diff --git a/compose/.env-template b/compose/.env-template index d0af82b..c88f162 100644 --- a/compose/.env-template +++ b/compose/.env-template @@ -32,7 +32,7 @@ # SSL_INTEL_KEY Private key filename for the Intel certificate # (e.g. ssl-intel.key). # -# DHPARAM_PATH Diffie‑Hellman parameters file (e.g. dhparam.pem). +# DHPARAM_PEM Diffie‑Hellman parameters file (e.g. dhparam.pem). ############################################################################### COLLAB_FQDN=collab.example.com @@ -45,4 +45,4 @@ SSL_COLLAB_KEY=ssl-collab.key SSL_INTEL_CERT=ssl-intel.crt SSL_INTEL_KEY=ssl-intel.key -DHPARAM_PATH=dhparam.pem \ No newline at end of file +DHPARAM_PEM=dhparam.pem \ No newline at end of file diff --git a/compose/nginx/nginx.conf.template b/compose/nginx/nginx.conf.template index 4418cd7..a0e61d8 100644 --- a/compose/nginx/nginx.conf.template +++ b/compose/nginx/nginx.conf.template @@ -14,7 +14,7 @@ http { proxy_buffers 4 256k; ssl_certificate /etc/nginx/ssl/${SSL_COLLAB_CERT}; ssl_certificate_key /etc/nginx/ssl/${SSL_COLLAB_KEY}; - ssl_dhparam /etc/nginx/ssl/${DHPARAM_PATH}; + ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM}; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; @@ -58,7 +58,7 @@ http { # setup the SSL certificate ssl_certificate /etc/nginx/ssl/${SSL_INTEL_CERT}; ssl_certificate_key /etc/nginx/ssl/${SSL_INTEL_KEY}; - ssl_dhparam /etc/nginx/ssl/${DHPARAM_PATH}; + ssl_dhparam /etc/nginx/ssl/${DHPARAM_PEM}; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;