Merge pull request #251 from XPLOT1ON/DH_PARAM_OVERRIDE

buchdag · web-flow · commit cf77c7ea0288 · 2018-02-18T19:07:47.000+01:00
Add ability to override default DHPARAM_BITS of 2048
diff --git a/README.md b/README.md
@@ -219,6 +219,8 @@ $ docker run -d \
   * No value (empty, not  set): no change in behavior.
   * `ecs` [Amazon ECS using ECS_CONTAINER_METADATA_FILE environment variable](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-metadata.html)
 
+* `DHPARAM_BITS` - Change the size of the Diffie-Hellman key generated by the container from the default value of 2048 bits. For example `-e DHPARAM_BITS=1024` to support some older clients like Java 6 and 7.
+
 #### Examples:
 
 If you want other examples how to use this container, look at:
diff --git a/app/entrypoint.sh b/app/entrypoint.sh
@@ -77,9 +77,15 @@ function check_writable_directory {
 }
 
 function check_dh_group {
+    local DHPARAM_BITS="${DHPARAM_BITS:-2048}"
+    re='^[0-9]*$'
+    if ! [[ "$DHPARAM_BITS" =~ $re ]] ; then
+       echo "Error: invalid Diffie-Hellman size of $DHPARAM_BITS !" >&2
+       exit 1
+    fi
     if [[ ! -f /etc/nginx/certs/dhparam.pem ]]; then
         echo "Creating Diffie-Hellman group (can take several minutes...)"
-        openssl dhparam -out /etc/nginx/certs/.dhparam.pem.tmp 2048
+        openssl dhparam -out /etc/nginx/certs/.dhparam.pem.tmp $DHPARAM_BITS
         mv /etc/nginx/certs/.dhparam.pem.tmp /etc/nginx/certs/dhparam.pem || exit 1
     fi
 }
