diff --git a/compose/config_static/http_server.conf b/compose/config_static/http_server.conf
index 3814d264..41853d41 100644
--- a/compose/config_static/http_server.conf
+++ b/compose/config_static/http_server.conf
@@ -10,7 +10,7 @@ server {
   ssl_certificate_key cert/server.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
-  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
+  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE:!DES:!ECDHE-RSA-DES-CBC3-SHA;
   add_header Strict-Transport-Security "max-age=31536000";
 
   client_max_body_size 5000m;
@@ -57,7 +57,12 @@ server {
 	proxy_set_header X-Real-IP $remote_addr;
 	proxy_set_header Host $host;
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	access_log off;
+
+	proxy_ignore_client_abort on;
+	proxy_connect_timeout 600;
+	proxy_send_timeout 600;
+	proxy_read_timeout 600;
+	send_timeout 6000;
   }
 
   # OmniDB 配置
diff --git a/config_init/nginx/lb_http_server.conf b/config_init/nginx/lb_http_server.conf
index 700e39ed..8cdbf2f4 100644
--- a/config_init/nginx/lb_http_server.conf
+++ b/config_init/nginx/lb_http_server.conf
@@ -21,7 +21,7 @@ server {
   ssl_session_cache shared:MozSSL:10m;
   ssl_session_tickets off;
   ssl_protocols TLSv1.1 TLSv1.2;
-  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
+  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE:!DES:!ECDHE-RSA-DES-CBC3-SHA;
   add_header Strict-Transport-Security "max-age=31536000" always;
   ssl_prefer_server_ciphers off;
 
diff --git a/scripts/utils.sh b/scripts/utils.sh
index f48d4f12..64ae9c7e 100755
--- a/scripts/utils.sh
+++ b/scripts/utils.sh
@@ -405,7 +405,7 @@ function check_ipv6_iptables_if_need() {
   use_ipv6=$(get_config USE_IPV6)
   subnet_ipv6=$(get_config DOCKER_SUBNET_IPV6)
   if [[ "${use_ipv6}" == "1" ]]; then
-    if ! ip6tables -t nat -L | grep "${subnet_ipv6}"; then
+    if [[ ! "$(ip6tables -t nat -L | grep "${subnet_ipv6}")" ]]; then
       ip6tables -t nat -A POSTROUTING -s "${subnet_ipv6}" -j MASQUERADE
     fi
   fi