From a10d1b50bf7859d5b2c156c7a2a75192b12541d1 Mon Sep 17 00:00:00 2001
From: Kuo-Cheng Yeu <kmd@mikuru.tw>
Date: Thu, 21 May 2015 15:19:58 +0800
Subject: [PATCH 1/3] add support for ssl_dhparams to prevent 'Logjam' attack

---
 nginx.tmpl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index e7a4542..50574c4 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -105,6 +105,10 @@ server {
 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
 
+    {{ if (exists (printf "/etc/nginx/certs/%s.dhparams.pem" $cert)) }}
+    ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparams.pem" $cert }};
+    {{ end }}
+
 	add_header Strict-Transport-Security "max-age=31536000";
 
 	{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}

From da0191a778443692745845add08b1ff39d10b368 Mon Sep 17 00:00:00 2001
From: Kuo-Cheng Yeu <kmd@mikuru.tw>
Date: Thu, 21 May 2015 15:37:19 +0800
Subject: [PATCH 2/3] add 'Diffie-Hellman Groups' section in README.md

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index e4cfac3..b078315 100644
--- a/README.md
+++ b/README.md
@@ -83,6 +83,12 @@ hosts in use.  The certificate and keys should be named after the virtual host w
 `.key` extension.  For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
 `foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
 
+#### Diffie-Hellman Groups
+
+If you have Diffie-Hellman groups enabled, the files should be named after the virtual host with a
+`dhparams` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com`
+should have a `foo.bar.com.dhparams.pem` file in the certs directory.
+
 #### Wildcard Certificates
 
 Wildcard certificates and keys should be name after the domain name with a `.crt` and `.key` extension.

From d74a4146c82e14664bf7da80260b6e3a01be8276 Mon Sep 17 00:00:00 2001
From: Kuo-Cheng Yeu <kmd@mikuru.tw>
Date: Thu, 21 May 2015 23:43:09 +0800
Subject: [PATCH 3/3] fix indention, and file nameing

---
 README.md  | 4 ++--
 nginx.tmpl | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index b078315..8bab1ec 100644
--- a/README.md
+++ b/README.md
@@ -86,8 +86,8 @@ hosts in use.  The certificate and keys should be named after the virtual host w
 #### Diffie-Hellman Groups
 
 If you have Diffie-Hellman groups enabled, the files should be named after the virtual host with a
-`dhparams` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com`
-should have a `foo.bar.com.dhparams.pem` file in the certs directory.
+`dhparam` suffix and `.pem` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com`
+should have a `foo.bar.com.dhparam.pem` file in the certs directory.
 
 #### Wildcard Certificates
 
diff --git a/nginx.tmpl b/nginx.tmpl
index 50574c4..f674b49 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -105,9 +105,9 @@ server {
 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
 
-    {{ if (exists (printf "/etc/nginx/certs/%s.dhparams.pem" $cert)) }}
-    ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparams.pem" $cert }};
-    {{ end }}
+	{{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $cert)) }}
+	ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
+	{{ end }}
 
 	add_header Strict-Transport-Security "max-age=31536000";