joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-09-22 14:19:22

This commit is contained in:
srvproxy001.itguys.com.br 2025-09-22 14:19:22 -03:00
parent a9d36a503a
commit 6b81dd4c05
1 changed files with 100 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
nginx/sites-available/cloud.grupopralog.com.br.conf Normal file
View File

@ -0,0 +1,100 @@
# ==============================================================================
# ARQUIVO DE CONFIGURAÇÃO NGINX PARA NEXTCLOUD
# DOMÍNIO: cloud.grupopralog.com.br
# AUTOR: Gemini AI (Especialista NGINX)
# VERSÃO: 4.0
# ==============================================================================
# ------------------------------------------------------------------------------
# A. UPSTREAMS
# ------------------------------------------------------------------------------
upstream nextcloud_backend {
server 172.16.253.12;
}
# ==============================================================================
# B. BLOCO HTTP: Redirecionar para HTTPS
# ==============================================================================
server {
listen 80;
listen [::]:80;
server_name cloud.grupopralog.com.br;
# Desafio para renovação de certificado Let's Encrypt
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Redirecionamento permanente para a versão HTTPS do site
location / {
return 301 https://$host$request_uri;
}
}
# ==============================================================================
# C. BLOCO HTTPS: Servidor Principal
# ==============================================================================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.grupopralog.com.br;
# --------------------------------------------------------------------------
# D. PARÂMETROS DE SSL/TLS E SEGURANÇA
# --------------------------------------------------------------------------
ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem;
include /etc/nginx/snippets/ssl_params.conf;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# --------------------------------------------------------------------------
# E. PARÂMETROS GERAIS DO SERVIDOR
# --------------------------------------------------------------------------
client_max_body_size 10G;
access_log /var/log/nginx/access.log detailed_proxy;
error_log /var/log/nginx/error.log;
include /etc/nginx/snippets/custom_errors.conf;
include /etc/nginx/snippets/global_robots.conf;
# --------------------------------------------------------------------------
# H. ROTAS ESPECÍFICAS (LOCATIONS)
# --------------------------------------------------------------------------
# H.1. Rota para redirecionamentos de CalDAV e CardDAV
location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }
location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }
# --------------------------------------------------------------------------
# H.2. Rota Principal da Aplicação Nextcloud
# --------------------------------------------------------------------------
location / {
# G. Tratamento de URLs amigáveis
rewrite ^\/\.well-known\/(card|cal)dav /remote.php/dav/ permanent;
rewrite ^(\/remote\/.+)(\/)$ $1 permanent;
# Passa a requisição para o backend
proxy_pass http://nextcloud_backend;
# F. Cabeçalhos de Proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Parâmetros adicionais de proxy
proxy_http_version 1.1;
proxy_connect_timeout 60s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_buffering off;
proxy_request_buffering off;
}
}