From c11061542813d37da4beef9d25bee69a378b265e Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Mon, 12 May 2025 17:46:18 +0200 Subject: [PATCH 1/3] tweak name of dhparam.pem env var --- compose/.env-template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/.env-template b/compose/.env-template index d0af82b..c88f162 100644 --- a/compose/.env-template +++ b/compose/.env-template @@ -32,7 +32,7 @@ # SSL_INTEL_KEY Private key filename for the Intel certificate # (e.g. ssl-intel.key). # -# DHPARAM_PATH Diffie‑Hellman parameters file (e.g. dhparam.pem). +# DHPARAM_PEM Diffie‑Hellman parameters file (e.g. dhparam.pem). ############################################################################### COLLAB_FQDN=collab.example.com @@ -45,4 +45,4 @@ SSL_COLLAB_KEY=ssl-collab.key SSL_INTEL_CERT=ssl-intel.crt SSL_INTEL_KEY=ssl-intel.key -DHPARAM_PATH=dhparam.pem \ No newline at end of file +DHPARAM_PEM=dhparam.pem \ No newline at end of file From a041368ae363176b0eb04379afd6b2790d760f13 Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Mon, 12 May 2025 17:47:29 +0200 Subject: [PATCH 2/3] fix env var name in nginx template --- compose/nginx/nginx.conf.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/nginx/nginx.conf.template b/compose/nginx/nginx.conf.template index 4418cd7..707cfda 100644 --- a/compose/nginx/nginx.conf.template +++ b/compose/nginx/nginx.conf.template @@ -14,7 +14,7 @@ http { proxy_buffers 4 256k; ssl_certificate /etc/nginx/ssl/${SSL_COLLAB_CERT}; ssl_certificate_key /etc/nginx/ssl/${SSL_COLLAB_KEY}; - ssl_dhparam /etc/nginx/ssl/${DHPARAM_PATH}; + ssl_dhparam /etc/nginx/ssl/${DHPARAM_PAM}; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; @@ -58,7 +58,7 @@ http { # setup the SSL certificate ssl_certificate /etc/nginx/ssl/${SSL_INTEL_CERT}; ssl_certificate_key /etc/nginx/ssl/${SSL_INTEL_KEY}; - ssl_dhparam /etc/nginx/ssl/${DHPARAM_PATH}; + ssl_dhparam /etc/nginx/ssl/${DHPARAM_PAM}; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; From 60ce73dbacbb2f6c4e4f3333845ac84d4a53e2af Mon Sep 17 00:00:00 2001 From: Wojciech Galanciak Date: Mon, 12 May 2025 17:50:47 +0200 Subject: [PATCH 3/3] fix pam to pem --- compose/nginx/nginx.conf.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/nginx/nginx.conf.template b/compose/nginx/nginx.conf.template index 707cfda..a0e61d8 100644 --- a/compose/nginx/nginx.conf.template +++ b/compose/nginx/nginx.conf.template @@ -14,7 +14,7 @@ http { proxy_buffers 4 256k; ssl_certificate /etc/nginx/ssl/${SSL_COLLAB_CERT}; ssl_certificate_key /etc/nginx/ssl/${SSL_COLLAB_KEY}; - ssl_dhparam /etc/nginx/ssl/${DHPARAM_PAM}; + ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM}; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; @@ -58,7 +58,7 @@ http { # setup the SSL certificate ssl_certificate /etc/nginx/ssl/${SSL_INTEL_CERT}; ssl_certificate_key /etc/nginx/ssl/${SSL_INTEL_KEY}; - ssl_dhparam /etc/nginx/ssl/${DHPARAM_PAM}; + ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM}; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;