security scores and TLS config

jstephens nginx-forum at
Tue Jul 10 12:07:03 UTC 2018

With some experience in F5 and NetScaler world but still new to Nginx I have
been tasked with migrating 50+ public URLs to NGINX Plus configured as
keepalived HA pair.  What would be best SSL configuration to achieve highest
security scores from Qaulys SSLLabs or BitSight ?  Can someone recommend or
share current best SSL config ?  

Alos, as for overall design what is an optimal design in such case ?
1.  Single keepalived IP with server_name directives or separate IP for each
URL ?  If separate IPs, do i have to list them in keepalived config ?
2.  Is single SSL config file possible to share the same encryption settings
across all URLs ?

Obviously my goal here is to achieve high availability with A+ security

Any help will be highly appreciated.

Posted at Nginx Forum:,280475,280475#msg-280475

More information about the nginx mailing list