diff --git a/nginx/fastcgi_params b/nginx/fastcgi_params index 28decb9..69c4387 100644 --- a/nginx/fastcgi_params +++ b/nginx/fastcgi_params @@ -17,6 +17,7 @@ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param REMOTE_USER $remote_user; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; diff --git a/nginx/mime.types b/nginx/mime.types index 1c00d70..692b16c 100644 --- a/nginx/mime.types +++ b/nginx/mime.types @@ -1,99 +1,96 @@ types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; - font/woff woff; - font/woff2 woff2; + font/woff woff; + font/woff2 woff2; - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; } diff --git a/nginx/conf.d/default.conf b/nginx/nginx.bak-revert-debian/conf.d/default.conf similarity index 100% rename from nginx/conf.d/default.conf rename to nginx/nginx.bak-revert-debian/conf.d/default.conf diff --git a/nginx/conf.d/zabbix-nginx-status.conf b/nginx/nginx.bak-revert-debian/conf.d/zabbix-nginx-status.conf similarity index 100% rename from nginx/conf.d/zabbix-nginx-status.conf rename to nginx/nginx.bak-revert-debian/conf.d/zabbix-nginx-status.conf diff --git a/nginx/nginx.bak-revert-debian/fastcgi.conf b/nginx/nginx.bak-revert-debian/fastcgi.conf new file mode 100644 index 0000000..d53a628 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/fastcgi.conf @@ -0,0 +1,27 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param REMOTE_USER $remote_user; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/fastcgi_params b/nginx/nginx.bak-revert-debian/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/koi-utf b/nginx/nginx.bak-revert-debian/koi-utf new file mode 100644 index 0000000..e7974ff --- /dev/null +++ b/nginx/nginx.bak-revert-debian/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/nginx/nginx.bak-revert-debian/koi-win b/nginx/nginx.bak-revert-debian/koi-win new file mode 100644 index 0000000..72afabe --- /dev/null +++ b/nginx/nginx.bak-revert-debian/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/nginx/nginx.bak-revert-debian/mime.types b/nginx/nginx.bak-revert-debian/mime.types new file mode 100644 index 0000000..1c00d70 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/nginx/modsecurity.conf b/nginx/nginx.bak-revert-debian/modsecurity.conf similarity index 100% rename from nginx/modsecurity.conf rename to nginx/nginx.bak-revert-debian/modsecurity.conf diff --git a/nginx/modsecurity/exchange-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/modsecurity/exchange-rule-exceptions.conf similarity index 100% rename from nginx/modsecurity/exchange-rule-exceptions.conf rename to nginx/nginx.bak-revert-debian/modsecurity/exchange-rule-exceptions.conf diff --git a/nginx/modsecurity/gitea-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/modsecurity/gitea-rule-exceptions.conf similarity index 100% rename from nginx/modsecurity/gitea-rule-exceptions.conf rename to nginx/nginx.bak-revert-debian/modsecurity/gitea-rule-exceptions.conf diff --git a/nginx/modsecurity/global-exceptions.conf b/nginx/nginx.bak-revert-debian/modsecurity/global-exceptions.conf similarity index 100% rename from nginx/modsecurity/global-exceptions.conf rename to nginx/nginx.bak-revert-debian/modsecurity/global-exceptions.conf diff --git a/nginx/modsecurity/grafana-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/modsecurity/grafana-rule-exceptions.conf similarity index 100% rename from nginx/modsecurity/grafana-rule-exceptions.conf rename to nginx/nginx.bak-revert-debian/modsecurity/grafana-rule-exceptions.conf diff --git a/nginx/modsecurity/nextcloud-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/modsecurity/nextcloud-rule-exceptions.conf similarity index 100% rename from nginx/modsecurity/nextcloud-rule-exceptions.conf rename to nginx/nginx.bak-revert-debian/modsecurity/nextcloud-rule-exceptions.conf diff --git a/nginx/modsecurity/zabbix-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/modsecurity/zabbix-rule-exceptions.conf similarity index 100% rename from nginx/modsecurity/zabbix-rule-exceptions.conf rename to nginx/nginx.bak-revert-debian/modsecurity/zabbix-rule-exceptions.conf diff --git a/nginx/modsecurity/zammad-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/modsecurity/zammad-rule-exceptions.conf similarity index 100% rename from nginx/modsecurity/zammad-rule-exceptions.conf rename to nginx/nginx.bak-revert-debian/modsecurity/zammad-rule-exceptions.conf diff --git a/nginx/modsecurity_includes.conf b/nginx/nginx.bak-revert-debian/modsecurity_includes.conf similarity index 100% rename from nginx/modsecurity_includes.conf rename to nginx/nginx.bak-revert-debian/modsecurity_includes.conf diff --git a/nginx/modules b/nginx/nginx.bak-revert-debian/modules similarity index 100% rename from nginx/modules rename to nginx/nginx.bak-revert-debian/modules diff --git a/nginx/nginx.bak-revert-debian/nginx.conf b/nginx/nginx.bak-revert-debian/nginx.conf new file mode 100644 index 0000000..120c690 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx.conf @@ -0,0 +1,108 @@ +# Ficheiro de configuração global do Nginx (/etc/nginx/nginx.conf) +# VERSÃO CORRIGIDA E OTIMIZADA + +# --- Carregamento de Módulos Dinâmicos --- +# Esta secção é crucial para as versões mais recentes do Nginx. +# A linha abaixo carrega o módulo ModSecurity que instalámos. +load_module modules/mod-http-modsecurity.so; + +# --- Configurações Gerais --- +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +# Esta linha carrega outros módulos padrão do Debian (como o 'stream'). +include /etc/nginx/modules-enabled/*.conf; + +# --- Bloco de Eventos --- +events { + worker_connections 16384; + multi_accept on; +} + +# ============================================================================== +# BLOCO HTTP: Para todo o tráfego Web (Sites, APIs, etc.) +# ============================================================================== +http { + # --- Configurações de Cache --- + proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; + proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; + proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; + + # --- Configurações Básicas e de Performance --- + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # --- Otimizações de Proxy Reverso e Buffers --- + client_body_buffer_size 128k; + client_max_body_size 10G; + proxy_buffer_size 16k; + proxy_buffers 8 16k; + proxy_busy_buffers_size 32k; + + # --- Otimizações de Keep-Alive e Timeouts --- + keepalive_timeout 65s; + keepalive_requests 1000; + send_timeout 10s; + + # --- Configurações de Segurança (WAF) --- + # Agora que o módulo está carregado, estas diretivas irão funcionar. + modsecurity on; + modsecurity_rules_file /etc/nginx/modsecurity.conf; + + # --- Configurações do GeoIP2 --- + geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { + $geoip2_country_code country iso_code; + $geoip2_country_name country names en; + $geoip2_region_name subdivisions 0 names en; + $geoip2_city_name city names en; + $geoip2_latitude location latitude; + $geoip2_longitude location longitude; + $geoip2_asn autonomous_system_number; + $geoip2_isp autonomous_system_organization; + } + + # --- Configurações de Logging --- + log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","cache_status":"$upstream_cache_status","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; + access_log /var/log/nginx/access.log detailed_proxy; + + # --- Configurações de Compressão --- + include /etc/nginx/snippets/compression_params.conf; + + # --- Carregar Ficheiros de Configuração dos Sites --- + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + +# ============================================================================== +# BLOCO STREAM: Para tráfego TCP/UDP (Telefonia, SSL Passthrough) +# ============================================================================== +stream { + # (O seu bloco stream existente vai aqui, sem alterações) + # Encaminhamento da porta de sinalização SIP (TCP) + server { + listen 5060; + proxy_pass 172.16.254.130:5060; + } + + # Encaminhamento da porta de sinalização SIP (UDP) + server { + listen 5060 udp; + proxy_pass 172.16.254.130:5060; + } + + # Encaminhamento da faixa de portas RTP para o áudio (UDP) + server { + listen 10000-20000 udp; + proxy_pass 172.16.254.130:$server_port; + } +} diff --git a/nginx/nginx.conf.dpkg-dist b/nginx/nginx.bak-revert-debian/nginx.conf.dpkg-dist similarity index 100% rename from nginx/nginx.conf.dpkg-dist rename to nginx/nginx.bak-revert-debian/nginx.conf.dpkg-dist diff --git a/nginx/nginx.bak-revert-debian/nginx/conf.d/default.conf b/nginx/nginx.bak-revert-debian/nginx/conf.d/default.conf new file mode 100644 index 0000000..ff2ced6 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/conf.d/default.conf @@ -0,0 +1,44 @@ +server { + listen 80; + server_name localhost; + + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + diff --git a/nginx/nginx.bak-revert-debian/nginx/conf.d/zabbix-nginx-status.conf b/nginx/nginx.bak-revert-debian/nginx/conf.d/zabbix-nginx-status.conf new file mode 100644 index 0000000..45a6672 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/conf.d/zabbix-nginx-status.conf @@ -0,0 +1,16 @@ +server { + # Escuta em uma porta apenas no localhost (127.0.0.1) + # Usar uma porta diferente de 80 evita conflitos com seus sites reais. + listen 127.0.0.1:8080; + server_name localhost; + + # Define a localização (URL) para a página de status + location /nginx_status { + # Ativa a página de status do Nginx + stub_status; + + # Regras de segurança: + allow 127.0.0.1; # Permite acesso SOMENTE do próprio servidor + deny all; # Bloqueia todos os outros acessos + } +} diff --git a/nginx/nginx.bak-revert-debian/nginx/fastcgi.conf b/nginx/nginx.bak-revert-debian/nginx/fastcgi.conf new file mode 100644 index 0000000..d53a628 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/fastcgi.conf @@ -0,0 +1,27 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param REMOTE_USER $remote_user; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/nginx/fastcgi_params b/nginx/nginx.bak-revert-debian/nginx/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/nginx/koi-utf b/nginx/nginx.bak-revert-debian/nginx/koi-utf new file mode 100644 index 0000000..e7974ff --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/nginx/nginx.bak-revert-debian/nginx/koi-win b/nginx/nginx.bak-revert-debian/nginx/koi-win new file mode 100644 index 0000000..72afabe --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/nginx/nginx.bak-revert-debian/nginx/mime.types b/nginx/nginx.bak-revert-debian/nginx/mime.types new file mode 100644 index 0000000..1c00d70 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity.conf new file mode 100644 index 0000000..a7c9eeb --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity.conf @@ -0,0 +1,289 @@ +# -- Rule engine initialization ---------------------------------------------- + +# Enable ModSecurity, attaching it to every transaction. Use detection +# only to start with, because that minimises the chances of post-installation +# disruption. +# +SecRuleEngine On + +# -- Request body handling --------------------------------------------------- + +# Allow ModSecurity to access request bodies. If you don't, ModSecurity +# won't be able to see any POST parameters, which opens a large security +# hole for attackers to exploit. +# +SecRequestBodyAccess On +SecRequestBodyLimit 10737418240 +SecRequestBodyNoFilesLimit 1048576 + +# Enable XML request body parser. +# Initiate XML Processor in case of xml content-type +# +SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + +# Enable JSON request body parser. +# Initiate JSON Processor in case of JSON content-type; change accordingly +# if your application does not use 'application/json' +# +SecRule REQUEST_HEADERS:Content-Type "^application/json" \ + "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" + +# Sample rule to enable JSON request body parser for more subtypes. +# Uncomment or adapt this rule if you want to engage the JSON +# Processor for "+json" subtypes +# +#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ +# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" + +# Maximum request body size we will accept for buffering. If you support +# file uploads then the value given on the first line has to be as large +# as the largest file you are willing to accept. The second value refers +# to the size of data, with files excluded. You want to keep that value as +# low as practical. +# +SecRequestBodyNoFilesLimit 131072 + +# What to do if the request body size is above our configured limit. +# Keep in mind that this setting will automatically be set to ProcessPartial +# when SecRuleEngine is set to DetectionOnly mode in order to minimize +# disruptions when initially deploying ModSecurity. +# +SecRequestBodyLimitAction Reject + +# Maximum parsing depth allowed for JSON objects. You want to keep this +# value as low as practical. +# +SecRequestBodyJsonDepthLimit 512 + +# Maximum number of args allowed per request. You want to keep this +# value as low as practical. The value should match that in rule 200007. +SecArgumentsLimit 1000 + +# If SecArgumentsLimit has been set, you probably want to reject any +# request body that has only been partly parsed. The value used in this +# rule should match what was used with SecArgumentsLimit +SecRule &ARGS "@ge 1000" \ +"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2" + +# Verify that we've correctly processed the request body. +# As a rule of thumb, when failing to process a request body +# you should reject the request (when deployed in blocking mode) +# or log a high-severity alert (when deployed in detection-only mode). +# +SecRule REQBODY_ERROR "!