From 46218a830d75734e3d6923705af7fd76e43166b7 Mon Sep 17 00:00:00 2001 From: "srvproxy001.itguys.com.br" Date: Mon, 10 Nov 2025 22:53:31 -0300 Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?= =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?= =?UTF-8?q?5-11-10=2022:53:31?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cloud.grupopralog.com.br.conf | 589 ++++++++++-------- 1 file changed, 316 insertions(+), 273 deletions(-) diff --git a/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/sites-available/cloud.grupopralog.com.br.conf index f8c2f7a..03996c7 100644 --- a/nginx/sites-available/cloud.grupopralog.com.br.conf +++ b/nginx/sites-available/cloud.grupopralog.com.br.conf @@ -1,8 +1,17 @@ -map $request_uri $cache_asset { - ~*\.(css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff|woff2|ttf|otf)$ 1y; - default off; -} +# ============================================================================== +# ARQUIVO DE CONFIGURAÇÃO VHOST PARA: cloud.grupopralog.com.br +# ============================================================================== +# AUTOR: Gemini (Especialista NGINX) +# DATA DA REATORAÇÃO: 27/09/2025 +# +# --- DESCRIÇÃO --- +# Esta configuração foi extensivamente otimizada para performance no Nextcloud, +# utilizando regras de micro-cache granulares para diferentes tipos de API e +# ativos estáticos. As zonas de cache 'nc_static_cache' e 'nc_api_cache' +# são definidas no arquivo nginx.conf principal. +# ============================================================================== +# --- MAPAS ESPECÍFICOS DESTE HOST --- map $request_uri $cacheable_session_request { ~^/apps/files/$ 1; ~^/apps/files/files$ 1; @@ -17,6 +26,7 @@ map $cacheable_session_request $session_cache_zone { default ""; } +# --- DEFINIÇÃO DOS UPSTREAMS --- upstream nextcloud_backend { server 172.16.253.12; } @@ -29,6 +39,10 @@ upstream windmill_backend { server 172.16.253.103:8000; } + +# ============================================================================== +# SERVIDOR DE REDIRECIONAMENTO HTTP -> HTTPS +# ============================================================================== server { listen 80; listen [::]:80; @@ -43,26 +57,38 @@ server { } } + +# ============================================================================== +# SERVIDOR HTTPS PRINCIPAL +# ============================================================================== server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name cloud.grupopralog.com.br; + # --- BLOQUEIO DE BOTS E CRAWLERS EXTERNOS --- + # A variável $should_block_bot é definida em nginx.conf + if ($should_block_bot) { + return 444; + } + + # --- CONFIGURAÇÕES GLOBAIS DO SERVIDOR --- client_max_body_size 10G; access_log /var/log/nginx/cloud.grupopralog.com.br.access.log detailed_proxy; error_log /var/log/nginx/cloud.grupopralog.com.br.error.log warn; access_log /var/log/nginx/cloud.grupopralog.com.br.bad-bot.log suspicious_bot if=$is_bad_bot; - #if ($block_request) { - # return 404; - #} - #limit_req zone=global_limit burst=100 nodelay; - + # --- HEADERS DE SEGURANÇA --- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header Referrer-Policy "no-referrer" always; + proxy_hide_header "X-Content-Type-Options"; + proxy_hide_header "X-Frame-Options"; + proxy_hide_header "Feature-Policy"; + proxy_hide_header "Content-Security-Policy"; + # --- OTIMIZAÇÕES DE PROXY E BUFFERS --- client_body_buffer_size 128M; proxy_buffer_size 512k; proxy_buffers 32 256k; @@ -72,11 +98,7 @@ server { proxy_read_timeout 1200s; proxy_temp_file_write_size 256k; - proxy_hide_header "X-Content-Type-Options"; - proxy_hide_header "X-Frame-Options"; - proxy_hide_header "Feature-Policy"; - proxy_hide_header "Content-Security-Policy"; - + # --- CONFIGURAÇÕES SSL/TLS --- ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem; ssl_protocols TLSv1.3 TLSv1.2; @@ -92,6 +114,7 @@ server { resolver 127.0.0.1 valid=300s; resolver_timeout 5s; + # --- CONFIGURAÇÕES DE COMPRESSÃO --- brotli on; brotli_comp_level 6; brotli_min_length 1024; @@ -103,41 +126,285 @@ server { gzip_min_length 1024; gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/x-icon text/css text/javascript text/plain text/xml; + # --- REDIRECIONAMENTOS PADRÃO (WELL-KNOWN) --- location = /.well-known/carddav { return 301 /remote.php/dav; } location = /.well-known/caldav { return 301 /remote.php/dav; } - location = /hosting/discovery { - proxy_pass https://officeonline_backend; - proxy_set_header Host "srvoffice001.itguys.com.br"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Accept-Encoding ""; + # ========================================================================== + # GRUPO 1: CACHE DE ATIVOS ESTÁTICOS (LONGA DURAÇÃO) + # ZONA DE CACHE: nc_static_cache (5GB, 7 dias de inatividade) + # ========================================================================== - # IMPORTANTE: Permite que o Nginx se conecte ao OOS com certificado autoassinado. - proxy_ssl_verify off; + # --- Cache de Avatares (1 hora) --- + location ~ ^/index\.php/avatar/ { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + proxy_cache nc_static_cache; + proxy_cache_key "$host$request_uri"; + proxy_cache_valid 200 1h; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=3600"; + more_set_headers 'X-Avatar-Cache: $upstream_cache_status'; + } + + # --- Cache de Tema, Ícones de Mime (12 horas) --- + location ~ ^/index\.php/(apps/theming/(theme/|image/|manifest/|favicon/|icon/|img/)|core/mimeicon) { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + proxy_cache nc_static_cache; + proxy_cache_key "$host$request_uri$is_args$args"; + proxy_cache_valid 200 12h; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=43200"; + more_set_headers 'X-Theme-Asset-Cache: $upstream_cache_status'; + } + + # --- Cache de Previews do Core (15 minutos) --- + location ~ ^/index\.php/core/preview { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_static_cache; + proxy_cache_key "$host$request_uri$is_args$args|$cookie_nc_session_id"; + proxy_cache_valid 200 15m; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=900"; + more_set_headers 'X-Core-Preview-Cache: $upstream_cache_status'; + } + + # --- Cache de Previews da Lixeira e Versões (5 minutos) --- + location ~ ^/index\.php/apps/(files_trashbin|files_versions)/preview { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_static_cache; + proxy_cache_key "$host$request_uri$is_args$args|$cookie_nc_session_id"; + proxy_cache_valid 200 5m; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=300"; + more_set_headers 'X-File-Preview-Cache: $upstream_cache_status'; + } + + # --- Cache de Previews de Links Públicos (5 minutos) --- + location ~ ^/(index\.php/s/[^/]+/preview|index\.php/apps/files_sharing/publicpreview/) { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_static_cache; + proxy_cache_key "$host$request_uri"; + proxy_cache_valid 200 5m; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=300"; + more_set_headers 'X-Public-Preview-Cache: $upstream_cache_status'; + } + + # --- Cache para ativos estáticos genéricos (.js, .css, etc) --- + location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff|woff2|ttf|otf|map)$ { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + + # (CORREÇÃO) Se o backend retornar uma página HTML para um ativo estático, + # é porque o arquivo não foi encontrado (erro 404). + # Em vez de enviar o HTML (o que causa o erro de MIME type), retornamos um 404 limpo. + if ($upstream_http_content_type = 'text/html') { + return 404; + } + + proxy_cache nc_static_cache; + proxy_cache_valid 200 12h; + proxy_cache_valid any 1m; + proxy_cache_revalidate on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + more_set_headers 'Cache-Control: public, max-age=43200'; + more_set_headers 'X-Proxy-Cache: $upstream_cache_status'; + proxy_hide_header "Cache-Control"; proxy_hide_header "Expires"; proxy_hide_header "Pragma"; + brotli_static on; gzip_static on; + } + + # ========================================================================== + # GRUPO 2: CACHE DE APIS DINÂMICAS (CURTA/MÉDIA DURAÇÃO) + # ZONA DE CACHE: nc_api_cache (2GB, 60 minutos de inatividade) + # ========================================================================== + + # --- Cache de Autocomplete (30 segundos) --- + location = /ocs/v2.php/core/autocomplete/get { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri$is_args$args|$cookie_nc_session_id"; + proxy_cache_valid 200 30s; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=30"; + more_set_headers 'X-Autocomplete-Cache: $upstream_cache_status'; + } + + # --- Cache de Busca de Usuários para Partilha (30 