diff --git a/nginx.conf b/nginx.conf
index 13b0735..b19e778 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,12 +1,39 @@
 worker_processes 1;
 
 events {
+    worker_connections 2048;
+    multi_accept on;
 }
 
 http {
+    client_header_timeout 10s;
+    client_body_timeout 10s;
+    send_timeout 10s;
+    reset_timedout_connection on;
+
+    proxy_buffer_size 128k;
+    proxy_buffers 4 256k;
+    proxy_busy_buffers_size 256k;
+
+    gzip on;
+    gzip_comp_level 4;
+    gzip_min_length 1000;
+    gzip_proxied any;
+    gzip_types *;
+
+    access_log log/access.log combined buffer=128k flush=5m;
+    error_log log/error.log error;
+
     server_tokens off;
     charset utf-8;
 
+    limit_conn_zone $binary_remote_addr zone=addr_conn:10m;
+    limit_conn_status 444;
+    limit_conn addr_conn 100;
+    limit_req_zone $binary_remote_addr zone=addr_req:10m rate=100r/s;
+    limit_req_status 444;
+    limit_req zone=addr_req burst=20 nodelay;
+
     types {
         text/html html;
         text/css css;
@@ -27,15 +54,6 @@ http {
 
         root ui;
 
-        gzip on;
-        gzip_comp_level 4;
-        gzip_min_length 1000;
-        gzip_proxied any;
-        gzip_types *;
-
-        access_log log/access.log combined buffer=64k flush=5m;
-        error_log log/error.log error;
-
         location = / {
             try_files /index.html =404;
         }
diff --git a/nginx.ssl.conf b/nginx.ssl.conf
index 81eaf27..38fb599 100644
--- a/nginx.ssl.conf
+++ b/nginx.ssl.conf
@@ -1,12 +1,39 @@
 worker_processes auto;
 
 events {
+    worker_connections 2048;
+    multi_accept on;
 }
 
 http {
+    client_header_timeout 10s;
+    client_body_timeout 10s;
+    send_timeout 10s;
+    reset_timedout_connection on;
+
+    proxy_buffer_size 128k;
+    proxy_buffers 4 256k;
+    proxy_busy_buffers_size 256k;
+
+    gzip on;
+    gzip_comp_level 4;
+    gzip_min_length 1000;
+    gzip_proxied any;
+    gzip_types *;
+
+    access_log log/access.log combined buffer=128k flush=5m;
+    error_log log/error.log error;
+
     server_tokens off;
     charset utf-8;
 
+    limit_conn_zone $binary_remote_addr zone=addr_conn:10m;
+    limit_conn_status 444;
+    limit_conn addr_conn 100;
+    limit_req_zone $binary_remote_addr zone=addr_req:10m rate=100r/s;
+    limit_req_status 444;
+    limit_req zone=addr_req burst=20 nodelay;
+
     types {
         text/html html;
         text/css css;
@@ -40,23 +67,14 @@ http {
         ssl_protocols TLSv1.2 TLSv1.3;
         ssl_certificate ssl/ismist.cn.crt;
         ssl_certificate_key ssl/ismist.cn.key;
-        ssl_session_cache shared:SSL:10m;
-        ssl_session_timeout 10m;
-        ssl_session_tickets on;
+        ssl_session_cache shared:SSL:50m;
+        ssl_session_timeout 1d;
+        ssl_session_tickets off;
         ssl_stapling on;
         ssl_stapling_verify on;
 
         root ui;
 
-        gzip on;
-        gzip_comp_level 4;
-        gzip_min_length 1000;
-        gzip_proxied any;
-        gzip_types *;
-
-        access_log log/access.log combined buffer=64k flush=5m;
-        error_log log/error.log error;
-
         location = / {
             try_files /index.html =404;
         }