Add comment

sbcl-nginx.yml

@@ -288,6 +288,23 @@ runcmd:
   # Add cron job for automatic certificate renewal (runs once a month)
   - echo '0 0 1 * * root certbot renew --post-hook "systemctl reload nginx" >> /var/log/letsencrypt/letsencrypt-auto-renew.log' > /etc/cron.d/letsencrypt-renew
   # Download DHPARAM
+
+  # The Diffie-Hellman algorithm is used to establish a shared secret between two
+  # parties (typically a client and a server) over a public channel, and is a
+  # fundamental part of many cryptographic protocols, including HTTPS.
+
+  # However, generating Diffie-Hellman parameters can be computationally expensive,
+  # so pre-generated parameters are often used. Mozilla provides such pre-generated
+  # parameters, and they are considered to be trustworthy.
+
+  # The downloaded parameters are saved in a file named ssl-dhparam.pem in the
+  # /etc/letsencrypt directory. This file is then referenced in the configuration
+  # of services that use Diffie-Hellman key exchange, such as your Nginx server, to
+  # establish secure communications.
+
+  # This step is part of a broader effort to set up SSL/TLS securely on your
+  # server, enhancing the security of your connections.
+
   - curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/letsencrypt/ssl-dhparam.pem
   # Create a symlink for the configuration file
   - ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/