diff --git a/nginx/sites-available/ns1.itguys.com.br.conf b/nginx/sites-available/ns1.itguys.com.br.conf index 65512f2..d23ae76 100644 --- a/nginx/sites-available/ns1.itguys.com.br.conf +++ b/nginx/sites-available/ns1.itguys.com.br.conf @@ -53,7 +53,7 @@ server { access_log /var/log/nginx/ns1.itguys.com.br.access.log combined; error_log /var/log/nginx/ns1.itguys.com.br.error.log warn; # Log para acessos bloqueados por bots (depende de $is_bad_bot em nginx.conf) - access_log /var/log/nginx/ns1.itguys.com.br.bad-bot.log blocked if=$is_bad_bot; + access_log /var/log/nginx/ns1.itguys.com.br.bad-bot.log suspicious_bot if=$is_bad_bot; # Módulo de Segurança Global (Bloqueia bots e URIs suspeitas de nginx.conf) if ($block_request) { @@ -74,8 +74,8 @@ server { # ============================================================================ # CONFIGURAÇÕES DE SSL/TLS (Hardening) # ============================================================================ - ssl_certificate /etc/letsencrypt/live/ns1.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ns1.itguys.com.br/privkey.pem; + #ssl_certificate /etc/letsencrypt/live/ns1.itguys.com.br/fullchain.pem; + #ssl_certificate_key /etc/letsencrypt/live/ns1.itguys.com.br/privkey.pem; ssl_protocols TLSv1.3 TLSv1.2; ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'; ssl_prefer_server_ciphers on; @@ -85,9 +85,9 @@ server { ssl_session_tickets off; # OCSP Stapling - ssl_stapling on; - ssl_stapling_verify on; - ssl_trusted_certificate /etc/letsencrypt/live/ns1.itguys.com.br/fullchain.pem; + ssl_stapling off; + ssl_stapling_verify off; + #ssl_trusted_certificate /etc/letsencrypt/live/ns1.itguys.com.br/fullchain.pem; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s;