@eq 0" \ +"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + +# By default be strict with what we accept in the multipart/form-data +# request body. If the rule below proves to be too strict for your +# environment consider changing it to detection-only. You are encouraged +# _not_ to remove it altogether. +# +SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ +"id:'200003',phase:2,t:none,log,deny,status:400, \ +msg:'Multipart request body failed strict validation: \ +PE %{REQBODY_PROCESSOR_ERROR}, \ +BQ %{MULTIPART_BOUNDARY_QUOTED}, \ +BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ +DB %{MULTIPART_DATA_BEFORE}, \ +DA %{MULTIPART_DATA_AFTER}, \ +HF %{MULTIPART_HEADER_FOLDING}, \ +LF %{MULTIPART_LF_LINE}, \ +SM %{MULTIPART_MISSING_SEMICOLON}, \ +IQ %{MULTIPART_INVALID_QUOTING}, \ +IP %{MULTIPART_INVALID_PART}, \ +IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ +FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + +# Did we see anything that might be a boundary? +# +# Here is a short description about the ModSecurity Multipart parser: the +# parser returns with value 0, if all "boundary-like" line matches with +# the boundary string which given in MIME header. In any other cases it returns +# with different value, eg. 1 or 2. +# +# The RFC 1341 descript the multipart content-type and its syntax must contains +# only three mandatory lines (above the content): +# * Content-Type: multipart/mixed; boundary=BOUNDARY_STRING +# * --BOUNDARY_STRING +# * --BOUNDARY_STRING-- +# +# First line indicates, that this is a multipart content, second shows that +# here starts a part of the multipart content, third shows the end of content. +# +# If there are any other lines, which starts with "--", then it should be +# another boundary id - or not. +# +# After 3.0.3, there are two kinds of types of boundary errors: strict and permissive. +# +# If multipart content contains the three necessary lines with correct order, but +# there are one or more lines with "--", then parser returns with value 2 (non-zero). +# +# If some of the necessary lines (usually the start or end) misses, or the order +# is wrong, then parser returns with value 1 (also a non-zero). +# +# You can choose, which one is what you need. The example below contains the +# 'strict' mode, which means if there are any lines with start of "--", then +# ModSecurity blocked the content. But the next, commented example contains +# the 'permissive' mode, then you check only if the necessary lines exists in +# correct order. Whit this, you can enable to upload PEM files (eg "----BEGIN.."), +# or other text files, which contains eg. HTTP headers. +# +# The difference is only the operator - in strict mode (first) the content blocked +# in case of any non-zero value. In permissive mode (second, commented) the +# content blocked only if the value is explicit 1. If it 0 or 2, the content will +# allowed. +# + +# +# See #1747 and #1924 for further information on the possible values for +# MULTIPART_UNMATCHED_BOUNDARY. +# +SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ + "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" + + +# PCRE Tuning +# We want to avoid a potential RegEx DoS condition +# +SecPcreMatchLimit 1000 +SecPcreMatchLimitRecursion 1000 + +# Some internal errors will set flags in TX and we will need to look for these. +# All of these are prefixed with "MSC_". The following flags currently exist: +# +# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. +# +SecRule TX:/^MSC_/ "!@streq 0" \ + "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + + +# -- Response body handling -------------------------------------------------- + +# Allow ModSecurity to access response bodies. +# You should have this directive enabled in order to identify errors +# and data leakage issues. +# +# Do keep in mind that enabling this directive does increases both +# memory consumption and response latency. +# +SecResponseBodyAccess On + +# Which response MIME types do you want to inspect? You should adjust the +# configuration below to catch documents but avoid static files +# (e.g., images and archives). +# +SecResponseBodyMimeType text/plain text/html text/xml + +# Buffer response bodies of up to 512 KB in length. +SecResponseBodyLimit 524288 + +# What happens when we encounter a response body larger than the configured +# limit? By default, we process what we have and let the rest through. +# That's somewhat less secure, but does not break any legitimate pages. +# +SecResponseBodyLimitAction ProcessPartial + + +# -- Filesystem configuration ------------------------------------------------ + +# The location where ModSecurity stores temporary files (for example, when +# it needs to handle a file upload that is larger than the configured limit). +# +# This default setting is chosen due to all systems have /tmp available however, +# this is less than ideal. It is recommended that you specify a location that's private. +# +SecTmpDir /tmp/ + +# The location where ModSecurity will keep its persistent data. This default setting +# is chosen due to all systems have /tmp available however, it +# too should be updated to a place that other users can't access. +# +SecDataDir /tmp/ + + +# -- File uploads handling configuration ------------------------------------- + +# The location where ModSecurity stores intercepted uploaded files. This +# location must be private to ModSecurity. You don't want other users on +# the server to access the files, do you? +# +#SecUploadDir /opt/modsecurity/var/upload/ + +# By default, only keep the files that were determined to be unusual +# in some way (by an external inspection script). For this to work you +# will also need at least one file inspection rule. +# +#SecUploadKeepFiles RelevantOnly + +# Uploaded files are by default created with permissions that do not allow +# any other user to access them. You may need to relax that if you want to +# interface ModSecurity to an external program (e.g., an anti-virus). +# +#SecUploadFileMode 0600 + + +# -- Debug log configuration ------------------------------------------------- + +# The default debug log configuration is to duplicate the error, warning +# and notice messages from the error log. +# +#SecDebugLog /opt/modsecurity/var/log/debug.log +#SecDebugLogLevel 3 + + +# -- Audit log configuration ------------------------------------------------- + +# Log the transactions that are marked by a rule, as well as those that +# trigger a server error (determined by a 5xx or 4xx, excluding 404, +# level response status codes). +# +SecAuditEngine RelevantOnly +SecAuditLogRelevantStatus "^(?:5|4(?!04))" + +# Log everything we know about a transaction. +SecAuditLogParts ABIJDEFHZ + +# Use a single file for logging. This is much easier to look at, but +# assumes that you will use the audit log only ocassionally. +# +SecAuditLogType Serial +SecAuditLog /var/log/nginx/modsec_audit.log + +# Specify the path for concurrent audit logging. +#SecAuditLogStorageDir /opt/modsecurity/var/audit/ + + +# -- Miscellaneous ----------------------------------------------------------- + +# Use the most commonly used application/x-www-form-urlencoded parameter +# separator. There's probably only one application somewhere that uses +# something else so don't expect to change this value. +# +SecArgumentSeparator & + +# Settle on version 0 (zero) cookies, as that is what most applications +# use. Using an incorrect cookie version may open your installation to +# evasion attacks (against the rules that examine named cookies). +# +SecCookieFormat 0 + +# Specify your Unicode Code Point. +# This mapping is used by the t:urlDecodeUni transformation function +# to properly map encoded data to your language. Properly setting +# these directives helps to reduce false positives and negatives. +# +SecUnicodeMapFile unicode.mapping 20127 + +# Improve the quality of ModSecurity by sharing information about your +# current ModSecurity version and dependencies versions. +# The following information will be shared: ModSecurity version, +# Web Server version, APR version, PCRE version, Lua version, Libxml2 +# version, Anonymous unique id for host. +SecStatusEngine On + +# Inclui a configuração inicial do Core Rule Set (CRS) +Include /etc/modsecurity/crs/crs-setup.conf + +# Inclui os arquivos de regras principais da OWASP +Include /usr/share/modsecurity-crs/rules/*.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/exchange-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/exchange-rule-exceptions.conf new file mode 100644 index 0000000..1014363 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity/exchange-rule-exceptions.conf @@ -0,0 +1,8 @@ +# Ficheiro de Exceções do ModSecurity para o Microsoft Exchange + +# Desativa completamente o motor de regras do ModSecurity para QUALQUER URL +# que comece com /owa/ ou /ecp/. +# Isto resolve os falsos positivos que bloqueiam a funcionalidade legítima +# do Outlook Web App e do Exchange Admin Center. +SecRule REQUEST_URI "@rx ^/(owa|ecp)/" \ + "id:1003,phase:1,nolog,allow,ctl:ruleEngine=Off" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/gitea-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/gitea-rule-exceptions.conf new file mode 100644 index 0000000..1bb33f2 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity/gitea-rule-exceptions.conf @@ -0,0 +1,7 @@ +# Ficheiro de Exceções do ModSecurity para o Gitea (VERSÃO FINAL E COMPLETA) + +# Desativa completamente o motor de regras do ModSecurity para QUALQUER URL +# que envolva a visualização, edição, criação ou visualização de commits de ficheiros no Gitea. +# A expressão regular agora apanha os caminhos "/src/branch/", "/_edit/", "/_new/" e "/commits/branch/". +SecRule REQUEST_URI "@rx ^/.*/(src/branch|_edit|_new|commits/branch)/" \ + "id:1005,phase:1,nolog,allow,ctl:ruleEngine=Off" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/global-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/global-exceptions.conf new file mode 100644 index 0000000..52bac7d --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity/global-exceptions.conf @@ -0,0 +1,56 @@ +# ========================================================================== +# Arquivo Global de Exceções do ModSecurity +# ========================================================================== +# Este arquivo centraliza todas as regras de exceção para as aplicações. +# Todos os IDs foram reorganizados para serem únicos. + +# -------------------------------------------------------------------------- +# Exceções para o Nextcloud +# -------------------------------------------------------------------------- +# Desliga o motor de regras para as rotas de sincronização (WebDAV). +SecRule REQUEST_URI "@beginsWith /remote.php" "id:10001,phase:1,nolog,pass,ctl:ruleEngine=Off" +SecRule REQUEST_URI "@streq /.well-known/caldav" "id:10002,phase:1,nolog,pass,ctl:ruleEngine=Off" +SecRule REQUEST_URI "@streq /.well-known/carddav" "id:10003,phase:1,nolog,pass,ctl:ruleEngine=Off" + +# -------------------------------------------------------------------------- +# Exceções para o Zabbix +# -------------------------------------------------------------------------- +# Desliga o ModSecurity para a API JSON-RPC e zabbix.php. +SecRule REQUEST_URI "@rx (jsrpc\.php|zabbix\.php)" "id:10004,phase:1,nolog,allow,ctl:ruleEngine=Off" +# Desativa regras específicas na página de Descoberta de Hosts. +# Lembre-se de substituir os IDs abaixo pelos que encontrou no seu log. +SecRule REQUEST_URI "@beginsWith /zabbix/host_discovery.php" "id:10005,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX,ctl:ruleRemoveById=9YYYYY" + +# -------------------------------------------------------------------------- +# Exceções para o Microsoft Exchange +# -------------------------------------------------------------------------- +# Desliga o ModSecurity para o Outlook Web App (OWA) e o Exchange Admin Center (ECP). +SecRule REQUEST_URI "@rx ^/(owa|ecp)/" "id:10006,phase:1,nolog,allow,ctl:ruleEngine=Off" + +# -------------------------------------------------------------------------- +# Exceções para o Zammad +# -------------------------------------------------------------------------- +# Desativa regra de falso positivo para a API do Zammad. +# Lembre-se de substituir '9XXXXX' pelo ID da regra real. +SecRule REQUEST_URI "@beginsWith /api/v1/" "id:10007,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" + +# -------------------------------------------------------------------------- +# Exceções para o Gitea +# -------------------------------------------------------------------------- +# Desliga o motor de regras para operações de ficheiros no Gitea. +SecRule REQUEST_URI "@rx ^/.