diff --git a/data/templates/nginx/security.conf.inc b/data/templates/nginx/security.conf.inc
index e221dc0ff..9de40f9cf 100644
--- a/data/templates/nginx/security.conf.inc
+++ b/data/templates/nginx/security.conf.inc
@@ -15,6 +15,8 @@ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS
 ssl_prefer_server_ciphers off;
 
 # Pre-defined FFDHE group (RFC 7919)
+# From https://ssl-config.mozilla.org/ffdhe2048.txt
+# https://security.stackexchange.com/a/149818
 ssl_dhparam /etc/ssl/dh2048.pem;
 
 # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners