From 1234a2757b1fceca92c5367354d870586e9c3ba9 Mon Sep 17 00:00:00 2001
From: Darnell Andries <dandries@brave.com>
Date: Tue, 1 Aug 2023 14:22:27 -0700
Subject: [PATCH] Improve nginx configuration, add mock cert fp

---
 misc/temporary-enclave-bypass/nginx.conf | 20 ++++++++++++++++----
 start.sh                                 |  2 +-
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/misc/temporary-enclave-bypass/nginx.conf b/misc/temporary-enclave-bypass/nginx.conf
index 74f5b1ee..c9c62715 100644
--- a/misc/temporary-enclave-bypass/nginx.conf
+++ b/misc/temporary-enclave-bypass/nginx.conf
@@ -1,11 +1,21 @@
-worker_processes 10;
-worker_rlimit_nofile 8192;
+worker_processes 16;
 
 events {
     worker_connections 4096;
 }
 
 http {
+    sendfile on;
+    access_log off;
+    error_log off;
+    keepalive_requests 100000;
+    keepalive_timeout 60;
+
+    upstream keepalive-upstream {
+      server 127.0.0.1:8081;
+      keepalive 200;
+    }
+
     server {
         listen 8080;
 
@@ -13,9 +23,11 @@ http {
             proxy_pass https://127.0.0.1:8443;
     		proxy_ssl_verify off;
         }
-
+        
         location / {
-            proxy_pass http://127.0.0.1:8081;
+            proxy_pass http://keepalive-upstream;
+            proxy_http_version 1.1;
+            proxy_set_header Connection "";
         }
     }
 }
diff --git a/start.sh b/start.sh
index 0f6f89ba..18b1a8a2 100755
--- a/start.sh
+++ b/start.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 nitriding \
-	-acme \
+	-mock-cert-fp "D87B0D697A90A2503F68E406CC8AFC26F2470F82F707D8E66616BA888B1B43C0" \
 	-fqdn "star-randsrv.bsg.brave.com" \
 	-appurl "https://github.com/brave/star-randsrv" \
 	-appwebsrv "http://127.0.0.1:8080" \