Proxy : Add a guide to generate self-signed ssl keys.
This commit is contained in:
parent
e9762dd4b9
commit
a8194a669d
|
@ -1,3 +1,14 @@
|
||||||
|
# NOTE: To generate self-signed certs use: `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./privkey.pem -out ./fullchain.pem`
|
||||||
|
# For dhparams: `openssl dhparam -out ./ssl-dhparam.pem 4096`
|
||||||
|
# Example for options-ssl-nginx.conf:
|
||||||
|
# ```
|
||||||
|
# ssl_session_cache shared:le_nginx_SSL:10m;
|
||||||
|
# ssl_session_timeout 1440m;
|
||||||
|
# ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
# ssl_prefer_server_ciphers off;
|
||||||
|
# ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||||
|
# ```
|
||||||
|
# For certbot to generate new keys: `certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.voronind.com" -d voronind.com`
|
||||||
{ domain, util, container, pkgs, ... } @args: let
|
{ domain, util, container, pkgs, ... } @args: let
|
||||||
cfg = container.config.proxy;
|
cfg = container.config.proxy;
|
||||||
virtualHosts = util.catSet (util.ls ./proxy/host) args;
|
virtualHosts = util.catSet (util.ls ./proxy/host) args;
|
||||||
|
|
Loading…
Reference in a new issue