segundos) --- + location = /ocs/v2.php/apps/files_sharing/api/v1/sharees { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri$is_args$args|$cookie_nc_session_id"; + proxy_cache_valid 200 30s; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=30"; + more_set_headers 'X-Sharee-Search-Cache: $upstream_cache_status'; + } + + # --- Cache para APIs do Core, Navegação, Status, etc (5-10 segundos) --- + location ~ ^/ocs/v2\.php/(settings/api/declarative/forms|core/navigation/|cloud/capabilities|hovercard/v1/|profile/) { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri$is_args$args|$cookie_nc_session_id"; + proxy_cache_valid 200 5m; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=300"; + more_set_headers 'X-Core-API-Cache: $upstream_cache_status'; + } + + location ~ ^/ocs/v2\.php/apps/user_status/api/v1/(statuses|user_status) { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri$is_args$args|$cookie_nc_session_id"; + proxy_cache_valid 200 10s; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=10"; + more_set_headers 'X-User-Status-Cache: $upstream_cache_status'; + } + + # --- Cache para APIs de Configuração e Listas (longa duração) --- + location = /ocs/v2.php/apps/user_status/api/v1/predefined_statuses { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri"; + proxy_cache_valid 200 1h; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=3600"; + more_set_headers 'X-Predefined-Status-Cache: $upstream_cache_status'; + } + + location ~ ^/ocs/v2\.php/apps/user_ldap/api/v1/config/ { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri"; + proxy_cache_valid 200 15m; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=900"; + more_set_headers 'X-LDAP-Config-Cache: $upstream_cache_status'; + } + + location ~ ^/index\.php/apps/groupfolders/(delegation|folders) { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; + proxy_cache_valid 200 5m; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=300"; + more_set_headers 'X-GroupFolders-Cache: $upstream_cache_status'; + } + + location ~ ^/ocs/v2\.php/apps/updatenotification/api/ { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + set $no_cache 0; if ($request_method != GET) { set $no_cache 1; } + proxy_cache_bypass $no_cache; proxy_no_cache $no_cache; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri"; + proxy_cache_valid 200 1h; + proxy_cache_lock on; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; + add_header Cache-Control "public, max-age=3600"; + more_set_headers 'X-Update-Cache: $upstream_cache_status'; + } + + location ~ ^/(ocs/v[12].php/cloud/users|ocs/v[12].php/privatedata/get|ocs/v2.php/apps/notifications/api/v2/notifications(/.*)?|ocs/v[12].php/cloud/apps|ocs/v[12].php/cloud/user|ocs/v[12].php/privatedata/get/userinfo) { + proxy_pass http://nextcloud_backend; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering on; + proxy_cache nc_api_cache; + proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; + proxy_cache_valid 200 5s; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + more_set_headers 'X-APIMicroCache-Status: $upstream_cache_status'; + } + + # ========================================================================== + # GRUPO 3: TRATAMENTOS ESPECIAIS (OFFICE, WEBDAV, ETC) + # ========================================================================== + + location = /hosting/discovery { + proxy_pass https://officeonline_backend; + proxy_set_header Host "srvoffice001.itguys.com.br"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Accept-Encoding ""; + proxy_ssl_verify off; } location ~ ^/(m|x|we|o|p|wv|op|wd|rtc|rtc2|layouts|view|_layouts)/ { proxy_pass https://officeonline_backend; - proxy_set_header Host "srvoffice001.itguys.com.br"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Accept-Encoding ""; - proxy_buffering off; - proxy_request_buffering off; - proxy_connect_timeout 1200s; - proxy_send_timeout 1200s; - proxy_read_timeout 1200s; + proxy_set_header Host "srvoffice001.itguys.com.br"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Accept-Encoding ""; + proxy_buffering off; proxy_request_buffering off; + proxy_connect_timeout 1200s; proxy_send_timeout 1200s; proxy_read_timeout 1200s; sub_filter 'srvoffice001.itguys.com.br' 'cloud.grupopralog.com.br'; - sub_filter_once off; - sub_filter_types text/css text/javascript