From 553d04cf4308b62109262c260384266becfa9f5f Mon Sep 17 00:00:00 2001 From: cubefoo Date: Sat, 22 Apr 2017 00:28:43 +0200 Subject: [PATCH] update nginx ssl config (#120) To further increase security add a strong Diffie-Hellman group, which is standard practice when setting up ssl certs. Anyone who can setup letsencrypt can also setup a DH group. --- Running-Mastodon/Production-guide.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Running-Mastodon/Production-guide.md b/Running-Mastodon/Production-guide.md index 6a57d013..53868da2 100644 --- a/Running-Mastodon/Production-guide.md +++ b/Running-Mastodon/Production-guide.md @@ -40,6 +40,7 @@ server { ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + ssl_dhparam /etc/ssl/certs/dhparam.pem; keepalive_timeout 70; sendfile on;