparam.pem; ssl_dhparam /etc/nginx/dhparam.pem;
# Mozilla "Intermediate configuration" copied from https://mozilla.github.io/server-side-tls/ssl-config-generator/ # Mozilla "Intermediate configuration" copied from https://mozilla.github.io/server-side-tls/ssl-config-generator/