*/(src/branch|_edit|_new|commits/branch)/" "id:10008,phase:1,nolog,allow,ctl:ruleEngine=Off" + +# -------------------------------------------------------------------------- +# Exceções para o Grafana +# -------------------------------------------------------------------------- +# Desativa a regra de falso positivo para a API de dashboards. +# Lembre-se de substituir '9XXXXX' pelo ID da regra real. +SecRule REQUEST_URI "@beginsWith /api/dashboards/" "id:10009,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" + +# -------------------------------------------------------------------------- +# Exceções para a Geração de Prévias (Thumbnails) do Nextcloud +# -------------------------------------------------------------------------- +# Desativa a regra de falso positivo que bloqueia a criação de miniaturas. +# Substitua '9XXXXX' pelo ID real encontrado no log de auditoria. +SecRule REQUEST_URI "@beginsWith /index.php/core/preview" "id:10010,phase:1,nolog,pass,ctl:ruleRemoveById=9XXXXX + diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/grafana-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/grafana-rule-exceptions.conf new file mode 100644 index 0000000..7e08f55 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity/grafana-rule-exceptions.conf @@ -0,0 +1,7 @@ +# Ficheiro de Exceções do ModSecurity para o Grafana + +# Desativa a regra 9XXXXX (que estava a causar um falso positivo com o método DELETE) +# APENAS para as requisições que começam com /api/dashboards/. +# Isto mantém a regra ativa para o resto do site. +SecRule REQUEST_URI "@beginsWith /api/dashboards/" \ + "id:1007,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/nextcloud-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/nextcloud-rule-exceptions.conf new file mode 100644 index 0000000..968d20b --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity/nextcloud-rule-exceptions.conf @@ -0,0 +1,14 @@ +# -------------------------------------------------------------------------- +# Nextcloud: Exceções para o Nextcloud (Sintaxe para Nginx) +# -------------------------------------------------------------------------- +# Este arquivo contém regras de exclusão para o Nextcloud. +# A ação aqui desliga completamente o motor do ModSecurity para as rotas +# de sincronização (WebDAV), o que é funcional mas menos seguro. + +# Desliga o motor de regras para qualquer URL que comece com /remote.php +# Isso cobre o WebDAV e outras operações do cliente. +SecRule REQUEST_URI "@beginsWith /remote.php" "id:1001,phase:1,nolog,pass,ctl:ruleEngine=Off" + +# Desliga o motor de regras para as rotas de descoberta de CalDAV e CardDAV. +SecRule REQUEST_URI "@streq /.well-known/caldav" "id:1002,phase:1,nolog,pass,ctl:ruleEngine=Off" +SecRule REQUEST_URI "@streq /.well-known/carddav" "id:1003,phase:1,nolog,pass,ctl:ruleEngine=Off" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/zabbix-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/zabbix-rule-exceptions.conf new file mode 100644 index 0000000..9e8842f --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity/zabbix-rule-exceptions.conf @@ -0,0 +1,11 @@ +# Ficheiro de Exceções do ModSecurity para o Zabbix (VERSÃO CORRIGIDA) + +# Regra 1: Desativa completamente o ModSecurity para a API JSON-RPC e zabbix.php. +# Esta regra continua a ser útil e está correta. +SecRule REQUEST_URI "@rx (jsrpc\.php|zabbix\.php)" \ + "id:1001,phase:1,nolog,allow,ctl:ruleEngine=Off" + +# Regra 2: Desativa as regras específicas que causam falsos positivos na página de Descoberta de Hosts. +# Lembre-se de substituir os IDs abaixo pelos que encontrou no seu log de auditoria. +SecRule REQUEST_URI "@beginsWith /zabbix/host_discovery.php" \ + "id:1002,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX,ctl:ruleRemoveById=9YYYYY" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/zammad-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/zammad-rule-exceptions.conf new file mode 100644 index 0000000..0f61de6 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity/zammad-rule-exceptions.conf @@ -0,0 +1,7 @@ +# Ficheiro de Exceções do ModSecurity para o Zammad + +# Desativa a regra de falso positivo para toda a API do Zammad (/api/v1/). +# Isto previne que o WAF bloqueie as ações legítimas da interface. +# Lembre-se de substituir '9XXXXX' pelo ID da regra que encontrou no seu log de auditoria. +SecRule REQUEST_URI "@beginsWith /api/v1/" \ + "id:1004,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity_includes.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity_includes.conf new file mode 100644 index 0000000..505c992 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modsecurity_includes.conf @@ -0,0 +1,2 @@ +include modsecurity.conf +#include /usr/share/modsecurity-crs/owasp-crs.load diff --git a/nginx/nginx.bak-revert-debian/nginx/modules b/nginx/nginx.bak-revert-debian/nginx/modules new file mode 120000 index 0000000..4b9b33f --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/modules @@ -0,0 +1 @@ +/usr/lib/nginx/modules \ No newline at end of file diff --git a/nginx/nginx.bak-revert-debian/nginx/nginx.conf b/nginx/nginx.bak-revert-debian/nginx/nginx.conf new file mode 100644 index 0000000..c89bd9b --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/nginx.conf @@ -0,0 +1,106 @@ +# Ficheiro de configuração global do Nginx (/etc/nginx/nginx.conf) +# VERSÃO CORRIGIDA E OTIMIZADA + +# --- Carregamento de Módulos Dinâmicos --- +# Esta secção é crucial para as versões mais recentes do Nginx. +# A linha abaixo carrega o módulo ModSecurity que instalámos. +# --- Configurações Gerais --- +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +# Esta linha carrega outros módulos padrão do Debian (como o 'stream'). +include /etc/nginx/modules-enabled/*.conf; + +# --- Bloco de Eventos --- +events { + worker_connections 16384; + multi_accept on; +} + +# ============================================================================== +# BLOCO HTTP: Para todo o tráfego Web (Sites, APIs, etc.) +# ============================================================================== +http { + # --- Configurações de Cache --- + proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; + proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; + proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; + + # --- Configurações Básicas e de Performance --- + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # --- Otimizações de Proxy Reverso e Buffers --- + client_body_buffer_size 128k; + client_max_body_size 10G; + proxy_buffer_size 16k; + proxy_buffers 8 16k; + proxy_busy_buffers_size 32k; + + # --- Otimizações de Keep-Alive e Timeouts --- + keepalive_timeout 65s; + keepalive_requests 1000; + send_timeout 10s; + + # --- Configurações de Segurança (WAF) --- + # Agora que o módulo está carregado, estas diretivas irão funcionar. + #modsecurity on; + #modsecurity_rules_file /etc/nginx/modsecurity.conf; + + # --- Configurações do GeoIP2 --- + geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { + $geoip2_country_code country iso_code; + $geoip2_country_name country names en; + $geoip2_region_name subdivisions 0 names en; + $geoip2_city_name city names en; + $geoip2_latitude location latitude; + $geoip2_longitude location longitude; + $geoip2_asn autonomous_system_number; + $geoip2_isp autonomous_system_organization; + } + + # --- Configurações de Logging --- + log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","cache_status":"$upstream_cache_status","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; + access_log /var/log/nginx/access.log detailed_proxy; + + # --- Configurações de Compressão --- + include /etc/nginx/snippets/compression_params.conf; + + # --- Carregar Ficheiros de Configuração dos Sites --- + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + +# ============================================================================== +# BLOCO STREAM: Para tráfego TCP/UDP (Telefonia, SSL Passthrough) +# ============================================================================== +stream { + # (O seu bloco stream existente vai aqui, sem alterações) + # Encaminhamento da porta de sinalização SIP (TCP) + server { + listen 5060; + proxy_pass 172.16.254.130:5060; + } + + # Encaminhamento da porta de sinalização SIP (UDP) + server { + listen 5060 udp; + proxy_pass 172.16.254.130:5060; + } + + # Encaminhamento da faixa de portas RTP para o áudio (UDP) + server { + listen 10000-20000 udp; + proxy_pass 172.16.254.130:$server_port; + } +} diff --git a/nginx/nginx.bak-revert-debian/nginx/nginx.conf.dpkg-dist b/nginx/nginx.bak-revert-debian/nginx/nginx.conf.dpkg-dist new file mode 100644 index 0000000..d4149db --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/nginx.conf.dpkg-dist @@ -0,0 +1,32 @@ + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/nginx/nginx.bak-revert-debian/nginx/proxy_params b/nginx/nginx.bak-revert-debian/nginx/proxy_params new file mode 100644 index 0000000..df75bc5 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/nginx.bak-revert-debian/nginx/scgi_params b/nginx/nginx.bak-revert-debian/nginx/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/nginx/sites-available/business.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/business.itguys.com.br.conf similarity index 100% rename from nginx/sites-available/business.itguys.com.br.conf rename to nginx/nginx.bak-revert-debian/nginx/sites-available/business.itguys.com.br.conf diff --git a/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/cloud.grupopralog.com.br.conf similarity index 100% rename from nginx/sites-available/cloud.grupopralog.com.br.conf rename to nginx/nginx.bak-revert-debian/nginx/sites-available/cloud.grupopralog.com.br.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/default b/nginx/nginx.bak-revert-debian/nginx/sites-available/default new file mode 100644 index 0000000..335c876 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/sites-available/default @@ -0,0 +1,93 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## +# TESTE +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; + add_header Alt-Svc 'h3=":443"; ma=86400'; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/nginx/sites-available/default-catchall b/nginx/nginx.bak-revert-debian/nginx/sites-available/default-catchall similarity index 100% rename from nginx/sites-available/default-catchall rename to nginx/nginx.bak-revert-debian/nginx/sites-available/default-catchall diff --git a/nginx/sites-available/default-modsecurity.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/default-modsecurity.conf similarity index 100% rename from nginx/sites-available/default-modsecurity.conf rename to nginx/nginx.bak-revert-debian/nginx/sites-available/default-modsecurity.conf diff --git a/nginx/sites-available/dns-primario.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/dns-primario.itguys.com.br similarity index 100% rename from nginx/sites-available/dns-primario.itguys.com.br rename to nginx/nginx.bak-revert-debian/nginx/sites-available/dns-primario.itguys.com.br diff --git a/nginx/sites-available/git.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/git.itguys.com.br.conf similarity index 100% rename from nginx/sites-available/git.itguys.com.br.conf rename to nginx/nginx.bak-revert-debian/nginx/sites-available/git.itguys.com.br.conf diff --git a/nginx/sites-available/itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/itguys.com.br.conf similarity index 100% rename from nginx/sites-available/itguys.com.br.conf rename to nginx/nginx.bak-revert-debian/nginx/sites-available/itguys.com.br.conf diff --git a/nginx/sites-available/katalog.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/katalog.itguys.com.br similarity index 100% rename from nginx/sites-available/katalog.itguys.com.br rename to nginx/nginx.bak-revert-debian/nginx/sites-available/katalog.itguys.com.br diff --git a/nginx/sites-available/mimir.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/mimir.itguys.com.br similarity index 100% rename from nginx/sites-available/mimir.itguys.com.br rename to nginx/nginx.bak-revert-debian/nginx/sites-available/mimir.itguys.com.br diff --git a/nginx/sites-available/monitoramento.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/monitoramento.itguys.com.br similarity index 100% rename from nginx/sites-available/monitoramento.itguys.com.br rename to nginx/nginx.bak-revert-debian/nginx/sites-available/monitoramento.itguys.com.br diff --git a/nginx/sites-available/ns1.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/ns1.itguys.com.br similarity index 100% rename from nginx/sites-available/ns1.itguys.com.br rename to nginx/nginx.bak-revert-debian/nginx/sites-available/ns1.itguys.com.br diff --git a/nginx/sites-available/ns2.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/ns2.itguys.com.br similarity index 100% rename from nginx/sites-available/ns2.itguys.com.br rename to nginx/nginx.bak-revert-debian/nginx/sites-available/ns2.itguys.com.br diff --git a/nginx/sites-available/proxy.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/proxy.itguys.com.br similarity index 100% rename from nginx/sites-available/proxy.itguys.com.br rename to nginx/nginx.bak-revert-debian/nginx/sites-available/proxy.itguys.com.br diff --git a/nginx/sites-available/telefonia.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/telefonia.itguys.com.br.conf similarity index 100% rename from nginx/sites-available/telefonia.itguys.com.br.conf rename to nginx/nginx.bak-revert-debian/nginx/sites-available/telefonia.itguys.com.br.conf diff --git a/nginx/sites-available/zammad.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/zammad.itguys.com.br.conf similarity index 100% rename from nginx/sites-available/zammad.itguys.com.br.conf rename to nginx/nginx.bak-revert-debian/nginx/sites-available/zammad.itguys.com.br.conf diff --git a/nginx/snippets/cache_immutable_static.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/cache_immutable_static.conf similarity index 100% rename from nginx/snippets/cache_immutable_static.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/cache_immutable_static.conf diff --git a/nginx/snippets/cache_static_assets.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/cache_static_assets.conf similarity index 100% rename from nginx/snippets/cache_static_assets.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/cache_static_assets.conf diff --git a/nginx/snippets/compression_params.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/compression_params.conf similarity index 100% rename from nginx/snippets/compression_params.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/compression_params.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/fastcgi-php.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/fastcgi-php.conf new file mode 100644 index 0000000..467a9e7 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/snippets/fastcgi-php.conf @@ -0,0 +1,13 @@ +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info ^(.+?\.php)(/.