From 11d495a649e491088e64ab633ef8e4b7d4428fe4 Mon Sep 17 00:00:00 2001
From: Deon George <deon@leenooks.net>
Date: Mon, 9 Jul 2018 16:44:28 +1000
Subject: [PATCH] Add dhparams.pem and change default ssl perms

---
 Dockerfile                           |  1 +
 etc/nginx/default.d/ssl/dhparams.pem | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 etc/nginx/default.d/ssl/dhparams.pem

diff --git a/Dockerfile b/Dockerfile
index 573d7c8..55b237e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,7 @@
 FROM nginx:latest
 COPY etc/nginx/default.d /etc/nginx/default.d
 COPY var/www/maintenance /var/www/maintenance
+RUN chmod 444 /etc/nginx/default.d/ssl/* && chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem
 
 RUN echo "deb http://ftp.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list \
 	&& apt-get update && apt-get -t stretch-backports install certbot -yy \
diff --git a/etc/nginx/default.d/ssl/dhparams.pem b/etc/nginx/default.d/ssl/dhparams.pem
new file mode 100644
index 0000000..f1381e6
--- /dev/null
+++ b/etc/nginx/default.d/ssl/dhparams.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA+uukfVDx426F/nezqMGrwMfFH5ZqL0wcB/oWl/xHkV1FOn4zX8xi
+9H7Co0HpGqt1Km2Wdu4SAYSshkajk276zwUfJ3l5QZ8e5rvBboxJ6bs6LGEOO7Uc
+EmQQcCxemD1qR81wRh/FYM+B3DymZxtW8xzx9Ns+6wyiu6WMGCQvA5OAva8s91Vg
+ElvpxZ733mmGhkU6K+yaPwGnxj0jmCf8OWFsZKR9AjFags9gkLXwxKlY8HORhxii
+SPg9Iy4Bjo89TsEObhrdjfAYa9hG9g+1Woy7o9gY1Vwk84rUlHVqM4Vb+gwlmXBi
+ZIO2/QHn7He1U9Ich7PPOCzXjreOYJobDPf6aPp2osC5FURwPJc/sCos7UxGKpuh
+MBlS1fTK/y5lCHXt3JgeELiMRwPeYY/q4wocQdHHtSi2k5wXRgj8tQFNfoRDybwh
+aoXY7gdC4fa8VpaiqBIMXczEE7D+P/XDW3wDCE3X2V5D5LNXNWurIdspRD5mCjkz
+DuG7Mczjf+i0ghus34zP7aCL8jgPWYWz46Uul/H8K1/KpJvjmGL0ZRNx5hAnwdxE
+wF9XZC1tPVwio40Ck3RkULhBQ17KONupu1AQ0W/M6mkDsMY6UAHZBXYv5bPL4KIF
+gxpOkish6y3Z0WYv9F3kb3ctv+FGKWhzvIAeg/2ahyQJOT3Z03gJyVsCAQI=
+-----END DH PARAMETERS-----