fix: standardize site configs, fix maps context and ttl syntax

2026-02-05 15:54:34 -03:00 · 2026-02-05 15:54:34 -03:00 · 29b33e1e10
parent 55f5d318e0
commit 29b33e1e10
3 changed files with 11 additions and 44 deletions
--- a/conf.d/ferreirareal.com.br.conf
+++ b/conf.d/ferreirareal.com.br.conf
@ -1,91 +1,64 @@
 # ==============================================================================
 # PROXY PATHFINDER - HIGH END CONFIGURATION
 # Site: ferreirareal.com.br
 # ==============================================================================
 upstream ferreirareal_backend {
    server 172.112.1.2:8081;
 }
 # --- HTTP -> HTTPS Redirect ---
 server {
    listen 80;
    server_name ferreirareal.com.br www.ferreirareal.com.br;
    include snippets/acme_challenge.conf;
    location / {
        return 301 https://ferreirareal.com.br$request_uri;
    }
 }
 # --- WWW -> Non-WWW Redirect (HTTPS) ---
 server {
    listen 443 quic;
    listen 443 ssl;
    server_name www.ferreirareal.com.br;
    include snippets/ssl_params.conf;
    ssl_certificate /etc/letsencrypt/live/ferreirareal.com.br/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ferreirareal.com.br/privkey.pem;
    return 301 https://ferreirareal.com.br$request_uri;
 }
 # --- MAIN SERVER ---
 server {
    # HTTP/3 (QUIC) + HTTP/2 + SSL
    listen 443 quic reuseport;
    listen 443 ssl;
    server_name ferreirareal.com.br;
    # --- logs ---
    access_log /var/log/nginx/ferreirareal.com.br.access.log detailed_proxy;
    error_log /var/log/nginx/ferreirareal.com.br.error.log warn;
    # --- Snippets Globais de Performance e Segurança ---
    include snippets/ssl_params.conf;
    include snippets/proxy_params.conf;
    include snippets/modsecurity.conf;
    # modsecurity_rules_file /etc/nginx/modsec/main.conf;
    include snippets/well_known.conf;
    include snippets/security_actions.conf;
    # --- Certificados ---
    ssl_certificate /etc/letsencrypt/live/ferreirareal.com.br/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ferreirareal.com.br/privkey.pem;
-    # --- Cache ---
+    proxy_cache dynamic_cache;
    proxy_cache dynamic_cache; # Usando a Zona Universal
    # --- Variáveis para Snippets de Identificação ---
    set $upstream_proto http;
    set $upstream_app ferreirareal_backend;
    # --- LOCATIONS ---
    # 1. Contatos (SEM CACHE)
    location = /Contatos.html {
        proxy_cache_bypass 1;
        proxy_no_cache 1;
        proxy_pass http://ferreirareal_backend;
    }
    # 2. Assets Estáticos (CACHE AGRESSIVO & MODERN)
    location ~* \.(webp|avif|heic|apng|jpg|jpeg|gif|png|ico|svg|mjs|js|ts|wasm|json|woff2?|ttf|otf|eot|css|less|scss)$ {
-        # include snippets/cache_optimizer.conf;
+        include snippets/cache_optimizer.conf;
        add_header Cache-Control $cache_control_header;
        proxy_cache_valid 200 1d;
        proxy_pass http://ferreirareal_backend;
        # Rate Limit Diferenciado
        limit_req zone=global_limit burst=50 nodelay;
        limit_req zone=punishment_limit burst=5 nodelay;
        access_log off;
    }
    # 3. Raiz (CACHE DINÂMICO)
    location / {
        expires 15m;
        proxy_cache_valid 200 15m;
--- a/conf.d/test.local.conf
+++ b/conf.d/test.local.conf
@ -7,36 +7,23 @@ server {
    listen 80;
    server_name test.local;
    # Logs JSON (Mandatório para monitoramento 2026)
    access_log /var/log/nginx/test.local.access.log detailed_proxy;
    error_log /var/log/nginx/test.local.error.log warn;
    # 1. Segurança e Well-Known
    include snippets/well_known.conf;
    include snippets/security_actions.conf;
    # 2. Performance e Cache
    include snippets/cache_optimizer.conf;
    location / {
        proxy_pass http://test_backend;
        include snippets/proxy_params.conf;
        # Rate Limit
        limit_req zone=global_limit burst=20 nodelay;
        limit_req zone=punishment_limit burst=5 nodelay;
        add_header X-Test-Tag "v1.0-Homologacao";
    }
    # Assets para teste de Pseudo-CDN e Cache
    location ~* \.(webp|avif|heic|apng|jpg|jpeg|gif|png|ico|svg|mjs|js|ts|wasm|json|woff2?|ttf|otf|eot|css|less|scss)$ {
        include snippets/cache_optimizer.conf;
        add_header Cache-Control $cache_control_header;
        proxy_cache_valid 200 1d;
        proxy_pass http://test_backend;
        add_header X-Asset-Test "Injected";
    }
 }
--- a/nginx.conf
+++ b/nginx.conf
@ -18,7 +18,7 @@ events {
 }
 http {
-    # modsecurity_rules_file /etc/nginx/modsec/empty.conf;
+    # modsecurity_rules_file /etc/nginx/modsec/main.conf;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
@ -43,6 +43,13 @@ http {
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    # Shared Cache Zone (Pseudo-CDN)
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=dynamic_cache:50m max_size=10g inactive=60m use_temp_path=off;
    # DNS Resolver (SSL Stapling & Upstreams)
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    # Security Snippets
    include /etc/nginx/snippets/security_maps.conf;
    include /etc/nginx/snippets/rate_limit.conf;