Merge pull request #7 from tcpcloud/collectd_update
Global collectd update
diff --git a/nginx/files/_ssl_secure.conf b/nginx/files/_ssl_secure.conf
index b23bad0..cc1ae6e 100644
--- a/nginx/files/_ssl_secure.conf
+++ b/nginx/files/_ssl_secure.conf
@@ -1,6 +1,7 @@
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+#https://mozilla.github.io/server-side-tls/ssl-config-generator/
+ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp521r1;
ssl_dhparam /etc/ssl/dhparams.pem;
diff --git a/nginx/files/nginx.conf b/nginx/files/nginx.conf
index 3686872..856adab 100644
--- a/nginx/files/nginx.conf
+++ b/nginx/files/nginx.conf
@@ -1,8 +1,10 @@
{%- from "nginx/map.jinja" import server with context -%}
user {{ server.system_user }};
worker_processes {{ server.get('worker', {}).get('processes', 'auto') }};
+worker_rlimit_nofile {{ server.get('worker', {}).get('limit', {}).get('nofile', '20000') }};
pid /run/nginx.pid;
+
events {
worker_connections {{ server.get('worker', {}).get('connections', '1024') }};
# multi_accept on;
diff --git a/tests/pillar/static.sls b/tests/pillar/static.sls
index 4e565f2..1a40205 100644
--- a/tests/pillar/static.sls
+++ b/tests/pillar/static.sls
@@ -8,6 +8,9 @@
bind:
address: 127.0.0.1
protocol: tcp
+ worker:
+ limit:
+ nofile: 30000
site:
nginx_static_site01:
enabled: true