*)$; + +# Check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +fastcgi_index index.php; +include fastcgi.conf; diff --git a/nginx/snippets/global_robots.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/global_robots.conf similarity index 100% rename from nginx/snippets/global_robots.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/global_robots.conf diff --git a/nginx/snippets/internal_networks.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/internal_networks.conf similarity index 100% rename from nginx/snippets/internal_networks.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/internal_networks.conf diff --git a/nginx/snippets/proxy_params.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/proxy_params.conf similarity index 100% rename from nginx/snippets/proxy_params.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/proxy_params.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/snakeoil.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/snakeoil.conf new file mode 100644 index 0000000..ad26c3e --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/snippets/snakeoil.conf @@ -0,0 +1,5 @@ +# Self signed certificates generated by the ssl-cert package +# Don't use them in a production server! + +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/nginx/snippets/ssl_params.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/ssl_params.conf similarity index 100% rename from nginx/snippets/ssl_params.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/ssl_params.conf diff --git a/nginx/snippets/websocket_params.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/websocket_params.conf similarity index 100% rename from nginx/snippets/websocket_params.conf rename to nginx/nginx.bak-revert-debian/nginx/snippets/websocket_params.conf diff --git a/nginx/unicode.mapping b/nginx/nginx.bak-revert-debian/nginx/unicode.mapping similarity index 100% rename from nginx/unicode.mapping rename to nginx/nginx.bak-revert-debian/nginx/unicode.mapping diff --git a/nginx/nginx.bak-revert-debian/nginx/uwsgi_params b/nginx/nginx.bak-revert-debian/nginx/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/nginx/nginx.bak-revert-debian/nginx/win-utf b/nginx/nginx.bak-revert-debian/nginx/win-utf new file mode 100644 index 0000000..774fd9f --- /dev/null +++ b/nginx/nginx.bak-revert-debian/nginx/win-utf @@ -0,0 +1,125 @@ +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A; # single low-9 quotation mark + + 84 E2809E; # double low-9 quotation mark + 85 E280A6; # ellipsis + 86 E280A0; # dagger + 87 E280A1; # double dagger + 88 E282AC; # euro + 89 E280B0; # per mille + + 91 E28098; # left single quotation mark + 92 E28099; # right single quotation mark + 93 E2809C; # left double quotation mark + 94 E2809D; # right double quotation mark + 95 E280A2; # bullet + 96 E28093; # en dash + 97 E28094; # em dash + + 99 E284A2; # trade mark sign + + A0 C2A0; #   + A1 D18E; # capital Byelorussian short U + A2 D19E; # small Byelorussian short u + + A4 C2A4; # currency sign + A5 D290; # capital Ukrainian soft G + A6 C2A6; # borken bar + A7 C2A7; # section sign + A8 D081; # capital YO + A9 C2A9; # (C) + AA D084; # capital Ukrainian YE + AB C2AB; # left-pointing double angle quotation mark + AC C2AC; # not sign + AD C2AD; # soft hypen + AE C2AE; # (R) + AF D087; # capital Ukrainian YI + + B0 C2B0; # ° + B1 C2B1; # plus-minus sign + B2 D086; # capital Ukrainian I + B3 D196; # small Ukrainian i + B4 D291; # small Ukrainian soft g + B5 C2B5; # micro sign + B6 C2B6; # pilcrow sign + B7 C2B7; # · + B8 D191; # small yo + B9 E28496; # numero sign + BA D194; # small Ukrainian ye + BB C2BB; # right-pointing double angle quotation mark + + BF D197; # small Ukrainian yi + + C0 D090; # capital A + C1 D091; # capital B + C2 D092; # capital V + C3 D093; # capital G + C4 D094; # capital D + C5 D095; # capital YE + C6 D096; # capital ZH + C7 D097; # capital Z + C8 D098; # capital I + C9 D099; # capital J + CA D09A; # capital K + CB D09B; # capital L + CC D09C; # capital M + CD D09D; # capital N + CE D09E; # capital O + CF D09F; # capital P + + D0 D0A0; # capital R + D1 D0A1; # capital S + D2 D0A2; # capital T + D3 D0A3; # capital U + D4 D0A4; # capital F + D5 D0A5; # capital KH + D6 D0A6; # capital TS + D7 D0A7; # capital CH + D8 D0A8; # capital SH + D9 D0A9; # capital SHCH + DA D0AA; # capital hard sign + DB D0AB; # capital Y + DC D0AC; # capital soft sign + DD D0AD; # capital E + DE D0AE; # capital YU + DF D0AF; # capital YA + + E0 D0B0; # small a + E1 D0B1; # small b + E2 D0B2; # small v + E3 D0B3; # small g + E4 D0B4; # small d + E5 D0B5; # small ye + E6 D0B6; # small zh + E7 D0B7; # small z + E8 D0B8; # small i + E9 D0B9; # small j + EA D0BA; # small k + EB D0BB; # small l + EC D0BC; # small m + ED D0BD; # small n + EE D0BE; # small o + EF D0BF; # small p + + F0 D180; # small r + F1 D181; # small s + F2 D182; # small t + F3 D183; # small u + F4 D184; # small f + F5 D185; # small kh + F6 D186; # small ts + F7 D187; # small ch + F8 D188; # small sh + F9 D189; # small shch + FA D18A; # small hard sign + FB D18B; # small y + FC D18C; # small soft sign + FD D18D; # small e + FE D18E; # small yu + FF D18F; # small ya +} diff --git a/nginx/nginx.bak-revert-debian/proxy_params b/nginx/nginx.bak-revert-debian/proxy_params new file mode 100644 index 0000000..df75bc5 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/nginx.bak-revert-debian/scgi_params b/nginx/nginx.bak-revert-debian/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/nginx/nginx.bak-revert-debian/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/nginx/nginx.bak-revert-debian/sites-available/business.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/sites-available/business.itguys.com.br.conf new file mode 100644 index 0000000..0b2e6df --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/business.itguys.com.br.conf @@ -0,0 +1,96 @@ +# Ficheiro: /etc/nginx/sites-available/business.itguys.com.br.conf +# +# Configuração de Proxy Reverso padrão para um site de negócios, com acesso público +# e uma estratégia de cache otimizada. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + if ($host = business.itguys.com.br) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + server_name business.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Permite a validação do Let's Encrypt. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + # Redireciona todo o outro tráfego para a versão segura. + location / { + return 301 https://$host$request_uri; + } + + +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name business.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança SSL --- + # O Certbot irá gerir estas linhas. Lembre-se de o executar para este domínio. + #ssl_certificate /etc/letsencrypt/live/business.itguys.com.br/fullchain.pem; + #ssl_certificate_key /etc/letsencrypt/live/business.itguys.com.br/privkey.pem; + #ssl_trusted_certificate /etc/letsencrypt/live/business.itguys.com.br/fullchain.pem; + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos de segurança. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # Não incluímos a trava de rede interna para permitir o acesso público. + # Usa o robots.txt restritivo por padrão. Se este site precisa de ser indexado, + # remova esta linha e configure o robots.txt no backend. + include /etc/nginx/snippets/global_robots.conf; + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + # Usa a nossa zona de cache pública. + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + # Regra geral: NÃO cachear nada por defeito. + proxy_no_cache 1; + proxy_cache_bypass 1; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # 1. Rota para Ficheiros Estáticos (Cache Agressivo) + # Apanha a "casca" da aplicação para acelerar o carregamento. + location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/cache_static_assets.conf; + proxy_pass http://172.16.121.13; + } + + # 2. Rota Principal para a Aplicação (Cache Curto) + # Apanha todo o resto do tráfego (páginas HTML, APIs, etc.). + location / { + # Ativa o cache, mas por um período curto (5 minutos). + # Isto acelera a navegação sem o risco de mostrar conteúdo muito desatualizado. + proxy_no_cache 0; + proxy_cache_bypass 0; + proxy_cache_valid 200 5m; + + include /etc/nginx/snippets/proxy_params.conf; + # Se a aplicação usar WebSockets, inclua o snippet abaixo. + # include /etc/nginx/snippets/websocket_params.conf; + + proxy_pass http://172.16.121.13; + } + + ssl_certificate /etc/letsencrypt/live/business.itguys.com.br/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/business.itguys.com.br/privkey.pem; # managed by Certbot +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/cloud.grupopralog.com.br.conf b/nginx/nginx.bak-revert-debian/sites-available/cloud.grupopralog.com.br.conf new file mode 100644 index 0000000..706ddea --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/cloud.grupopralog.com.br.conf @@ -0,0 +1,91 @@ +# Ficheiro: /etc/nginx/sites-available/cloud.grupopralog.com.br.conf +# +# Configuração de Proxy Reverso de ALTA PERFORMANCE para Nextcloud, +# incluindo cache privado de curta duração para a interface dinâmica. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name cloud.grupopralog.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + location /.well-known/acme-challenge/ { root /var/www/html; } + location / { return 301 https://$host$request_uri; } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name cloud.grupopralog.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança SSL --- + ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem; + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + include /etc/nginx/snippets/global_robots.conf; + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- Parâmetros Gerais --- + client_max_body_size 10G; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + # A ordem destas regras é CRUCIAL. + + # 1. Redirecionamentos para CalDAV e CardDAV + location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } + location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } + + # 2. Rota para Ficheiros Estáticos (Cache Agressivo) + location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/cache_immutable_static.conf; # Usa o nosso cache mais agressivo + proxy_pass http://172.16.253.12; + } + + # 3. Rota para Sincronização de Ficheiros (WebDAV, etc.) - SEM CACHE + location ~ ^/(remote|dav|carddav|caldav) { + proxy_no_cache 1; + proxy_cache_bypass 1; + proxy_buffering off; + proxy_request_buffering off; + proxy_read_timeout 3600s; + include /etc/nginx/snippets/proxy_params.conf; + proxy_pass http://172.16.253.12; + } + + # 4. Rota Principal para a Aplicação (CACHE PRIVADO DE CURTA DURAÇÃO) + location / { + # Usa a nossa zona de cache dedicada 'nextcloud_private_cache'. + proxy_cache nextcloud_private_cache; + # A "CHAVE" PESSOAL DE CADA UTILIZADOR. Usa o cookie de sessão do Nextcloud. + proxy_cache_key "$scheme$proxy_host$request_uri$cookie_ocrx6w0vy907"; + # Cacheia por um tempo muito curto: 1 minuto. + proxy_cache_valid 200 1m; + # Ignora e esconde os cabeçalhos de sessão para permitir o cache. + proxy_ignore_headers Expires Cache-Control Set-Cookie; + proxy_hide_header Set-Cookie; + # Adiciona um cabeçalho de depuração para este cache. + add_header X-Private-Cache $upstream_cache_status; + # O cache SÓ é usado para requisições GET. POST, PUT, DELETE, etc., são passadas diretamente. + proxy_cache_methods GET HEAD; + + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/websocket_params.conf; + + proxy_pass http://172.16.253.12; + } +} + + diff --git a/nginx/nginx.bak-revert-debian/sites-available/default b/nginx/nginx.bak-revert-debian/sites-available/default new file mode 100644 index 0000000..335c876 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/default @@ -0,0 +1,93 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## +# TESTE +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; + add_header Alt-Svc 'h3=":443"; ma=86400'; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/nginx/nginx.bak-revert-debian/sites-available/default-catchall b/nginx/nginx.bak-revert-debian/sites-available/default-catchall new file mode 100644 index 0000000..ad6e2d9 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/default-catchall @@ -0,0 +1,37 @@ +# Este é o server block "catch-all" (padrão). +# Ele responderá a qualquer requisição que não corresponda a um dos seus sites. + +server { + # Escuta na porta 80 para IPv4 e IPv6 e se declara o servidor padrão. + listen 80 default_server; + listen [::]:80 default_server; + + # Também escuta na porta 443 para pegar requisições HTTPS diretas ao IP. + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + # Usa um certificado "snakeoil" auto-assinado que já vem com o Debian. + # O navegador dará um aviso de certificado, o que é esperado e ajuda a + # desencorajar o acesso pelo IP. + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + # O server_name "_" é uma forma especial de capturar qualquer hostname + add_header Alt-Svc 'h3=":443"; ma=86400'; + # que não tenha sido definido em outros arquivos de configuração. + server_name _; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Adicione esta linha para dizer ao navegador que a resposta é uma página web + charset utf-8; + default_type text/html; + + # Desativa os logs para essas requisições, para não poluir seus arquivos. + access_log off; + log_not_found off; + + # Esta é a mágica: em vez de servir um arquivo, o Nginx retorna + # diretamente este conteúdo HTML. A variável $host será substituída + # pelo endereço de IP que o visitante usou para chegar aqui. + return 200 'Acesso Indevido

Acesso por Endereço de IP

Você tentou acessar este servidor usando o endereço: $host.

Para acessar o site hospedado aqui, por favor, use a URL correta (ex: www.meusite.com).

