From 619f3467f74e7af4c5a5da1808dddb1b144b53cb Mon Sep 17 00:00:00 2001 From: "srvproxy001.itguys.com.br" Date: Tue, 11 Nov 2025 01:47:49 -0300 Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?= =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?= =?UTF-8?q?5-11-11=2001:47:49?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cloud.grupopralog.com.br.conf | 26 +++++++------------ 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/sites-available/cloud.grupopralog.com.br.conf index 463e919..fa7fe64 100644 --- a/nginx/sites-available/cloud.grupopralog.com.br.conf +++ b/nginx/sites-available/cloud.grupopralog.com.br.conf @@ -1,9 +1,9 @@ # # Configuração de TESTE: cloud.grupopralog.com.br -# Atualizado em: 2025-11-11 @ 01:35 (Horário de Brasília) -# Contexto: Correção do conflito de buffers. -# - proxy_temp_file_write_size aumentado para 512k. -# - Removidas diretivas de buffer duplicadas do location / +# Atualizado em: 2025-11-11 @ 01:45 (Horário de Brasília) +# Contexto: Correção do 502 (Bad Gateway) no Office Online. +# - Adicionado "proxy_ssl_verify off;" ao location WOPI +# para permitir certificado autoassinado do backend. # map $request_uri $cache_asset { @@ -71,12 +71,9 @@ server { proxy_connect_timeout 1200s; proxy_send_timeout 1200s; proxy_read_timeout 1200s; - - # --- CORRIGIDO AQUI --- - # Deve ser >= proxy_buffer_size (512k) proxy_temp_file_write_size 512k; - # Ocultar headers do backend (Sintaxe Corrigida) + # Ocultar headers do backend proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header Feature-Policy; @@ -86,7 +83,7 @@ server { ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem; ssl_protocols TLSv1.3 TLSv1.2; - ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY_1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'; + ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY_1305_SHA2ANET-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'; ssl_prefer_server_ciphers on; ssl_ecdh_curve X25519:secp256r1:secp384r1; ssl_dhparam /etc/nginx/dhparam.pem; @@ -144,11 +141,13 @@ server { proxy_connect_timeout 1200s; proxy_send_timeout 1200s; proxy_read_timeout 1200s; - proxy_ssl_verify off; sub_filter 'srvoffice001.itguys.com.br' 'cloud.grupopralog.com.br'; sub_filter_once off; sub_filter_types text/css text/javascript application/javascript application/json; + # --- CORRIGIDO AQUI (Adicionado para corrigir o 502) --- + proxy_ssl_verify off; + if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: "$scheme://$http_host"'; more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD'; @@ -182,12 +181,5 @@ server { proxy_send_timeout 1200s; proxy_buffering on; proxy_request_buffering off; - - # --- REMOVIDO DAQUI --- - # Estas diretivas já estão definidas no bloco 'server' - # e são herdadas aqui. - # proxy_buffer_size 512k; - # proxy_buffers 32 256k; - # proxy_busy_buffers_size 512k; } }