Increase the nginx diffie hellman parameter generate command bitrate to 4096 and add a line to the readme
This commit is contained in:
parent
14b623547f
commit
be8084e374
2 changed files with 6 additions and 5 deletions
|
@ -25,10 +25,11 @@ nginx, php, systemd
|
||||||
4. Rename `/etc/nginx/sites-available/REPLACEME.TLD.conf` so that `REPLACEME.TLD` is replaced with the FQDN
|
4. Rename `/etc/nginx/sites-available/REPLACEME.TLD.conf` so that `REPLACEME.TLD` is replaced with the FQDN
|
||||||
5. Add your site files to `/srv/http/REPLACEME.TLD` where public assets are located in `/srv/http/REPLACEME.TLD/public` (replacing `REPLACEME.TLD` with the FQDN)
|
5. Add your site files to `/srv/http/REPLACEME.TLD` where public assets are located in `/srv/http/REPLACEME.TLD/public` (replacing `REPLACEME.TLD` with the FQDN)
|
||||||
6. Create a symlink from `/etc/nginx/sites-available/REPLACEME.tld.conf` to `/etc/nginx/sites-enabled/REPLACEME.tld.conf` (replacing `REPLACEME.TLD` with the FQDN)
|
6. Create a symlink from `/etc/nginx/sites-available/REPLACEME.tld.conf` to `/etc/nginx/sites-enabled/REPLACEME.tld.conf` (replacing `REPLACEME.TLD` with the FQDN)
|
||||||
7. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors
|
7. Run `openssl dhparam -out /etc/nginx/dhparam.pem 4096` to generate the diffie-hellman parameter
|
||||||
8. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the web services at boot
|
8. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors
|
||||||
9. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates
|
9. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the web services at boot
|
||||||
10. Run `systemctl enable letsencrypt.timer` to enable the auto-renewal process
|
10. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates
|
||||||
|
11. Run `systemctl enable letsencrypt.timer` to enable the auto-renewal process
|
||||||
|
|
||||||
### MySQL Config
|
### MySQL Config
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ server {
|
||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
|
|
||||||
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
|
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
|
||||||
# Generate with: openssl dhparam -out /etc/nginx/dhparam.pem 2048
|
# Generate with: openssl dhparam -out /etc/nginx/dhparam.pem 4096
|
||||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||||
|
|
||||||
# Mozilla "Intermediate configuration" copied from https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
# Mozilla "Intermediate configuration" copied from https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||||
|
|
Loading…
Reference in a new issue