diff --git a/docker-compose.yml b/docker-compose.yml
index c549128..a422462 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,6 +21,7 @@ services:
       - ${NGINX_MATTERMOST_CONFIG}:/etc/nginx/conf.d/mattermost.conf:ro
       - ${LETSENCRYPT_FULLCHAIN_PATH}:/fullchain.pem:ro
       - ${LETSENCRYPT_PRIVKEY_PATH}:/privkey.pem:ro
+      - ${NGINX_DHPARAMS_FILE}:/dhparams4096.pem
       - /etc/localtime:/etc/localtime:ro
     ports:
       - ${HTTPS_PORT}:443
diff --git a/env.example b/env.example
index 4f2e694..af1b302 100644
--- a/env.example
+++ b/env.example
@@ -17,6 +17,7 @@ POSTGRES_DATA_PATH=./data/postgres  # relative paths will work but absolute are
 NGINX_MATTERMOST_CONFIG=./nginx/mattermost.conf
 LETSENCRYPT_FULLCHAIN_PATH=./certs/fullchain.pem
 LETSENCRYPT_PRIVKEY_PATH=./certs/privkey.pem
+NGINX_DHPARAMS_FILE=./nginx/dhparams4096.pem
 ## Exposed ports to the host. Inside the container 80 and 443 will be used
 HTTPS_PORT=443
 HTTP_PORT=80
diff --git a/nginx/dhparams4096.pem b/nginx/dhparams4096.pem
new file mode 100644
index 0000000..76f35f3
--- /dev/null
+++ b/nginx/dhparams4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAj9mn32DwQTAzqQqtvRwzeh2Yxg0UHFmoejLds9qYxnrxS9SWl8OJ
+rpx9xo1hb077DnfQ9RE9Dr/p5T4B7y7RhSfNBYqLt6nxTkHgUjvQBQI4K6Rfz6iQ
+G2miTrAatwQ2PSZcMPNme4FVh5USe2ppjYl+EqLUex0hNyxcV9U8PdG/TFcaje6g
+dgc3SQU6zSk+YK9aKfEFwO4YbfJbrun+t1UIoMtWAAicrF3vygzCRx02/uzGUvlf
+pvtsjYwcXFizU5rd+JQ/jomEO5lUUp4FuvlzcT6orPeJe5afKrxG092yHp+qgdCg
+QrmrWy9RZFzRxoHPzW1zreinUvqP8qemCBX4J+qgxtqGM+c6aTDsfq5G/YWmVeYT
+ue2pFhX+lWBDsPELvzUbuceehmCWjdoII0iDoUHqRqMiZVMjVLiVtd1YhNa41tWZ
+kO+EhZkg8rPC/7oqehEx2GOXfjZzA/8+t1YCbhAsL4/wpbuynVgZ3TNR+nVfKs5d
+2Bht+dWfSNpuYyK6oDerycnDRF/cmEGHg0E419H9UPAHktS9ZYGhq7nIgrBiuE1P
+PO01p/rXYKGaDqFAK3F86aGxj0+2Am5TfSMiSNobDMp61IRt0P/T0vp2ZE5wpzS+
+39QGrQpJ8phAr8PE7Q9bo4Z+qabBn+aJkAsFH+M4IkX0JYEjk3wpMssCAQI=
+-----END DH PARAMETERS-----
diff --git a/nginx/mattermost.conf b/nginx/mattermost.conf
index cc7c0b2..9773f5b 100644
--- a/nginx/mattermost.conf
+++ b/nginx/mattermost.conf
@@ -27,9 +27,7 @@ server {
     listen [::]:443 ssl http2;
 
     ## ssl
-    # to generate the DH params execute: openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096
-    # with 4096 bits this can take a while; 2048 would be sufficient as well
-    #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+    ssl_dhparam /dhparams4096.pem;
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
     ssl_session_tickets off;