joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-11-11 01:47:49

This commit is contained in:
srvproxy001.itguys.com.br 2025-11-11 01:47:49 -03:00
parent f223cd4691
commit 619f3467f7
1 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
nginx/sites-available/cloud.grupopralog.com.br.conf
View File

@ -1,9 +1,9 @@
#
# Configuração de TESTE: cloud.grupopralog.com.br
# Atualizado em: 2025-11-11 @ 01:35 (Horário de Brasília)
# Contexto: Correção do conflito de buffers.
# - proxy_temp_file_write_size aumentado para 512k.
# - Removidas diretivas de buffer duplicadas do location /
# Atualizado em: 2025-11-11 @ 01:45 (Horário de Brasília)
# Contexto: Correção do 502 (Bad Gateway) no Office Online.
# - Adicionado "proxy_ssl_verify off;" ao location WOPI
# para permitir certificado autoassinado do backend.
#
map $request_uri $cache_asset {
@ -71,12 +71,9 @@ server {
proxy_connect_timeout 1200s;
proxy_send_timeout 1200s;
proxy_read_timeout 1200s;
# --- CORRIGIDO AQUI ---
# Deve ser >= proxy_buffer_size (512k)
proxy_temp_file_write_size 512k;
# Ocultar headers do backend (Sintaxe Corrigida)
# Ocultar headers do backend
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-Frame-Options;
proxy_hide_header Feature-Policy;
@ -86,7 +83,7 @@ server {
ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY_1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY_1305_SHA2ANET-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve X25519:secp256r1:secp384r1;
ssl_dhparam /etc/nginx/dhparam.pem;
@ -144,11 +141,13 @@ server {
proxy_connect_timeout 1200s;
proxy_send_timeout 1200s;
proxy_read_timeout 1200s;
proxy_ssl_verify off;
sub_filter 'srvoffice001.itguys.com.br' 'cloud.grupopralog.com.br';
sub_filter_once off;
sub_filter_types text/css text/javascript application/javascript application/json;
# --- CORRIGIDO AQUI (Adicionado para corrigir o 502) ---
proxy_ssl_verify off;
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: "$scheme://$http_host"';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD';
@ -182,12 +181,5 @@ server {
proxy_send_timeout 1200s;
proxy_buffering on;
proxy_request_buffering off;
# --- REMOVIDO DAQUI ---
# Estas diretivas já estão definidas no bloco 'server'
# e são herdadas aqui.
# proxy_buffer_size 512k;
# proxy_buffers 32 256k;
# proxy_busy_buffers_size 512k;
}
}