asif/nginx-basic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added dhparam generation section and report

Browse Source
This commit is contained in:
Asif Bacchus 2019-01-05 18:46:53 -07:00
parent 441ee56ea2
commit ccca60b927
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.vscode/numbered-bookmarks.json vendored
View File

@ -11,7 +11,7 @@
-1,
-1,
-1,
636,
659,
625
]
}

23
setup.sh
View File

@ -373,7 +373,7 @@ fi
# dhparam: get location of DH Parameters file
echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL"
echo "communication more secure by helping to generate unique safe large prime"
echo "numbers. You shouldn't use any pre-installed dhparams.pem files. You should"
echo "numbers. You shouldn't use any pre-installed dhparam.pem files. You should"
echo "always generate your own. If you haven't done that already and would like this"
echo -e "script to do it for you, please type ${warn}generate${mag} at the prompt instead"
echo -e "of a path${norm}\n"
@ -578,7 +578,7 @@ fi
### Write configurations to template files
# let user know what's happening
echo -e "\n${mag}---------------------${norm}"
echo -e "${cyan}Updating template files now"
echo -e "${cyan}Updating template files now...${norm}"
# copy template files to working versions
echo "copying files to dedicated directory for customization"
@ -638,6 +638,25 @@ echo -e "${cyan}...Template files updated${norm}"
echo -e "\n${mag}---------------------${norm}"
# notify user and generate DHParms if necessary, otherwise end reporting section
if [ "${generateDH}" -eq 1 ]; then
echo -e "${cyan}Generating DH-Parameters file... this may take a while${norm}"
# delete existing (likely default) dhparam.pem
rm -f /etc/ssl/certs/dhparam.pem
# generate 4096-bit DHParams and store in /etc/ssl/certs/dhparam.pem
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
# verify non-zero length file generated
if [ -s "/etc/ssl/certs/dhparam.pem" ]; then
echo -e "${ok}-- dhparam.pem generated --${normal}"
else
echo -e "${err}-- error generating dhparam.pem --"
echo -e "you should manaully generate this file${norm}"
fi
# debug section
echo -e "\n${mag}---------------------${norm}"