application/javascript application/json; - + sub_filter_once off; sub_filter_types text/css text/javascript application/javascript application/json; if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: "$scheme://$http_host"'; more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD'; @@ -146,251 +413,33 @@ server { more_set_headers 'Access-Control-Max-Age: 1728000' always; return 204; } - more_set_headers 'Access-Control-Allow-Origin: "$scheme://$http_host"'; more_set_headers 'Access-Control-Allow-Credentials: true'; } - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff|woff2|ttf|otf|map)$ { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_cache nextcloud_cache; - proxy_cache_valid 200 12h; - proxy_cache_valid any 1m; - proxy_cache_revalidate on; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - more_set_headers 'Cache-Control: public, max-age=43200'; - more_set_headers 'X-Proxy-Cache: $upstream_cache_status'; - - proxy_hide_header "Cache-Control"; - proxy_hide_header "Expires"; - proxy_hide_header "Pragma"; - brotli_static on; - gzip_static on; - } - - #location ~ ^/(remote\.php/(webdav|dav)|ocs/v[12]\.php/apps/forms/api/.*/submissions/files/.*) { - # proxy_pass http://nextcloud_backend; - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_set_header X-Forwarded-Host $host; - # - # proxy_http_version 1.1; - # proxy_set_header Connection ""; - - # # Desabilita o buffering para streaming de arquivos - # proxy_buffering off; - # proxy_request_buffering off; - # - # # Timeouts longos para uploads/downloads - # proxy_connect_timeout 60s; - # proxy_read_timeout 1200s; - # proxy_send_timeout 1200s; - #} - - location = /ocs/v2.php/apps/recommendations/api/v1/recommendations { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_buffering on; - proxy_cache nextcloud_session_cache; - proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args$cookie_nc_session_id"; - proxy_cache_valid 200 1d; - proxy_cache_revalidate on; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - more_set_headers 'X-API-Rec-Cache: $upstream_cache_status'; - } - - location ~ ^/(apps/files/api/v1/folder-tree|ocs/v2\.php/apps/files/api/v1/folder-tree) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - proxy_buffering on; - - # Usar a zona de cache 'foldertree_cache' que você já tinha, ou a 'nextcloud_cache' - proxy_cache foldertree_cache; - proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args$cookie_nc_session_id"; - - # Cache de 3 segundos - proxy_cache_valid 200 3s; - proxy_cache_lock on; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - - # Ignora "no-cache" do backend - proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; - proxy_hide_header "Cache-Control"; - proxy_hide_header "Pragma"; - proxy_hide_header "Expires"; - add_header Cache-Control "public, max-age=3"; - - # Header de depuração - more_set_headers 'X-FolderTree-Cache: $upstream_cache_status'; - } - - location ~ ^/(ocs/v[12].php/cloud/users|ocs/v[12].php/privatedata/get|ocs/v2.php/apps/notifications/api/v2/notifications|ocs/v[12].php/cloud/apps|ocs/v[12].php/cloud/user|ocs/v[12].php/privatedata/get/userinfo) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_buffering on; - proxy_cache nextcloud_cache; - proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - proxy_cache_valid 200 5s; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - more_set_headers 'X-APIMicroCache-Status: $upstream_cache_status'; - } - location ~ ^/(remote\.php/(webdav|dav)|ocs/v[12]\.php/apps/forms/api/.*/submissions/files/.*) { proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - # --- Lógica de Cache vs. Streaming --- - - # 1. Por padrão, desabilitamos o buffering para streaming (uploads/downloads) - proxy_buffering off; - proxy_request_buffering off; - - # 2. SE for um PROPFIND (listagem de diretório), ligamos o buffering e o cache + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; + proxy_http_version 1.1; proxy_set_header Connection ""; + proxy_buffering off; proxy_request_buffering off; if ($request_method = PROPFIND) { - proxy_buffering on; - proxy_request_buffering on; # Necessário para o cache - - proxy_cache nextcloud_cache; # Usar a zona de cache - # IMPORTANTE: Autorizar cache do método PROPFIND + proxy_buffering on; proxy_request_buffering on; + proxy_cache