user nginx; worker_processes 6; error_log /data2/error.log warn; pid /data2/nginx.pid; daemon off; events { worker_connections 16384; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log off; default_type application/octet-stream; sendfile on; client_body_buffer_size 16k; # default 8K buffer may not be enough for larger requests gzip on; keepalive_timeout 60; upstream backend { server 127.0.0.1:81 max_fails=3 fail_timeout=10s; keepalive 8120; } server { listen 443; ssl on; ssl_certificate /data2/crt.pem; ssl_certificate_key /data2/prv.pem; # 1MB is about 4000 session -> 256MB --> 1M sessions ssl_session_cache shared:SSL:256m; ssl_session_timeout 10m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; #set up preference list, fastest first and disabling very slow ssl_ciphers AES128-SHA:AES256-SHA:RC4:TLSv1:!ADH:!aNULL:!DH:!EDH:!kEDH:!eNULL:!EXP:!NULL; #use my preference list to determine encryption instead of clients ssl_prefer_server_ciphers on; location / { proxy_pass http://backend; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; } } }