From 6b81dd4c057093c7f6b52b4584626950ccab8e6d Mon Sep 17 00:00:00 2001
From: "srvproxy001.itguys.com.br" <srvproxy001@itguys.com.br>
Date: Mon, 22 Sep 2025 14:19:22 -0300
Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?=
 =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?=
 =?UTF-8?q?5-09-22=2014:19:22?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cloud.grupopralog.com.br.conf             | 100 ++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 nginx/sites-available/cloud.grupopralog.com.br.conf

diff --git a/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/sites-available/cloud.grupopralog.com.br.conf
new file mode 100644
index 0000000..8e723cd
--- /dev/null
+++ b/nginx/sites-available/cloud.grupopralog.com.br.conf
@@ -0,0 +1,100 @@
+# ==============================================================================
+# ARQUIVO DE CONFIGURAÇÃO NGINX PARA NEXTCLOUD
+# DOMÍNIO: cloud.grupopralog.com.br
+# AUTOR: Gemini AI (Especialista NGINX)
+# VERSÃO: 4.0
+# ==============================================================================
+
+# ------------------------------------------------------------------------------
+# A. UPSTREAMS
+# ------------------------------------------------------------------------------
+upstream nextcloud_backend {
+    server 172.16.253.12;
+}
+
+# ==============================================================================
+# B. BLOCO HTTP: Redirecionar para HTTPS
+# ==============================================================================
+server {
+    listen 80;
+    listen [::]:80;
+    server_name cloud.grupopralog.com.br;
+
+    # Desafio para renovação de certificado Let's Encrypt
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    # Redirecionamento permanente para a versão HTTPS do site
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# ==============================================================================
+# C. BLOCO HTTPS: Servidor Principal
+# ==============================================================================
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name cloud.grupopralog.com.br;
+
+    # --------------------------------------------------------------------------
+    # D. PARÂMETROS DE SSL/TLS E SEGURANÇA
+    # --------------------------------------------------------------------------
+    ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem;
+    include /etc/nginx/snippets/ssl_params.conf;
+
+    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Permitted-Cross-Domain-Policies none always;
+    add_header X-Robots-Tag "noindex, nofollow" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # --------------------------------------------------------------------------
+    # E. PARÂMETROS GERAIS DO SERVIDOR
+    # --------------------------------------------------------------------------
+    client_max_body_size 10G;
+    access_log /var/log/nginx/access.log detailed_proxy;
+    error_log /var/log/nginx/error.log;
+    include /etc/nginx/snippets/custom_errors.conf;
+    include /etc/nginx/snippets/global_robots.conf;
+
+    # --------------------------------------------------------------------------
+    # H. ROTAS ESPECÍFICAS (LOCATIONS)
+    # --------------------------------------------------------------------------
+
+    # H.1. Rota para redirecionamentos de CalDAV e CardDAV
+    location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }
+    location = /.well-known/caldav  { return 301 $scheme://$host/remote.php/dav; }
+    
+    # --------------------------------------------------------------------------
+    # H.2. Rota Principal da Aplicação Nextcloud
+    # --------------------------------------------------------------------------
+    location / {
+        # G. Tratamento de URLs amigáveis
+        rewrite ^\/\.well-known\/(card|cal)dav /remote.php/dav/ permanent;
+        rewrite ^(\/remote\/.+)(\/)$ $1 permanent;
+
+        # Passa a requisição para o backend
+        proxy_pass http://nextcloud_backend;
+
+        # F. Cabeçalhos de Proxy
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+
+        # Parâmetros adicionais de proxy
+        proxy_http_version 1.1;
+        proxy_connect_timeout 60s;
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+        proxy_buffering off;
+        proxy_request_buffering off;
+    }
+}