nc_api_cache; # Usando o cache de API para listagens DAV proxy_cache_methods PROPFIND; - # Chave de cache por usuário/sessão proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - - # Cache de 10 segundos para listagens de pasta (status 200 e 207) proxy_cache_valid 200 207 10s; proxy_cache_lock on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - - # Header para depuração more_set_headers 'X-DAV-Cache: $upstream_cache_status'; - - # Ignorar "no-cache" do backend para PROPFIND proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; - proxy_hide_header "Cache-Control"; - proxy_hide_header "Pragma"; - proxy_hide_header "Expires"; add_header Cache-Control "public, max-age=10"; } - - # Timeouts longos (mantém para uploads/downloads) - proxy_connect_timeout 60s; - proxy_read_timeout 1200s; - proxy_send_timeout 1200s; + proxy_connect_timeout 60s; proxy_read_timeout 1200s; proxy_send_timeout 1200s; } - location ~ ^/(apps/tables/(api|row|share)|index\.php/apps/tables/api/1|ocs/v2\.php/apps/tables/api/2) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - # Habilita buffering para cache - proxy_buffering on; - - # Define a chave de cache por usuário (baseado no cookie de sessão) - proxy_cache nextcloud_cache; - proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - - # Cache de 3 segundos para dados dinâmicos. - # Isso agrupa requisições idênticas feitas durante o carregamento da página. - proxy_cache_valid 200 3s; - - # Trava o cache para evitar que múltiplas requisições batam no backend (Thundering Herd) - proxy_cache_lock on; - - # Entrega conteúdo antigo se o backend falhar - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - # Força o Nginx a IGNORAR os headers "não-cacheie" (no-cache, no-store) vindos do Nextcloud - proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; - - # Esconde os headers originais do backend para o cliente - proxy_hide_header "Cache-Control"; - proxy_hide_header "Pragma"; - proxy_hide_header "Expires"; - - # Adiciona nosso próprio header de cache para o navegador (3 segundos) - add_header Cache-Control "public, max-age=3"; - - # Header para depuração (para vermos se o cache funcionou) - more_set_headers 'X-Tables-Cache: $upstream_cache_status'; - } - - location ~ ^/(index\.php/apps/files/api/v1/thumbnail/|ocs/v2\.php/apps/files/api/v1/(directEditing|templates|folder-tree)) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - # Habilita buffering para cache - proxy_buffering on; - - # Reutiliza a zona de cache principal - proxy_cache nextcloud_cache; - proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - - # Cache de 3 segundos (bom para APIs) - # Nota: Você poderia criar um cache mais longo (ex: 1h) - # se o /thumbnail/ for muito usado, mas 3s é seguro. - proxy_cache_valid 200 3s; - - # Trava o cache (Thundering Herd) - proxy_cache_lock on; - - # Entrega conteúdo antigo se o backend falhar - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - # Ignora headers "não-cacheie" - proxy_ignore_headers "Cache-Control" "Expires" "Pragma"; - - # Esconde os headers originais - proxy_hide_header "Cache-Control"; - proxy_hide_header "Pragma"; - proxy_hide_header "Expires"; - - # Adiciona nosso header de cache (3 segundos) - add_header Cache-Control "public, max-age=3"; - - # Header para depuração - more_set_headers 'X-Files-API-Cache: $upstream_cache_status'; - } + # ========================================================================== + # GRUPO 4: BLOCO CATCH-ALL FINAL + # ========================================================================== location / { proxy_pass http://nextcloud_backend; @@ -399,7 +448,6 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; - proxy_cache $session_cache_zone; proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args$cookie_nc_session_id"; proxy_cache_valid 200 5m; @@ -407,9 +455,7 @@ server { proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; proxy_cache_bypass $http_cache_control; proxy_no_cache $http_cache_control; - more_set_headers 'X-Session-Cache: $upstream_cache_status'; - proxy_http_version 1.1; proxy_set_header Connection ""; proxy_connect_timeout 60s; @@ -417,8 +463,5 @@ server { proxy_send_timeout 1200s; proxy_buffering on; proxy_request_buffering off; - proxy_buffer_size 512k; - proxy_buffers 32 256k; - proxy_busy_buffers_size 512k; } }