'; +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/default-modsecurity.conf b/nginx/nginx.bak-revert-debian/sites-available/default-modsecurity.conf new file mode 100644 index 0000000..3d8b3fd --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/default-modsecurity.conf @@ -0,0 +1,98 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Enable ModSecurity WAF, if need + #modsecurity on; + # Load ModSecurity CRS, if need + #modsecurity_rules_file /etc/nginx/modsecurity_includes.conf; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; + add_header Alt-Svc 'h3=":443"; ma=86400'; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/nginx/nginx.bak-revert-debian/sites-available/dns-primario.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/dns-primario.itguys.com.br new file mode 100644 index 0000000..2eaf37e --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/dns-primario.itguys.com.br @@ -0,0 +1,63 @@ +# Bloco para redirecionar todo o tráfego HTTP para HTTPS +server { + listen 80; + listen [::]:80; + server_name dns-primario.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name dns-primario.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # O Certbot irá gerenciar estas linhas + # ssl_certificate /etc/letsencrypt/live/ns1.itguys.com.br/fullchain.pem; + # ssl_certificate_key /etc/letsencrypt/live/ns1.itguys.com.br/privkey.pem; + include /etc/nginx/snippets/global_robots.conf; + include /etc/nginx/snippets/internal_networks.conf; + + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- CABEÇALHOS DE PROXY GLOBAIS --- + # Colocados aqui, eles serão herdados por TODAS as localizações abaixo. + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_ssl_verify off; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + proxy_no_cache 1; # Regra geral: NÃO cachear + proxy_cache_bypass 1; + + # --- LOCALIZAÇÃO PARA ARQUIVOS ESTÁTICOS (CACHE ATIVADO) --- + # Este é o primeiro bloco "irmão" + location ~* \.(css|js|jpg|jpeg|gif|png|ico|svg|webp|ttf|woff2)$ { + proxy_no_cache 0; # Ativa o cache para esta localização + proxy_cache_bypass 0; + proxy_cache_valid 200 60m; + + proxy_pass https://172.16.254.252:53443; + } + + # --- LOCALIZAÇÃO PRINCIPAL (SEM CACHE) --- + # Este é o segundo bloco "irmão", ele pega todo o resto. + location / { + # O cache permanece desativado aqui por herdar da regra geral + proxy_pass https://172.16.254.252:53443; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/git.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/sites-available/git.itguys.com.br.conf new file mode 100644 index 0000000..ad70409 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/git.itguys.com.br.conf @@ -0,0 +1,112 @@ +# Ficheiro: /etc/nginx/sites-available/git.itguys.com.br.conf +# +# Configuração de Proxy Reverso com Cache Inteligente e suporte para operações Git sobre HTTP/S. +# Esta versão é para acesso público e NÃO usa HTTP/3. + +# ============================================================================== +# BLOCO HTTP: Redirecionar todo o tráfego inseguro para HTTPS +# ============================================================================== +server { + if ($host = git.itguys.com.br) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + server_name git.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Regra especial para a validação do Let's Encrypt funcionar corretamente. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + location / { + return 301 https://$host$request_uri; + } + + +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + # --- Configuração de Escuta (Apenas TCP para HTTP/2) --- + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + + server_name git.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + include /etc/nginx/snippets/global_robots.conf; + # --- Cabeçalhos de Segurança --- + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # --- Configurações de Log --- + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA E SEGURA --- + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + proxy_no_cache 1; + proxy_cache_bypass 1; + + # --- LOCALIZAÇÃO PARA OPERAÇÕES GIT (SEM CACHE, TIMEOUTS LONGOS) --- + # Esta regra é a mais importante. Ela captura as URLs usadas pelos clientes Git. + location ~ /.*/(git-upload-pack|git-receive-pack|info/refs|HEAD|objects) { + # DESATIVA o cache completamente para estas operações. + proxy_no_cache 1; + proxy_cache_bypass 1; + + # Aumenta os timeouts para 1 hora para suportar pushes e pulls grandes. + proxy_read_timeout 3600s; + proxy_send_timeout 300s; + + # Desativa o buffering para permitir o streaming de grandes volumes de dados. + proxy_buffering off; + proxy_request_buffering off; + + proxy_pass http://10.10.253.128; + + # Cabeçalhos de proxy essenciais + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # --- LOCALIZAÇÃO PARA FICHEIROS ESTÁTICOS (CACHE ATIVADO) --- + # Esta regra captura ficheiros que são seguros para cachear (interface do Gitea). + location ~* \.(jpg|jpeg|gif|png|webp|svg|css|js|ico|woff2|ttf)$ { + # Ativa o cache apenas para estes ficheiros. + proxy_no_cache 0; + proxy_cache_bypass 0; + proxy_cache_valid 200 60m; + + proxy_pass http://10.10.253.128; + proxy_set_header Host $host; + } + + # --- LOCALIZAÇÃO PRINCIPAL PARA A INTERFACE WEB (SEM CACHE) --- + # Esta regra apanha todo o resto do tráfego (páginas, APIs, WebSockets). + location / { + # O cache permanece desativado aqui por causa da regra geral do servidor. + proxy_pass http://10.10.253.128; + + # Cabeçalhos essenciais para que a interface e os WebSockets funcionem. + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + ssl_certificate /etc/letsencrypt/live/git.itguys.com.br/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.itguys.com.br/privkey.pem; # managed by Certbot +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/itguys.com.br.conf b/nginx/nginx.bak-revert-debian/sites-available/itguys.com.br.conf new file mode 100644 index 0000000..bc5628c --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/itguys.com.br.conf @@ -0,0 +1,105 @@ +# Ficheiro: /etc/nginx/sites-available/itguys.com.br.conf +# +# Configuração de Proxy Reverso OTIMIZADA com redirecionamento canónico +# para o site itguys.com.br. Esta versão usa snippets para a máxima +# consistência e permite a indexação por motores de busca. + +# ============================================================================== +# BLOCO 1: Redirecionar todo o tráfego da porta 80 para a versão segura COM WWW +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name itguys.com.br www.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + location / { + return 301 https://www.itguys.com.br$request_uri; + } +} + +# ============================================================================== +# BLOCO 2: Redirecionar o tráfego HTTPS SEM WWW para a versão COM WWW +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; + + return 301 https://www.itguys.com.br$request_uri; +} + +# ============================================================================== +# BLOCO 3: O SERVIDOR PRINCIPAL E CANÓNICO (HTTPS COM WWW) +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name www.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança --- + ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # NÃO incluímos o robots_block_all.conf aqui para permitir a indexação pelo Google. + # O ficheiro robots.txt deve ser gerido pelo servidor de backend. + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + proxy_no_cache 1; + proxy_cache_bypass 1; + # Inclui os nossos cabeçalhos de proxy padrão (Host, X-Real-IP, etc.). + include /etc/nginx/snippets/proxy_params.conf; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # Localização para o formulário (sem cache) + location = /php/enviar.php { + proxy_no_cache 1; + proxy_cache_bypass 1; + proxy_pass http://172.16.12.17:80; + } + + # Localização para ficheiros estáticos (cache agressivo) + location ~* \.(jpg|jpeg|gif|png|webp|svg|css|js|ico|woff2|ttf|json)$ { + # Usa o nosso snippet de cache mais agressivo para a máxima performance. + include /etc/nginx/snippets/cache_static_assets.conf; + proxy_pass http://172.16.12.17:80; + } + + # Localização para páginas HTML estáticas (cache longo) + location ~* ^/(Sobre|Serviços)\.html$ { + proxy_no_cache 0; + proxy_cache_bypass 0; + proxy_cache_valid 200 1h; + proxy_pass http://172.16.12.17:80; + } + + # Localização principal para o resto do site (cache curto) + location / { + proxy_no_cache 0; + proxy_cache_bypass 0; + proxy_cache_valid 200 5m; + proxy_pass http://172.16.12.17:80; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/katalog.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/katalog.itguys.com.br new file mode 100644 index 0000000..461aa10 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/katalog.itguys.com.br @@ -0,0 +1,79 @@ +# Ficheiro: /etc/nginx/sites-available/katalog.itguys.com.br.conf +# +# Configuração de Proxy Reverso OTIMIZADA para Snipe-IT. +# Esta versão usa snippets, inclui cache para ficheiros estáticos e está restrita à rede interna. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name katalog.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Permite a validação do Let's Encrypt, mesmo com a trava de rede na porta 443. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + # Redireciona todo o outro tráfego para a versão segura. + location / { + return 301 https://$host$request_uri; + } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name katalog.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança SSL --- + ssl_certificate /etc/letsencrypt/live/katalog.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/katalog.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/katalog.itguys.com.br/fullchain.pem; + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. + include /etc/nginx/snippets/internal_networks.conf; + # Bloqueia a indexação por motores de busca. + include /etc/nginx/snippets/global_robots.conf; + # Usa o nosso formato de log JSON detalhado. + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + # Usa a nossa zona de cache pública. + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + # Regra geral: NÃO cachear nada por defeito. Isto protege todo o conteúdo dinâmico. + proxy_no_cache 1; + proxy_cache_bypass 1; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # 1. Rota para Ficheiros Estáticos (Cache Agressivo) + # Apanha a "casca" da aplicação Snipe-IT para acelerar o carregamento. + location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/cache_static_assets.conf; + + proxy_pass http://10.10.253.112; + } + + # 2. Rota Principal para a Aplicação (SEM CACHE) + # Apanha todo o resto do tráfego (páginas, relatórios, APIs, etc.). + location / { + include /etc/nginx/snippets/proxy_params.conf; + + proxy_pass http://10.10.253.112; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/mimir.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/mimir.itguys.com.br new file mode 100644 index 0000000..449f67f --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/mimir.itguys.com.br @@ -0,0 +1,82 @@ +# Ficheiro: /etc/nginx/sites-available/mimir.itguys.com.br.conf +# +# Configuração de Proxy Reverso OTIMIZADA para Zabbix. +# Esta versão usa snippets, inclui cache para ficheiros estáticos e está restrita à rede interna. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name mimir.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Permite a validação do Let's Encrypt, mesmo com a trava de rede na porta 443. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + # Redireciona todo o outro tráfego para a versão segura. + location / { + return 301 https://$host$request_uri; + } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name mimir.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança SSL --- + ssl_certificate /etc/letsencrypt/live/mimir.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mimir.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/mimir.itguys.com.br/fullchain.pem; + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. + include /etc/nginx/snippets/internal_networks.conf; + # Bloqueia a indexação por motores de busca. + include /etc/nginx/snippets/global_robots.conf; + # Usa o nosso formato de log JSON detalhado. + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + # Usa a nossa zona de cache pública. + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + # Regra geral: NÃO cachear nada por defeito. Isto protege todo o conteúdo dinâmico. + proxy_no_cache 1; + proxy_cache_bypass 1; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # 1. Rota para Ficheiros Estáticos (Cache Agressivo) + # Apanha a "casca" da aplicação Zabbix para acelerar o carregamento. + location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/cache_static_assets.conf; + + proxy_pass http://172.16.254.11; + } + + # 2. Rota Principal para a Aplicação (SEM CACHE) + # Apanha todo o resto do tráfego (zabbix.php, dashboards, APIs, etc.). + location / { + include /etc/nginx/snippets/proxy_params.conf; + # Embora o Zabbix não use WebSockets de forma intensiva, incluir este snippet + # não prejudica e mantém a configuração padronizada. + include /etc/nginx/snippets/websocket_params.conf; + + proxy_pass http://172.16.254.11; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/monitoramento.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/monitoramento.itguys.com.br new file mode 100644 index 0000000..bf63f11 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/monitoramento.itguys.com.br @@ -0,0 +1,83 @@ +# Ficheiro: /etc/nginx/sites-available/monitoramento.itguys.com.br.conf +# +# Configuração de Proxy Reverso OTIMIZADA para Grafana. +# Esta versão usa snippets, inclui suporte a WebSockets e está restrita à rede interna. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name monitoramento.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Permite a validação do Let's Encrypt, mesmo com a trava de rede. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + # Redireciona todo o outro tráfego para a versão segura. + location / { + return 301 https://$host$request_uri; + } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name monitoramento.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança SSL --- + ssl_certificate /etc/letsencrypt/live/monitoramento.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/monitoramento.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/monitoramento.itguys.com.br/fullchain.pem; + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # Bloqueia a indexação por motores de busca. + include /etc/nginx/snippets/global_robots.conf; + # Usa o nosso formato de log JSON detalhado. + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + # Usa a nossa zona de cache pública. + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + # Regra geral: NÃO cachear nada por defeito. + proxy_no_cache 1; + proxy_cache_bypass 1; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # 1. Rota para Ficheiros Estáticos do Grafana (CACHE ATIVADO) + # O Grafana serve a sua "casca" (CSS, JS, etc.) a partir do caminho /public/ + location /public/ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/cache_static_assets.conf; + proxy_pass http://172.16.254.13:3000; + } + + # 2. Rota para WebSockets do Grafana (SEM CACHE) + # Essencial para os dashboards com atualização em tempo real. + location /api/live/ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/websocket_params.conf; + proxy_pass http://172.16.254.13:3000; + } + + # 3. Rota Principal para a Aplicação (SEM CACHE) + # Apanha todo o resto do tráfego (dashboards, APIs, etc.). + location / { + include /etc/nginx/snippets/proxy_params.conf; + proxy_pass http://172.16.254.13:3000; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/ns1.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/ns1.itguys.com.br new file mode 100644 index 0000000..24939ec --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/ns1.itguys.com.br @@ -0,0 +1,80 @@ +# Ficheiro: /etc/nginx/sites-available/ns1.itguys.com.br.conf +# +# Configuração de Proxy Reverso OTIMIZADA para a interface web de um servidor DNS (Technitium). +# Esta versão usa snippets, inclui suporte a WebSockets e está restrita à rede interna. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name ns1.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Permite a validação do Let's Encrypt, mesmo com a trava de rede. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + # Redireciona todo o outro tráfego para a versão segura. + location / { + return 301 https://$host$request_uri; + } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name ns1.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. + include /etc/nginx/snippets/internal_networks.conf; + # Bloqueia a indexação por motores de busca. + include /etc/nginx/snippets/global_robots.conf; + # Usa o nosso formato de log JSON detalhado. + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + # Usa a nossa zona de cache pública. + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + # Regra geral: NÃO cachear nada por defeito. + proxy_no_cache 1; + proxy_cache_bypass 1; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # 1. Rota para Ficheiros Estáticos (Cache Agressivo) + # Apanha a "casca" da aplicação para acelerar o carregamento. + location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/cache_static_assets.conf; + # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. + proxy_ssl_verify off; + proxy_pass https://172.16.254.253:53443; + } + + # 2. Rota Principal para a Aplicação (SEM CACHE, com WebSockets) + # Apanha todo o resto do tráfego (a interface, as APIs, etc.). + location / { + include /etc/nginx/snippets/proxy_params.conf; + # Inclui os parâmetros para WebSockets, essenciais para as atualizações em tempo real. + include /etc/nginx/snippets/websocket_params.conf; + # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. + proxy_ssl_verify off; + + proxy_pass https://172.16.254.253:53443; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/ns2.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/ns2.itguys.com.br new file mode 100644 index 0000000..5bdedbf --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/ns2.itguys.com.br @@ -0,0 +1,80 @@ +# Ficheiro: /etc/nginx/sites-available/ns2.itguys.com.br.conf +# +# Configuração de Proxy Reverso OTIMIZADA para a interface web de um servidor DNS (Technitium). +# Esta versão usa snippets, inclui suporte a WebSockets e está restrita à rede interna. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name ns2.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Permite a validação do Let's Encrypt, mesmo com a trava de rede. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + # Redireciona todo o outro tráfego para a versão segura. + location / { + return 301 https://$host$request_uri; + } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name ns2.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. + include /etc/nginx/snippets/internal_networks.conf; + # Bloqueia a indexação por motores de busca. + include /etc/nginx/snippets/global_robots.conf; + # Usa o nosso formato de log JSON detalhado. + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + # Usa a nossa zona de cache pública. + proxy_cache zabbix_cache; + add_header X-Proxy-Cache $upstream_cache_status; + # Regra geral: NÃO cachear nada por defeito. + proxy_no_cache 1; + proxy_cache_bypass 1; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # 1. Rota para Ficheiros Estáticos (Cache Agressivo) + # Apanha a "casca" da aplicação para acelerar o carregamento. + location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { + include /etc/nginx/snippets/proxy_params.conf; + include /etc/nginx/snippets/cache_static_assets.conf; + # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. + proxy_ssl_verify off; + proxy_pass https://172.16.254.251:53443; + } + + # 2. Rota Principal para a Aplicação (SEM CACHE, com WebSockets) + # Apanha todo o resto do tráfego (a interface, as APIs, etc.). + location / { + include /etc/nginx/snippets/proxy_params.conf; + # Inclui os parâmetros para WebSockets, essenciais para as atualizações em tempo real. + include /etc/nginx/snippets/websocket_params.conf; + # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. + proxy_ssl_verify off; + + proxy_pass https://172.16.254.251:53443; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/proxy.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/proxy.itguys.com.br new file mode 100644 index 0000000..78c7890 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/proxy.itguys.com.br @@ -0,0 +1,71 @@ +server { + if ($host = proxy.itguys.com.br) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name proxy.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # ---- CONTROLE DE ACESSO ---- + # 1. Inclui o arquivo de restrição de IPs + #include /etc/nginx/conf.d/internal_networks.conf; + # ---- FIM DO CONTROLE DE ACESSO ---- + + # Redireciona para HTTPS + location / { + return 301 https://$host$request_uri; + } + + +} + +server { + listen 443 ssl http2; + listen 443 quic reuseport; + server_name proxy.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- CAMINHO PARA OS CERTIFICADOS SSL (Será preenchido pelo Certbot) --- + # ssl_certificate /etc/letsencrypt/live/proxy.itguys.com.br/fullchain.pem; + # ssl_certificate_key /etc/letsencrypt/live/proxy.itguys.com.br/privkey.pem; + + # ---- CONTROLE DE ACESSO (Repetido para HTTPS) ---- + include /etc/nginx/conf.d/internal_networks.conf; + error_page 403 @acesso_negado; + + # Localização do relatório HTML estático + location / { + root /var/www/html/goaccess; + index report.html; + } + + # Localização do WebSocket para atualizações em tempo real + location /ws { + # O GoAccess por padrão abre o websocket na porta 7890 + proxy_pass http://127.0.0.1:7890; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + # ------------------------------------------------------------------- + # ---- BLOCO QUE GERA A NOSSA PÁGINA DE ERRO 403 PERSONALIZADA ---- + # + # O @ significa que esta é uma localização "nomeada" e só pode ser + # acessada internamente pelo Nginx, não diretamente por um usuário. + location @acesso_negado { + default_type text/html; + charset utf-8; + + # Retornamos o código de status 403 (correto para o erro) + # mas com o nosso próprio conteúdo HTML. + # A variável $remote_addr mostrará ao usuário o IP que foi bloqueado. + return 403 'Acesso Negado

403 - Acesso Negado

O acesso a este recurso é restrito e permitido apenas a partir de redes autorizadas.

