diff --git a/Dockerfile b/Dockerfile
index cb07ab1..33aeff1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -53,6 +53,4 @@ ADD /rootfs /
 RUN chown -R matrix-synapse:matrix-synapse /var/lib/matrix-synapse
 ENV HOME /var/lib/matrix-synapse
 
-EXPOSE 8448
-
 VOLUME /var/lib/matrix-synapse/media_store/ /var/lib/matrix-synapse/uploads /var/lib/matrix-synapse/signing/ /etc/ssl/matrix-synapse/ /var/lib/matrix-synapse/registrations/
diff --git a/rootfs/etc/confd/templates/server.yaml.tmpl b/rootfs/etc/confd/templates/server.yaml.tmpl
index 12613dd..62fff29 100644
--- a/rootfs/etc/confd/templates/server.yaml.tmpl
+++ b/rootfs/etc/confd/templates/server.yaml.tmpl
@@ -1,4 +1,5 @@
 tls_certificate_path: "/etc/ssl/matrix-synapse/{{getenv "CERT_DOMAIN"}}.crt"
+tls_dh_params_path: "/var/lib/matrix-synapse/signing/dhparams.pem"
 
 no_tls: True
 
diff --git a/rootfs/etc/cont-init.d/synapse-keys b/rootfs/etc/cont-init.d/synapse-keys
index b835538..5beb002 100644
--- a/rootfs/etc/cont-init.d/synapse-keys
+++ b/rootfs/etc/cont-init.d/synapse-keys
@@ -3,3 +3,12 @@
 if [ ! -f /var/lib/matrix-synapse/signing/signing.key ]; then
     s6-setuidgid matrix-synapse python -B -m synapse.app.homeserver -c /var/lib/matrix-synapse/server.yaml --generate-config -H $SERVER_NAME --report-stats=no
 fi
+
+if [ ! -f /var/lib/matrix-synapse/signing/dhparams.pem ]; then
+    openssl dhparam -out /var/lib/matrix-synapse/signing/dhparams.pem $DHPARAM_LENGTH
+fi
+
+chmod 755  "/etc/ssl/matrix-synapse/"
+if [ -f "/etc/ssl/matrix-synapse/$CERT_DOMAIN.crt"y ]; then
+    chmod 644 "/etc/ssl/matrix-synapse/$CERT_DOMAIN.crt"
+fi