From 33c0da604d8ef2359b30cc09708c056f87be596c Mon Sep 17 00:00:00 2001
From: "srvproxy001.itguys.com.br" <srvproxy001@itguys.com.br>
Date: Sat, 20 Sep 2025 13:57:24 -0300
Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?=
 =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?=
 =?UTF-8?q?5-09-20=2013:57:24?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nginx/.certbot.lock                      |  0
 nginx/nginx.conf                         |  2 --
 nginx/sites-available/itguys.com.br.conf | 33 +++++++++++-------------
 3 files changed, 15 insertions(+), 20 deletions(-)
 delete mode 100644 nginx/.certbot.lock

diff --git a/nginx/.certbot.lock b/nginx/.certbot.lock
deleted file mode 100644
index e69de29..0000000
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 66e79d5..bcc9d9e 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -11,8 +11,6 @@ events {
 }
 
 http {
-server_names_hash_bucket_size 128;
-include /etc/letsencrypt/le_http_01_cert_challenge.conf;
         #Configuraçoes de Cache
         proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off;
         proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off;
diff --git a/nginx/sites-available/itguys.com.br.conf b/nginx/sites-available/itguys.com.br.conf
index bff66bf..01b361d 100644
--- a/nginx/sites-available/itguys.com.br.conf
+++ b/nginx/sites-available/itguys.com.br.conf
@@ -7,9 +7,15 @@
 # ==============================================================================
 # BLOCO 1: Redirecionar todo o tráfego da porta 80 para a versão segura COM WWW
 # ==============================================================================
-server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
+server {
+    if ($host = itguys.com.br) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
 
-rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
+
+    if ($host = www.itguys.com.br) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
 
 
     listen 80;
@@ -23,37 +29,27 @@ rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
     location / {
         return 301 https://www.itguys.com.br$request_uri;
     }
-location = /.well-known/acme-challenge/fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao{default_type text/plain;return 200 fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot
-
-location = /.well-known/acme-challenge/kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg{default_type text/plain;return 200 kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot
-
 }
 
 # ==============================================================================
 # BLOCO 2: Redirecionar o tráfego HTTPS SEM WWW para a versão COM WWW
 # ==============================================================================
-server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
-
-
+server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
     server_name itguys.com.br;
 
-    #ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem;
-    #ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem;
-    #ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem;
 
     return 301 https://www.itguys.com.br$request_uri;
-location = /.well-known/acme-challenge/fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao{default_type text/plain;return 200 fObg6kmtXxT0pCvfWlW7_9b3WPoz4IdJO9m2XDYCtao.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot
-
 }
 
 # ==============================================================================
 # BLOCO 3: O SERVIDOR PRINCIPAL E CANÓNICO (HTTPS COM WWW)
 # ==============================================================================
-server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
-
-
+server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
     server_name www.itguys.com.br;
@@ -109,6 +105,7 @@ server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot
         proxy_cache_valid 200 5m;
         proxy_pass http://172.16.12.17:80;
     }
-location = /.well-known/acme-challenge/kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg{default_type text/plain;return 200 kELgSA_q9xno4P2oLbwdYF-eIgOdCeQHYVjsluVycZg.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot
 
+    ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; # managed by Certbot
 }