Generate DH parameters (dhparam.pem)

One of the things we can do to improve the security of our website is to generate our own DH parameters. What these parameters mean is decently explained HERE.

Genreate dhparam.pem

$ openssl dhparam -out dhparam.pem 4096

If you are generating directly into the /etc/nginx directory (only writable by root), you can use sudo, or if you don't want to elevate openssl for no reason, just generate the file to a writable location and copy it to /etc/nginx later on.

$ sudo openssl dhparam -out dhparam.pem 4096

Heads up – This will take a long time, especially on less powerful servers/VMs.

Add it to Nginx config

Open Nginx configuration file and add the path to dhparam.pem file under the server block.

$ sudo vi /etc/nginx/conf.d/your_config_file.conf

...
ssl_dhparam /etc/nginx/dhparam.pem;
...

Test the configuration to avoid mistakes (like forgetting ;) etc.

$ sudo nginx -t

Restart Nginx to apply the change:

$ sudo systemctl restart nginx

Upgrading Debian 10 (Buster) to Debian 11 (Bullseye)

Upgrading Debian kernel (5.4 to 5.10)

Upgrade Debian 10 to 11 (speedrun)

Enable backports in Debian 11

Enable testing repo in stable Debian 11

Missing /etc/nginx folder

Hide Nginx version

Generate DH parameters (dhparam.pem)

Edit /etc/passwd correctly

Create multiple parent directories with mkdir

Make a Linux VM template unique

Generate DH parameters (dhparam.pem)

Genreate dhparam.pem

Add it to Nginx config

No Comments