forked from openvinotoolkit/model_server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmodel_server.conf.template
81 lines (77 loc) · 2.77 KB
/
model_server.conf.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#
# Copyright (c) 2020 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
listen *:NGINX_LISTEN_GRPC_PORT ssl http2;
ssl_certificate /certs/server.pem;
ssl_certificate_key /certs/server.key;
ssl_client_certificate /certs/client_cert_ca.pem;
ssl_crl /certs/client_cert_ca.crl;
ssl_verify_client on;
ssl_verify_depth 1;
ssl_protocols TLSv1.2;
ssl_ciphers AES256+EECDH:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!AES128;
ssl_prefer_server_ciphers on;
ssl_dhparam /certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:12m;
ssl_session_timeout 12m;
ssl_ecdh_curve secp384r1:prime256v1;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
gzip off;
client_max_body_size 1G;
location / {
grpc_pass grpc://127.0.0.1:MODEL_SERVER_GRPC_PORT;
}
}
server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
listen *:NGINX_LISTEN_REST_PORT ssl;
ssl_certificate /certs/server.pem;
ssl_certificate_key /certs/server.key;
ssl_client_certificate /certs/client_cert_ca.pem;
ssl_crl /certs/client_cert_ca.crl;
ssl_verify_client on;
ssl_verify_depth 1;
ssl_protocols TLSv1.2;
ssl_ciphers AES256+EECDH:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!AES128;
ssl_prefer_server_ciphers on;
ssl_dhparam /certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:12m;
ssl_session_timeout 12m;
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
gzip off;
client_max_body_size 1G;
location / {
proxy_pass http://127.0.0.1:MODEL_SERVER_REST_PORT;
}
}