Nginx should user server ciphers for security
Nginx requests per keepalive connection is too small
Issue-ID: MSB-661
Signed-off-by: jinquanni <ni.jinquan@zte.com.cn>
Change-Id: Iec6f3d61e12a4a79e9a9d3301e694cdcf4a73d44
server_tokens off;
keepalive_timeout 120s;
- keepalive_requests 200;
+ keepalive_requests 2000;
types_hash_max_size 2048;
#open_file_cache max=200000 inactive=300s;
#the maximum allowed size of the client request body,current 10G
client_max_body_size 10240m;
client_body_buffer_size 128k;
-
+ssl_prefer_server_ciphers on;
#set conf for proxy pass
proxy_connect_timeout 5s;
proxy_read_timeout 1200s;
listen 443 ssl;
ssl_certificate ../ssl/cert/cert.crt;
ssl_certificate_key ../ssl/cert/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
include ../msb-enabled/location-default/msblocations.conf;
# Add below settings for making SDC to work