Skip to content

Commit

Permalink
Merge pull request #42 from radixdlt/feature/rfc-7919-dh-params
Browse files Browse the repository at this point in the history 
Use RFC 7919 DH parameters
  • Loading branch information
@shambupujar
shambupujar authored Mar 19, 2024
2 parents f223f68 + 056f799 commit b7f78de
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 10 deletions.
13 changes: 13 additions & 0 deletions certs/ffdhe4096.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----
2 changes: 1 addition & 1 deletion conf.d/enable-tls.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# test: https://www.ssllabs.com/ssltest/
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/secrets/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_dhparam /etc/nginx/certs/ffdhe4096.txt;
ssl_certificate /etc/nginx/secrets/server.pem;
ssl_certificate_key /etc/nginx/secrets/server.key;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
Expand Down
8 changes: 0 additions & 8 deletions docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,16 +101,8 @@ conf_file="metrics"
export INCLUDE_RADIXDLT_METRICS_API_ENABLE="include conf.d/${conf_file}.conf;"
DOLLAR='$' envsubst </etc/nginx/conf.d/${conf_file}.conf.envsubst >/etc/nginx/conf.d/${conf_file}.conf


DOLLAR='$' envsubst </etc/nginx/conf.d/nginx.conf.envsubst >/etc/nginx/nginx.conf

# nginx configuration
# Generate dhparam.pem if not pre-configured
if [ ! -f /etc/nginx/secrets/dhparam.pem ]; then
# TODO: increase to 2048 for Beta
openssl dhparam -out /etc/nginx/secrets/dhparam.pem 1024
fi

# Generate certificates if not pre-configured
if [ ! -f /etc/nginx/secrets/server.pem -o ! -f /etc/nginx/secrets/server.key ]; then
# remove old links
Expand Down
2 changes: 1 addition & 1 deletion generate_artifact.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ mv ${PWD}/nginx.conf ${PWD}/$nginx_file_name
sed -i "s|user nginx;|include \/etc\/nginx\/modules-enabled\/*.conf;|g" ${PWD}/$nginx_file_name
#Change /dev/stdout
sed -i "s|\/dev\/stdout|\/var\/log\/nginx\/access.log|g" ${PWD}/$nginx_file_name
zip -r babylon-nginx-fullnode-conf.zip conf.d/ nginx-fullnode.conf
zip -r babylon-nginx-fullnode-conf.zip conf.d/ certs/ nginx-fullnode.conf
#Cleanup
rm nginx-fullnode.conf

0 comments on commit b7f78de

Please sign in to comment.