Seu endereço de IP ($remote_addr) não está na lista de permissões.

'; + } + # ------------------------------------------------------------------- + + ssl_certificate /etc/letsencrypt/live/proxy.itguys.com.br/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/proxy.itguys.com.br/privkey.pem; # managed by Certbot +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/telefonia.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/sites-available/telefonia.itguys.com.br.conf new file mode 100644 index 0000000..2964266 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/telefonia.itguys.com.br.conf @@ -0,0 +1,68 @@ +# Ficheiro: /etc/nginx/sites-available/telefonia.itguys.com.br.conf +# +# Configuração de Proxy Reverso OTIMIZADA para a interface web do MagnusBilling. +# Esta versão usa snippets para modularidade, inclui suporte a WebSockets e +# está restrita à rede interna. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name telefonia.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # Permite a validação do Let's Encrypt, que acontece na porta 80. + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + # Redireciona todo o outro tráfego para a versão segura. + location / { + return 301 https://$host$request_uri; + } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name telefonia.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança SSL --- + ssl_certificate /etc/letsencrypt/live/telefonia.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/telefonia.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/telefonia.itguys.com.br/fullchain.pem; + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. + include /etc/nginx/snippets/internal_networks.conf; + # Bloqueia a indexação por motores de busca. + include /etc/nginx/snippets/global_robots.conf; + # Usa o nosso formato de log JSON detalhado. + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # --- Rota Principal para a Aplicação --- + # Como a interface do MagnusBilling é totalmente dinâmica, não aplicamos + # nenhuma regra de cache para garantir que os dados estejam sempre atualizados. + location / { + # Inclui os cabeçalhos de proxy padrão (Host, X-Real-IP, etc.). + include /etc/nginx/snippets/proxy_params.conf; + + # Inclui os parâmetros para WebSockets, que podem ser necessários + # para atualizações em tempo real na interface. + include /etc/nginx/snippets/websocket_params.conf; + + # Encaminha o tráfego para o seu servidor MagnusBilling. + proxy_pass http://172.16.254.130; + } +} diff --git a/nginx/nginx.bak-revert-debian/sites-available/zammad.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/sites-available/zammad.itguys.com.br.conf new file mode 100644 index 0000000..bfb096b --- /dev/null +++ b/nginx/nginx.bak-revert-debian/sites-available/zammad.itguys.com.br.conf @@ -0,0 +1,81 @@ +# Ficheiro: /etc/nginx/sites-available/zammad.itguys.com.br.conf +# +# TEMPLATE DE CONFIGURAÇÃO OTIMIZADO PARA APLICAÇÕES WEB MODERNAS +# Este ficheiro foi reescrito para usar snippets, tornando-o mais limpo, seguro e fácil de manter. +# Acesso: RESTRITO À REDE INTERNA. + +# ============================================================================== +# BLOCO HTTP: Redirecionar para HTTPS +# ============================================================================== +server { + listen 80; + listen [::]:80; + server_name zammad.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + location /.well-known/acme-challenge/ { root /var/www/html; } + location / { return 301 https://$host$request_uri; } +} + +# ============================================================================== +# BLOCO HTTPS: O Coração da nossa Configuração +# ============================================================================== +server { + listen 443 ssl http2; + listen 443 quic reuseport; + listen [::]:443 ssl http2; + listen [::]:443 quic reuseport; + server_name zammad.itguys.com.br; + add_header Alt-Svc 'h3=":443"; ma=86400'; + + # --- Certificados e Segurança SSL --- + ssl_certificate /etc/letsencrypt/live/zammad.itguys.com.br/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/zammad.itguys.com.br/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/zammad.itguys.com.br/fullchain.pem; + # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. + include /etc/nginx/snippets/ssl_params.conf; + + # --- Políticas de Acesso e Logs --- + # A CORREÇÃO ESTÁ AQUI: A trava de rede é incluída APENAS neste ficheiro de site. + include /etc/nginx/snippets/internal_networks.conf; + include /etc/nginx/snippets/global_robots.conf; + access_log /var/log/nginx/access.log detailed_proxy; + error_log /var/log/nginx/error.log; + + # Aumenta o tamanho máximo do corpo da requisição para permitir anexos grandes. + client_max_body_size 50M; + + # --- ESTRATÉGIA DE CACHE HÍBRIDA --- + proxy_cache zammad_cache; + add_header X-Proxy-Cache $upstream_cache_status; + proxy_no_cache 1; # Regra geral: NÃO cachear por defeito. + proxy_cache_bypass 1; + + # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- + + # 1. Localização para Ficheiros Estáticos (CACHE ATIVADO) + location /assets/ { + # Inclui o nosso "kit" de cache para ficheiros estáticos. + include /etc/nginx/snippets/cache_static_assets.conf; + # Inclui os cabeçalhos de proxy padrão. + include /etc/nginx/snippets/proxy_params.conf; + proxy_pass http://172.16.254.59; + } + + # 2. Localização para WebSockets (SEM CACHE) + location /ws { + # Inclui os cabeçalhos de proxy padrão. + include /etc/nginx/snippets/proxy_params.conf; + # Inclui os parâmetros específicos para WebSockets. + include /etc/nginx/snippets/websocket_params.conf; + + # Encaminha para a porta correta do serviço de WebSocket do Zammad. + proxy_pass http://172.16.254.59:6042; + } + + # 3. Localização Principal para a Aplicação (SEM CACHE) + location / { + # Inclui os cabeçalhos de proxy padrão. + include /etc/nginx/snippets/proxy_params.conf; + proxy_pass http://172.16.254.59; + } +} diff --git a/nginx/nginx.bak-revert-debian/snippets/cache_immutable_static.conf b/nginx/nginx.bak-revert-debian/snippets/cache_immutable_static.conf new file mode 100644 index 0000000..4b11ce7 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/cache_immutable_static.conf @@ -0,0 +1,22 @@ +# /etc/nginx/snippets/cache_immutable_static.conf +# +# Snippet de cache EXTREMAMENTE agressivo para ficheiros estáticos que usam +# a técnica de "cache busting" (como o Nextcloud). + +# Ativa o cache para esta localização, usando a nossa zona de cache estática. +proxy_cache static_cache; +proxy_no_cache 0; +proxy_cache_bypass 0; + +# Otimizações de alta disponibilidade. +proxy_cache_lock on; +proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + +# Define que as respostas válidas ficam no cache do Nginx por 30 dias. +proxy_cache_valid 200 30d; + +# --- A OTIMIZAÇÃO MÁXIMA --- +# Instrui o NAVEGADOR do cliente a guardar uma cópia por 1 ANO e a NUNCA a revalidar. +# A flag 'immutable' diz ao navegador: "Este ficheiro nunca mudará. Não volte a pedi-lo." +expires 1y; +add_header Cache-Control "public, immutable"; diff --git a/nginx/nginx.bak-revert-debian/snippets/cache_static_assets.conf b/nginx/nginx.bak-revert-debian/snippets/cache_static_assets.conf new file mode 100644 index 0000000..1e26146 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/cache_static_assets.conf @@ -0,0 +1,30 @@ +# /etc/nginx/snippets/cache_aggressive_static.conf +# +# Snippet de cache agressivo para ficheiros estáticos que raramente mudam. +# AVISO: Só use isto se os seus ficheiros tiverem nomes únicos a cada deploy (técnica de "cache busting"). + +# --- Configuração do Cache do Nginx --- + +# Ativa o cache para esta localização, usando a zona de cache 'static_cache'. +# Garanta que esta zona está definida no seu /etc/nginx/nginx.conf. +proxy_cache static_cache; +# Define que as respostas válidas ficam no cache do Nginx por 30 dias. +proxy_cache_valid 200 301 302 30d; +# Cacheia erros de "Não Encontrado" por um período curto. +proxy_cache_valid 404 1m; +# Em caso de erro no backend, serve uma versão antiga do cache em vez de mostrar um erro. +proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; +# Ativa explicitamente o cache para esta localização. +proxy_no_cache 0; +proxy_cache_bypass 0; +# Otimização que impede que múltiplas requisições para o mesmo recurso em falta atinjam o backend. +proxy_cache_lock on; + +# --- Configuração do Cache do Cliente (Navegador) --- + +# Instrui o NAVEGADOR do cliente a guardar uma cópia por 30 dias e a nunca a revalidar. +# 'immutable' é uma otimização de performance poderosa. +add_header Cache-Control "public, immutable, max-age=2592000"; + +# Adiciona um cabeçalho de depuração para vermos o status do cache (HIT/MISS/BYPASS). +add_header X-Cache-Status $upstream_cache_status; diff --git a/nginx/nginx.bak-revert-debian/snippets/compression_params.conf b/nginx/nginx.bak-revert-debian/snippets/compression_params.conf new file mode 100644 index 0000000..0c92b8b --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/compression_params.conf @@ -0,0 +1,19 @@ +# /etc/nginx/snippets/compression_params.conf +# +# Configurações otimizadas para compressão Brotli e Gzip. +# --- Brotli (Prioridade 1, se o navegador suportar) --- +brotli on; +brotli_types text/plain text/css text/xml application/javascript application/json application/xml image/svg+xml; +brotli_comp_level 6; + +# --- Gzip (Fallback, para navegadores antigos) --- +# Ativa a compressão Gzip. +gzip on; +# Define os mesmos tipos de ficheiros. +gzip_types text/plain text/css application/json application/javascript text/xml application/xml image/svg+xml; +# Diz aos proxies para não modificarem o cabeçalho. +gzip_proxied any; +# Nível de compressão. +gzip_comp_level 6; +# Adiciona um cabeçalho para que os proxies saibam que o conteúdo varia com base na compressão. +gzip_vary on; diff --git a/nginx/nginx.bak-revert-debian/snippets/fastcgi-php.conf b/nginx/nginx.bak-revert-debian/snippets/fastcgi-php.conf new file mode 100644 index 0000000..467a9e7 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/fastcgi-php.conf @@ -0,0 +1,13 @@ +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info ^(.+?\.php)(/.*)$; + +# Check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +fastcgi_index index.php; +include fastcgi.conf; diff --git a/nginx/nginx.bak-revert-debian/snippets/global_robots.conf b/nginx/nginx.bak-revert-debian/snippets/global_robots.conf new file mode 100644 index 0000000..9645eae --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/global_robots.conf @@ -0,0 +1,13 @@ +# /etc/nginx/conf.d/global_robots.conf +# +# Esta configuração serve um ficheiro robots.txt genérico e restritivo +# para TODOS os sites servidos por este Nginx. + +location = /robots.txt { + # Adiciona um log para sabermos quando este ficheiro foi acedido. + access_log /var/log/nginx/robots.log; + + # Retorna o código de status 200 (OK) com o tipo de conteúdo 'text/plain'. + # O conteúdo é gerado diretamente aqui, sem precisar de um ficheiro físico. + return 200 "User-agent: *\nDisallow: /\n"; +} diff --git a/nginx/nginx.bak-revert-debian/snippets/internal_networks.conf b/nginx/nginx.bak-revert-debian/snippets/internal_networks.conf new file mode 100644 index 0000000..890fe4b --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/internal_networks.conf @@ -0,0 +1,6 @@ +# Redes internas permitidas +allow 172.16.254.0/24; # Rede Infraestrutura +allow 10.10.253.0/24; # Rede Lan +allow 10.11.0.0/24; # Rede VPN +allow 10.10.5.6; # Maquina Vitor dentro da Enseg +deny all; # Bloqueia todos os outros diff --git a/nginx/nginx.bak-revert-debian/snippets/proxy_params.conf b/nginx/nginx.bak-revert-debian/snippets/proxy_params.conf new file mode 100644 index 0000000..8b1a7e6 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/proxy_params.conf @@ -0,0 +1,17 @@ +# /etc/nginx/snippets/proxy_params.conf +# +# Snippet com os cabeçalhos de proxy padrão e essenciais. +# Estes cabeçalhos garantem que a aplicação de backend receba +# informações cruciais sobre a requisição original do cliente. + +# Passa o nome do host original pedido pelo cliente. Essencial para aplicações multi-tenant. +proxy_set_header Host $host; + +# Passa o endereço de IP real do