Intellection · zacblazic · Mar 3, 2021 · Feb 25, 2021 · Feb 25, 2021 · Mar 1, 2021
@@ -1,18 +1,33 @@
+daemon off;
+
+worker_processes auto;
+worker_shutdown_timeout 240s;
+
+events {
+  multi_accept        on;
+  worker_connections  16384;
+  use                 epoll;
+}
+
 http {
   include /etc/nginx/mime.types;
   include /etc/nginx/log.conf;
 
+  aio       threads;
+  aio_write on;
+
   server_tokens           off;
   sendfile                on;
   tcp_nopush              on;
+  tcp_nodelay             on;
 
   client_max_body_size    500m;
-  client_body_buffer_size 128k;
-  client_body_timeout     300s;
-  client_header_timeout   605s;
-  keepalive_timeout       605s;
-  proxy_connect_timeout   60s;
-  proxy_read_timeout      600s;
+  client_body_buffer_size 16k;
+  client_body_timeout     60s;
+  client_header_timeout   60s;
+  keepalive_timeout       75s;
+  proxy_connect_timeout   5s;
+  proxy_read_timeout      60s;
   proxy_send_timeout      60s;
   send_timeout            60s;
 
@@ -48,6 +63,9 @@ http {
   proxy_set_header    Connection          "";
   proxy_set_header    Host                $host;
 
+  # Mitigate httpoxy vulnerability
+  proxy_set_header    Proxy               "";
+
   proxy_set_header    X-Real-IP           $remote_addr;
   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
   proxy_set_header    X-Forwarded-Proto   $proxy_x_forwarded_proto;
@@ -59,11 +77,13 @@ http {
   include /etc/nginx/app.conf;
 
   server {
-      listen 18081 default_server;
+    listen 18081 default_server;
+
+    access_log off;
+    keepalive_timeout 0;
 
-      location /healthz {
-          access_log off;
-          return 200;
-      }
+    location /healthz {
+      return 200;
+    }
   }
 }