use lsio wheel index, use ffdhe4096 per rfc7919

Author: aptalca

Dockerfile

@@ -96,7 +96,7 @@ RUN \
   fi && \
   pip3 install -U \
     pip && \
-  pip3 install -U \
+  pip3 install -U --find-links https://wheel-index.linuxserver.io/alpine/ \
     ${CERTBOT} \
     certbot-dns-aliyun \
     certbot-dns-cloudflare \
@@ -140,9 +140,6 @@ RUN \
     /defaults/proxy-confs --strip-components=1 --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
   echo "**** configure nginx ****" && \
   rm -f /etc/nginx/conf.d/default.conf && \
-  curl -o \
-    /defaults/dhparams.pem -L \
-    "https://lsio.ams3.digitaloceanspaces.com/dhparams.pem" && \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \

Dockerfile.aarch64

@@ -96,7 +96,7 @@ RUN \
   fi && \
   pip3 install -U \
     pip && \
-  pip3 install -U \
+  pip3 install -U --find-links https://wheel-index.linuxserver.io/alpine/ \
     ${CERTBOT} \
     certbot-dns-aliyun \
     certbot-dns-cloudflare \
@@ -140,9 +140,6 @@ RUN \
     /defaults/proxy-confs --strip-components=1 --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
   echo "**** configure nginx ****" && \
   rm -f /etc/nginx/conf.d/default.conf && \
-  curl -o \
-    /defaults/dhparams.pem -L \
-    "https://lsio.ams3.digitaloceanspaces.com/dhparams.pem" && \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \

Dockerfile.armhf

@@ -96,7 +96,7 @@ RUN \
   fi && \
   pip3 install -U \
     pip && \
-  pip3 install -U \
+  pip3 install -U --find-links https://wheel-index.linuxserver.io/alpine/ \
     ${CERTBOT} \
     certbot-dns-aliyun \
     certbot-dns-cloudflare \
@@ -140,9 +140,6 @@ RUN \
     /defaults/proxy-confs --strip-components=1 --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
   echo "**** configure nginx ****" && \
   rm -f /etc/nginx/conf.d/default.conf && \
-  curl -o \
-    /defaults/dhparams.pem -L \
-    "https://lsio.ams3.digitaloceanspaces.com/dhparams.pem" && \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \

root/defaults/dhparams.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
+-----END DH PARAMETERS-----

root/etc/cont-init.d/50-config

@@ -105,11 +105,7 @@ fi
 [[ ! -f /config/nginx/dhparams.pem ]] && \
     cp /defaults/dhparams.pem /config/nginx/dhparams.pem
 if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
-    curl -o /config/nginx/dhparams.pem -L "https://lsio.ams3.digitaloceanspaces.com/dhparams.pem"
-fi
-if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
-    echo "Generating dhparams.pem. This will take a long time. Do not stop the container until this process is completed."
-    openssl dhparam -out /config/nginx/dhparams.pem 4096
+    curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt"
 fi
 
 # check to make sure DNSPLUGIN is selected if dns validation is used