cliente. +proxy_set_header X-Real-IP $remote_addr; + +# Passa uma lista de todos os IPs pelos quais a requisição passou (incluindo o do cliente). +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + +# Informa ao backend se a conexão original foi HTTP ou HTTPS. +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/nginx.bak-revert-debian/snippets/snakeoil.conf b/nginx/nginx.bak-revert-debian/snippets/snakeoil.conf new file mode 100644 index 0000000..ad26c3e --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/snakeoil.conf @@ -0,0 +1,5 @@ +# Self signed certificates generated by the ssl-cert package +# Don't use them in a production server! + +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/nginx/nginx.bak-revert-debian/snippets/ssl_params.conf b/nginx/nginx.bak-revert-debian/snippets/ssl_params.conf new file mode 100644 index 0000000..9e6dfb8 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/ssl_params.conf @@ -0,0 +1,41 @@ +# /etc/nginx/snippets/ssl_params.conf +# +# Parâmetros de SSL e segurança centralizados, otimizados e reutilizáveis. +# --- Configurações de Protocolo e Cifras --- +# Permite apenas os protocolos TLS modernos e seguros. +ssl_protocols TLSv1.2 TLSv1.3; + +# Dá preferência às cifras do servidor, que nós definimos como seguras. +ssl_prefer_server_ciphers on; + +# Lista de cifras modernas, seguras e com boa performance. +ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; + +# --- Configurações de Sessão e Performance --- +# Cache de sessão para acelerar reconexões TLS. 50MB pode guardar ~200,000 sessões. +ssl_session_cache shared:SSL:50m; +ssl_session_timeout 1d; + +# Desativa os 'session tickets' por segurança, favorecendo o 'session cache'. +ssl_session_tickets off; + +# Ativa o OCSP Stapling para acelerar a verificação de certificados. +ssl_stapling on; +ssl_stapling_verify on; + +# Define os servidores DNS para a verificação do OCSP. +resolver 1.0.0.1 8.8.8.8 1.1.1.1 8.8.4.4 valid=300s; +resolver_timeout 15s; + +# Aponta para o nosso ficheiro de parâmetros Diffie-Hellman para Perfect Forward Secrecy. +ssl_dhparam /etc/ssl/certs/dhparam.pem; + +# --- Cabeçalhos HTTP de Segurança --- +# Força o uso de HTTPS por 2 anos e inclui subdomínios. 'preload' permite a submissão para listas de HSTS dos navegadores. +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + +# Impede que o navegador tente interpretar MIME types incorretamente. +add_header X-Content-Type-Options "nosniff" always; + +# Protege contra ataques de 'clickjacking', impedindo que o site seja incorporado em iframes de outros domínios. +add_header X-Frame-Options "SAMEORIGIN" always; diff --git a/nginx/nginx.bak-revert-debian/snippets/websocket_params.conf b/nginx/nginx.bak-revert-debian/snippets/websocket_params.conf new file mode 100644 index 0000000..4b38909 --- /dev/null +++ b/nginx/nginx.bak-revert-debian/snippets/websocket_params.conf @@ -0,0 +1,16 @@ +# /etc/nginx/snippets/websocket_params.conf +# +# Parâmetros otimizados e corrigidos para conexões WebSocket. +# Este snippet DEVE ser usado em conjunto com o proxy_params.conf. + +# As 3 linhas mágicas para permitir a "promoção" da conexão para WebSocket. +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; + +# Desativa o buffering para garantir a comunicação em tempo real. +proxy_buffering off; + +# Define um timeout longo para evitar que as conexões de longa duração sejam fechadas. +proxy_read_timeout 86400s; # 24 horas +proxy_send_timeout 86400s; # 24 horas diff --git a/nginx/nginx.bak-revert-debian/unicode.mapping b/nginx/nginx.bak-revert-debian/unicode.mapping new file mode 100644 index 0000000..2654c4a --- /dev/null +++ b/nginx/nginx.bak-revert-debian/unicode.mapping @@ -0,0 +1,96 @@ +(MAC - Roman) + + +(MAC - Icelandic) + + +1250 (ANSI - Central Europe) +00a1:21 00a2:63 00a3:4c 00a5:59 00aa:61 00b2:32 00b3:33 00b9:31 00ba:6f 00bc:31 00bd:31 00be:33 00c0:41 00c3:41 00c5:41 00c6:41 00c8:45 00ca:45 00cc:49 00cf:49 00d1:4e 00d2:4f 00d5:4f 00d8:4f 00d9:55 00db:55 00e0:61 00e3:61 00e5:61 00e6:61 00e8:65 00ea:65 00ec:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f8:6f 00f9:75 00fb:75 00ff:79 0100:41 0101:61 0108:43 0109:63 010a:43 010b:63 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 013b:4c 013c:6c 0145:4e 0146:6e 014c:4f 014d:6f 014e:4f 014f:6f 0152:4f 0153:6f 0156:52 0157:72 015c:53 015d:73 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0180:62 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2032:27 2035:60 203c:21 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2191:5e 2194:2d 2195:7c 21a8:7c 2212:2d 2215:2f 2216:5c 2217:2a 221f:4c 2223:7c 2236:3a 223c:7e 2303:5e 2329:3c 232a:3e 2502:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263c:30 2640:2b 2642:3e 266a:64 266b:64 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +1251 (ANSI - Cyrillic) +00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 203c:21 2190:3c 2191:5e 2192:3e 2193:76 2194:2d 221a:76 221f:4c 2500:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2552:2d 2558:4c 2559:4c 255a:4c 255b:2d 255c:2d 255d:2d 2564:54 2565:54 2566:54 256a:2b 256b:2b 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +1252 (ANSI - Latin I) +0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c8:27 02cb:60 02cd:5f 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 0393:47 0398:54 03a3:53 03a6:46 03a9:4f 03b1:61 03b4:64 03b5:65 03c0:70 03c3:73 03c4:74 03c6:66 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2017:3d 2032:27 2035:60 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 207f:6e 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2212:2d 2215:2f 2216:5c 2217:2a 221a:76 221e:38 2223:7c 2229:6e 2236:3a 223c:7e 2261:3d 2264:3d 2265:3d 2303:5e 2320:28 2321:29 2329:3c 232a:3e 2500:2d 250c:2b 2510:2b 2514:2b 2518:2b 251c:2b 252c:2d 2534:2d 253c:2b 2550:2d 2552:2b 2553:2b 2554:2b 2555:2b 2556:2b 2557:2b 2558:2b 2559:2b 255a:2b 255b:2b 255c:2b 255d:2b 2564:2d 2565:2d 2566:2d 2567:2d 2568:2d 2569:2d 256a:2b 256b:2b 256c:2b 2584:5f 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +1253 (ANSI - Greek) +00b4:2f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 037e:3b 203c:21 2190:3c 2191:5e 2192:3e 2193:76 2194:2d 221f:4c 2500:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +1254 (ANSI - Turkish) +00dd:59 00fd:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c7:5e 02c8:27 02cb:60 02cd:5f 02d8:5e 02d9:27 0300:60 0302:5e 0331:5f 0332:5f 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2032:27 2035:60 203c:21 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2081:30 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2191:5e 2193:76 2194:2d 2195:7c 21a8:7c 2212:2d 2215:2f 2216:5c 2217:2a 221f:4c 2223:7c 2236:3a 223c:7e 2303:5e 2329:3c 232a:3e 2502:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:3d 301d:22 301e:22 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +1255 (ANSI - Hebrew) +0191:46 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +1256 (ANSI - Arabic) +0620:41 0621:41 0622:43 0623:45 0624:45 0625:45 0626:45 0627:49 0628:49 0629:4f 062a:55 062b:55 062c:55 062d:46 062e:43 062f:44 0630:45 0631:46 0632:47 0633:48 0634:49 0635:4a 0636:4b 0637:4c 0638:4d 0639:4e 063a:4f 0641:41 0642:42 0643:43 0644:44 0645:45 0646:46 0647:47 0648:48 0649:49 064a:4a 064b:4b 064c:4c 064d:4d 064e:4e 064f:4f 0650:50 0651:51 0652:52 + +1257 (ANSI - Baltic) +ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +1258 (ANSI/OEM - Viet Nam) +ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +20127 (US-ASCII) +00a0:20 00a1:21 00a2:63 00a4:24 00a5:59 00a6:7c 00a9:43 00aa:61 00ab:3c 00ad:2d 00ae:52 00b2:32 00b3:33 00b7:2e 00b8:2c 00b9:31 00ba:6f 00bb:3e 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +20261 (T.61) +f8dd:5c f8de:5e f8df:60 f8e0:7b f8fc:7d f8fd:7e f8fe:7f + +20866 (Russian - KOI8) +00a7:15 00ab:3c 00ad:2d 00ae:52 00b1:2b 00b6:14 00bb:3e 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2026:3a 2030:25 2039:3c 203a:3e 203c:13 2122:54 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 221f:1c 2302:7f 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e + +28591 (ISO 8859-1 Latin I) +0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +28592 (ISO 8859-2 Central Europe) +00a1:21 00a2:63 00a5:59 00a6:7c 00a9:43 00aa:61 00ab:3c 00ae:52 00b2:32 00b3:33 00b7:2e 00b9:31 00ba:6f 00bb:3e 00c0:41 00c3:41 00c5:41 00c6:41 00c8:45 00ca:45 00cc:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d5:4f 00d8:4f 00d9:55 00db:55 00e0:61 00e3:61 00e5:61 00e6:61 00e8:65 00ea:65 00ec:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f8:6f 00f9:75 00fb:75 00ff:79 0100:41 0101:61 0108:43 0109:63 010a:43 010b:63 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 013b:4c 013c:6c 0145:4e 0146:6e 014c:4f 014d:6f 014e:4f 014f:6f 0152:4f 0153:6f 0156:52 0157:72 015c:53 015d:73 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +28605 (ISO 8859-15 Latin 9) +00a6:7c 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0138:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014a:4e 014b:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:54 0169:74 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +37 (IBM EBCDIC - U.S./Canada) +0004:37 0005:2d 0006:2e 0007:2f 0008:16 0009:05 000a:25 0014:3c 0015:3d 0016:32 0017:26 001a:3f 001b:27 0020:40 0021:5a 0022:7f 0023:7b 0024:5b 0025:6c 0026:50 0027:7d 0028:4d 0029:5d 002a:5c 002b:4e 002c:6b 002d:60 002e:4b 002f:61 003a:7a 003b:5e 003c:4c 003d:7e 003e:6e 003f:6f 0040:7c 005f:6d 0060:79 007c:4f 007f:07 0080:20 0081:21 0082:22 0083:23 0084:24 0085:15 0086:06 0087:17 0088:28 0089:29 008a:2a 008b:2b 008c:2c 008d:09 008e:0a 008f:1b 0090:30 0091:31 0092:1a 0093:33 0094:34 0095:35 0096:36 0097:08 0098:38 0099:39 009a:3a 009b:3b 009c:04 009d:14 009e:3e 00a0:41 00a2:4a 00a6:6a 00ac:5f 00c0:64 00c1:65 00c2:62 00c3:66 00c4:63 00c5:67 00c7:68 00c8:74 00c9:71 00ca:72 00cb:73 00cc:78 00cd:75 00ce:76 00cf:77 00d1:69 00df:59 00e0:44 00e1:45 00e2:42 00e3:46 00e4:43 00e5:47 00e7:48 00e8:54 00e9:51 00ea:52 00eb:53 00ec:58 00ed:55 00ee:56 00ef:57 00f1:49 00f8:70 ff01:5a ff02:7f ff03:7b ff04:5b ff05:6c ff06:50 ff07:7d ff08:4d ff09:5d ff0a:5c ff0b:4e ff0c:6b ff0d:60 ff0e:4b ff0f:61 ff1a:7a ff1b:5e ff1c:4c ff1d:7e ff1e:6e ff20:7c ff3f:6d ff40:79 ff5c:4f + +437 (OEM - United States) +00a4:0f 00a7:15 00a8:22 00a9:63 00ad:2d 00ae:72 00af:5f 00b3:33 00b4:27 00b6:14 00b8:2c 00b9:31 00be:5f 00c0:41 00c1:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d7:78 00d8:4f 00d9:55 00da:55 00db:55 00dd:59 00de:5f 00e3:61 00f0:64 00f5:6f 00f8:6f 00fd:79 00fe:5f 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02ca:27 02cb:60 02cd:5f 02dc:7e 0300:60 0301:27 0302:5e 0303:7e 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:60 2019:27 201a:2c 201c:22 201d:22 201e:2c 2020:2b 2022:07 2026:2e 2030:25 2032:27 2035:60 2039:3c 203a:3e 203c:13 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:09 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2122:54 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2212:2d 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 2758:7c 3000:20 3007:09 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +500 (IBM EBCDIC - International) +0004:37 0005:2d 0006:2e 0007:2f 0008:16 0009:05 000a:25 0014:3c 0015:3d 0016:32 0017:26 001a:3f 001b:27 0020:40 0021:4f 0022:7f 0023:7b 0024:5b 0025:6c 0026:50 0027:7d 0028:4d 0029:5d 002a:5c 002b:4e 002c:6b 002d:60 002e:4b 002f:61 003a:7a 003b:5e 003c:4c 003d:7e 003e:6e 003f:6f 0040:7c 005b:4a 005d:5a 005e:5f 005f:6d 0060:79 007f:07 0080:20 0081:21 0082:22 0083:23 0084:24 0085:15 0086:06 0087:17 0088:28 0089:29 008a:2a 008b:2b 008c:2c 008d:09 008e:0a 008f:1b 0090:30 0091:31 0092:1a 0093:33 0094:34 0095:35 0096:36 0097:08 0098:38 0099:39 009a:3a 009b:3b 009c:04 009d:14 009e:3e 00a0:41 00a6:6a 00c0:64 00c1:65 00c2:62 00c3:66 00c4:63 00c5:67 00c7:68 00c8:74 00c9:71 00ca:72 00cb:73 00cc:78 00cd:75 00ce:76 00cf:77 00d1:69 00df:59 00e0:44 00e1:45 00e2:42 00e3:46 00e4:43 00e5:47 00e7:48 00e8:54 00e9:51 00ea:52 00eb:53 00ec:58 00ed:55 00ee:56 00ef:57 00f1:49 00f8:70 ff01:4f ff02:7f ff03:7b ff04:5b ff05:6c ff06:50 ff07:7d ff08:4d ff09:5d ff0a:5c ff0b:4e ff0c:6b ff0d:60 ff0e:4b ff0f:61 ff1a:7a ff1b:5e ff1c:4c ff1d:7e ff1e:6e ff20:7c