fix: standardize site configs, fix maps context and ttl syntax
This commit is contained in:
parent
55f5d318e0
commit
29b33e1e10
|
|
@ -1,91 +1,64 @@
|
|||
# ==============================================================================
|
||||
# PROXY PATHFINDER - HIGH END CONFIGURATION
|
||||
# Site: ferreirareal.com.br
|
||||
# ==============================================================================
|
||||
|
||||
upstream ferreirareal_backend {
|
||||
server 172.112.1.2:8081;
|
||||
}
|
||||
|
||||
# --- HTTP -> HTTPS Redirect ---
|
||||
server {
|
||||
listen 80;
|
||||
server_name ferreirareal.com.br www.ferreirareal.com.br;
|
||||
|
||||
include snippets/acme_challenge.conf;
|
||||
|
||||
location / {
|
||||
return 301 https://ferreirareal.com.br$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# --- WWW -> Non-WWW Redirect (HTTPS) ---
|
||||
server {
|
||||
listen 443 quic;
|
||||
listen 443 ssl;
|
||||
server_name www.ferreirareal.com.br;
|
||||
|
||||
include snippets/ssl_params.conf;
|
||||
ssl_certificate /etc/letsencrypt/live/ferreirareal.com.br/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ferreirareal.com.br/privkey.pem;
|
||||
|
||||
return 301 https://ferreirareal.com.br$request_uri;
|
||||
}
|
||||
|
||||
# --- MAIN SERVER ---
|
||||
server {
|
||||
# HTTP/3 (QUIC) + HTTP/2 + SSL
|
||||
listen 443 quic reuseport;
|
||||
listen 443 ssl;
|
||||
server_name ferreirareal.com.br;
|
||||
|
||||
# --- logs ---
|
||||
access_log /var/log/nginx/ferreirareal.com.br.access.log detailed_proxy;
|
||||
error_log /var/log/nginx/ferreirareal.com.br.error.log warn;
|
||||
|
||||
# --- Snippets Globais de Performance e Segurança ---
|
||||
include snippets/ssl_params.conf;
|
||||
include snippets/proxy_params.conf;
|
||||
include snippets/modsecurity.conf;
|
||||
# modsecurity_rules_file /etc/nginx/modsec/main.conf;
|
||||
include snippets/well_known.conf;
|
||||
include snippets/security_actions.conf;
|
||||
|
||||
# --- Certificados ---
|
||||
ssl_certificate /etc/letsencrypt/live/ferreirareal.com.br/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ferreirareal.com.br/privkey.pem;
|
||||
|
||||
# --- Cache ---
|
||||
proxy_cache dynamic_cache; # Usando a Zona Universal
|
||||
|
||||
# --- Variáveis para Snippets de Identificação ---
|
||||
proxy_cache dynamic_cache;
|
||||
set $upstream_proto http;
|
||||
set $upstream_app ferreirareal_backend;
|
||||
|
||||
# --- LOCATIONS ---
|
||||
|
||||
# 1. Contatos (SEM CACHE)
|
||||
location = /Contatos.html {
|
||||
proxy_cache_bypass 1;
|
||||
proxy_no_cache 1;
|
||||
proxy_pass http://ferreirareal_backend;
|
||||
}
|
||||
|
||||
# 2. Assets Estáticos (CACHE AGRESSIVO & MODERN)
|
||||
location ~* \.(webp|avif|heic|apng|jpg|jpeg|gif|png|ico|svg|mjs|js|ts|wasm|json|woff2?|ttf|otf|eot|css|less|scss)$ {
|
||||
# include snippets/cache_optimizer.conf;
|
||||
include snippets/cache_optimizer.conf;
|
||||
add_header Cache-Control $cache_control_header;
|
||||
|
||||
proxy_cache_valid 200 1d;
|
||||
proxy_pass http://ferreirareal_backend;
|
||||
|
||||
# Rate Limit Diferenciado
|
||||
limit_req zone=global_limit burst=50 nodelay;
|
||||
limit_req zone=punishment_limit burst=5 nodelay;
|
||||
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# 3. Raiz (CACHE DINÂMICO)
|
||||
location / {
|
||||
expires 15m;
|
||||
proxy_cache_valid 200 15m;
|
||||
|
|
|
|||
|
|
@ -7,36 +7,23 @@ server {
|
|||
listen 80;
|
||||
server_name test.local;
|
||||
|
||||
# Logs JSON (Mandatório para monitoramento 2026)
|
||||
access_log /var/log/nginx/test.local.access.log detailed_proxy;
|
||||
error_log /var/log/nginx/test.local.error.log warn;
|
||||
|
||||
# 1. Segurança e Well-Known
|
||||
include snippets/well_known.conf;
|
||||
include snippets/security_actions.conf;
|
||||
|
||||
# 2. Performance e Cache
|
||||
include snippets/cache_optimizer.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://test_backend;
|
||||
include snippets/proxy_params.conf;
|
||||
|
||||
# Rate Limit
|
||||
limit_req zone=global_limit burst=20 nodelay;
|
||||
limit_req zone=punishment_limit burst=5 nodelay;
|
||||
|
||||
add_header X-Test-Tag "v1.0-Homologacao";
|
||||
}
|
||||
|
||||
# Assets para teste de Pseudo-CDN e Cache
|
||||
location ~* \.(webp|avif|heic|apng|jpg|jpeg|gif|png|ico|svg|mjs|js|ts|wasm|json|woff2?|ttf|otf|eot|css|less|scss)$ {
|
||||
include snippets/cache_optimizer.conf;
|
||||
add_header Cache-Control $cache_control_header;
|
||||
|
||||
proxy_cache_valid 200 1d;
|
||||
proxy_pass http://test_backend;
|
||||
|
||||
add_header X-Asset-Test "Injected";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ events {
|
|||
}
|
||||
|
||||
http {
|
||||
# modsecurity_rules_file /etc/nginx/modsec/empty.conf;
|
||||
# modsecurity_rules_file /etc/nginx/modsec/main.conf;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
|
|
@ -43,6 +43,13 @@ http {
|
|||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# Shared Cache Zone (Pseudo-CDN)
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=dynamic_cache:50m max_size=10g inactive=60m use_temp_path=off;
|
||||
|
||||
# DNS Resolver (SSL Stapling & Upstreams)
|
||||
resolver 8.8.8.8 8.8.4.4 valid=300s;
|
||||
resolver_timeout 5s;
|
||||
|
||||
# Security Snippets
|
||||
include /etc/nginx/snippets/security_maps.conf;
|
||||
include /etc/nginx/snippets/rate_limit.conf;
|
||||
|
|
|
|||
Loading…
Reference in New Issue