ff3b:4a ff3d:5a ff3e:5f ff3f:6d ff40:79 + +850 (OEM - Multilingual Latin I) +0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01a9:53 01ab:74 01ae:54 01af:55 01b0:75 01b6:5a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:27 02cd:5f 02dc:7e 0300:27 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 0393:47 03a3:53 03a6:46 03a9:4f 03b1:61 03b4:64 03b5:65 03c0:70 03c3:73 03c4:74 03c6:66 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:2e 2030:25 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:39 207f:6e 2080:30 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2122:54 2124:5a 2126:4f 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2211:53 2212:2d 2215:2f 2216:2f 2217:2a 2219:07 221a:56 221e:38 221f:1c 2229:6e 2236:3a 223c:7e 2248:7e 2261:3d 2264:3d 2265:3d 2302:7f 2303:5e 2320:28 2321:29 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 2713:56 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +860 (OEM - Portuguese) +00a4:0f 00a5:59 00a7:15 00a8:22 00a9:63 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00be:33 00c4:41 00c5:41 00c6:41 00cb:45 00ce:49 00cf:49 00d0:44 00d6:4f 00d7:58 00d8:4f 00db:55 00dd:59 00de:54 00e4:61 00e5:61 00e6:61 00eb:65 00ee:69 00ef:69 00f0:64 00f6:6f 00f8:6f 00fb:75 00fd:79 00fe:74 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:5c 0161:7c 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 0278:66 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:5f 2011:5f 2013:5f 2014:5f 2017:5f 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:07 2024:07 2026:2e 2030:25 2032:27 2035:60 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212b:41 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 + +861 (OEM - Icelandic) +00a2:63 00a4:0f 00a5:59 00a7:15 00a8:22 00a9:63 00aa:61 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00ba:6f 00be:33 00c0:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d4:4f 00d5:4f 00d7:58 00d9:55 00db:55 00e3:61 00ec:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f9:75 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 0278:66 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 + +863 (OEM - Canadian French) +00a1:21 00a5:59 00a9:63 00aa:61 00ad:16 00ae:72 00b9:33 00ba:6f 00c1:41 00c3:41 00c4:41 00c5:41 00c6:41 00cc:49 00cd:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d5:4f 00d6:4f 00d7:58 00d8:4f 00da:55 00dd:59 00de:54 00e1:61 00e3:61 00e4:61 00e5:61 00e6:61 00ec:69 00ed:69 00f0:64 00f1:6e 00f2:6f 00f5:6f 00f6:6f 00f8:6f 00fd:79 00fe:74 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:22 02ba:27 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 0304:16 0305:16 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212b:41 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 + +865 (OEM - Nordic) +00a2:63 00a5:59 00a7:15 00a8:22 00a9:63 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00bb:3e 00be:33 00c0:41 00c1:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d7:58 00d9:55 00da:55 00db:55 00dd:59 00de:54 00e3:61 00f0:64 00f5:6f 00fd:79 00fe:74 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 226b:3c 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 300b:3e 301a:5b 301b:5d 30fb:07 + +874 (ANSI/OEM - Thai) +00a7:15 00b6:14 203c:13 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 221f:1c 2302:7f 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e + +932 (ANSI/OEM - Japanese Shift-JIS) +00a1:21 00a5:5c 00a6:7c 00a9:63 00aa:61 00ad:2d 00ae:52 00b2:32 00b3:33 00b9:31 00ba:6f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00de:54 00df:73 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f0:64 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00fe:74 00ff:79 + +936 (ANSI/OEM - Simplified Chinese GBK) +00a6:7c 00aa:61 00ad:2d 00b2:32 00b3:33 00b9:31 00ba:6f 00d0:44 00dd:59 00de:54 00e2:61 00f0:65 00fd:79 00fe:74 + +949 (ANSI/OEM - Korean) +00a6:7c 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 20a9:5c + +950 (ANSI/OEM - Traditional Chinese Big5) +00a1:21 00a6:7c 00a9:63 00aa:61 00ad:2d 00ae:52 00b2:32 00b3:33 00b9:31 00ba:6f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00de:54 00df:73 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f0:65 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00fe:74 00ff:79 + +(UTF-7) + + +(UTF-8) + + diff --git a/nginx/nginx.bak-revert-debian/uwsgi_params b/nginx/nginx.bak-revert-debian/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/nginx/nginx.bak-revert-debian/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/nginx/nginx.bak-revert-debian/win-utf b/nginx/nginx.bak-revert-debian/win-utf new file mode 100644 index 0000000..774fd9f --- /dev/null +++ b/nginx/nginx.bak-revert-debian/win-utf @@ -0,0 +1,125 @@ +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A; # single low-9 quotation mark + + 84 E2809E; # double low-9 quotation mark + 85 E280A6; # ellipsis + 86 E280A0; # dagger + 87 E280A1; # double dagger + 88 E282AC; # euro + 89 E280B0; # per mille + + 91 E28098; # left single quotation mark + 92 E28099; # right single quotation mark + 93 E2809C; # left double quotation mark + 94 E2809D; # right double quotation mark + 95 E280A2; # bullet + 96 E28093; # en dash + 97 E28094; # em dash + + 99 E284A2; # trade mark sign + + A0 C2A0; #   + A1 D18E; # capital Byelorussian short U + A2 D19E; # small Byelorussian short u + + A4 C2A4; # currency sign + A5 D290; # capital Ukrainian soft G + A6 C2A6; # borken bar + A7 C2A7; # section sign + A8 D081; # capital YO + A9 C2A9; # (C) + AA D084; # capital Ukrainian YE + AB C2AB; # left-pointing double angle quotation mark + AC C2AC; # not sign + AD C2AD; # soft hypen + AE C2AE; # (R) + AF D087; # capital Ukrainian YI + + B0 C2B0; # ° + B1 C2B1; # plus-minus sign + B2 D086; # capital Ukrainian I + B3 D196; # small Ukrainian i + B4 D291; # small Ukrainian soft g + B5 C2B5; # micro sign + B6 C2B6; # pilcrow sign + B7 C2B7; # · + B8 D191; # small yo + B9 E28496; # numero sign + BA D194; # small Ukrainian ye + BB C2BB; # right-pointing double angle quotation mark + + BF D197; # small Ukrainian yi + + C0 D090; # capital A + C1 D091; # capital B + C2 D092; # capital V + C3 D093; # capital G + C4 D094; # capital D + C5 D095; # capital YE + C6 D096; # capital ZH + C7 D097; # capital Z + C8 D098; # capital I + C9 D099; # capital J + CA D09A; # capital K + CB D09B; # capital L + CC D09C; # capital M + CD D09D; # capital N + CE D09E; # capital O + CF D09F; # capital P + + D0 D0A0; # capital R + D1 D0A1; # capital S + D2 D0A2; # capital T + D3 D0A3; # capital U + D4 D0A4; # capital F + D5 D0A5; # capital KH + D6 D0A6; # capital TS + D7 D0A7; # capital CH + D8 D0A8; # capital SH + D9 D0A9; # capital SHCH + DA D0AA; # capital hard sign + DB D0AB; # capital Y + DC D0AC; # capital soft sign + DD D0AD; # capital E + DE D0AE; # capital YU + DF D0AF; # capital YA + + E0 D0B0; # small a + E1 D0B1; # small b + E2 D0B2; # small v + E3 D0B3; # small g + E4 D0B4; # small d + E5 D0B5; # small ye + E6 D0B6; # small zh + E7 D0B7; # small z + E8 D0B8; # small i + E9 D0B9; # small j + EA D0BA; # small k + EB D0BB; # small l + EC D0BC; # small m + ED D0BD; # small n + EE D0BE; # small o + EF D0BF; # small p + + F0 D180; # small r + F1 D181; # small s + F2 D182; # small t + F3 D183; # small u + F4 D184; # small f + F5 D185; # small kh + F6 D186; # small ts + F7 D187; # small ch + F8 D188; # small sh + F9 D189; # small shch + FA D18A; # small hard sign + FB D18B; # small y + FC D18C; # small soft sign + FD D18D; # small e + FE D18E; # small yu + FF D18F; # small ya +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf index c89bd9b..f52668a 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,106 +1,83 @@ -# Ficheiro de configuração global do Nginx (/etc/nginx/nginx.conf) -# VERSÃO CORRIGIDA E OTIMIZADA - -# --- Carregamento de Módulos Dinâmicos --- -# Esta secção é crucial para as versões mais recentes do Nginx. -# A linha abaixo carrega o módulo ModSecurity que instalámos. -# --- Configurações Gerais --- user www-data; worker_processes auto; -worker_rlimit_nofile 65535; pid /run/nginx.pid; error_log /var/log/nginx/error.log; -# Esta linha carrega outros módulos padrão do Debian (como o 'stream'). include /etc/nginx/modules-enabled/*.conf; -# --- Bloco de Eventos --- events { - worker_connections 16384; - multi_accept on; + worker_connections 768; + # multi_accept on; } -# ============================================================================== -# BLOCO HTTP: Para todo o tráfego Web (Sites, APIs, etc.) -# ============================================================================== http { - # --- Configurações de Cache --- - proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; - proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; - proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; - # --- Configurações Básicas e de Performance --- - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - server_tokens off; - include /etc/nginx/mime.types; - default_type application/octet-stream; + ## + # Basic Settings + ## - # --- Otimizações de Proxy Reverso e Buffers --- - client_body_buffer_size 128k; - client_max_body_size 10G; - proxy_buffer_size 16k; - proxy_buffers 8 16k; - proxy_busy_buffers_size 32k; + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # server_tokens off; - # --- Otimizações de Keep-Alive e Timeouts --- - keepalive_timeout 65s; - keepalive_requests 1000; - send_timeout 10s; + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; - # --- Configurações de Segurança (WAF) --- - # Agora que o módulo está carregado, estas diretivas irão funcionar. - #modsecurity on; - #modsecurity_rules_file /etc/nginx/modsecurity.conf; + include /etc/nginx/mime.types; + default_type application/octet-stream; - # --- Configurações do GeoIP2 --- - geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { - $geoip2_country_code country iso_code; - $geoip2_country_name country names en; - $geoip2_region_name subdivisions 0 names en; - $geoip2_city_name city names en; - $geoip2_latitude location latitude; - $geoip2_longitude location longitude; - $geoip2_asn autonomous_system_number; - $geoip2_isp autonomous_system_organization; - } + ## + # SSL Settings + ## - # --- Configurações de Logging --- - log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","cache_status":"$upstream_cache_status","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; - access_log /var/log/nginx/access.log detailed_proxy; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; - # --- Configurações de Compressão --- - include /etc/nginx/snippets/compression_params.conf; + ## + # Logging Settings + ## - # --- Carregar Ficheiros de Configuração dos Sites --- - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; + access_log /var/log/nginx/access.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; } -# ============================================================================== -# BLOCO STREAM: Para tráfego TCP/UDP (Telefonia, SSL Passthrough) -# ============================================================================== -stream { - # (O seu bloco stream existente vai aqui, sem alterações) - # Encaminhamento da porta de sinalização SIP (TCP) - server { - listen 5060; - proxy_pass 172.16.254.130:5060; - } - # Encaminhamento da porta de sinalização SIP (UDP) - server { - listen 5060 udp; - proxy_pass 172.16.254.130:5060; - } - - # Encaminhamento da faixa de portas RTP para o áudio (UDP) - server { - listen 10000-20000 udp; - proxy_pass 172.16.254.130:$server_port; - } -} +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/nginx/sites-available/default b/nginx/sites-available/default index 335c876..c5af914 100644 --- a/nginx/sites-available/default +++ b/nginx/sites-available/default @@ -15,7 +15,7 @@ # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## -# TESTE + # Default server configuration # server { @@ -44,7 +44,6 @@ server { index index.html index.htm index.nginx-debian.html; server_name _; - add_header Alt-Svc 'h3=":443"; ma=86400'; location / { # First attempt to serve request as file, then @@ -82,7 +81,6 @@ server { # listen [::]:80; # # server_name example.com; - add_header Alt-Svc 'h3=":443"; ma=86400'; # # root /var/www/example.com; # index index.html;