From 7332161f759750ecd6d5e21c3146917f3277b518 Mon Sep 17 00:00:00 2001 From: "srvproxy001.itguys.com.br" Date: Sat, 20 Sep 2025 11:57:56 -0300 Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?= =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?= =?UTF-8?q?5-09-20=2011:57:56?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx/nginx.conf | 147 +++++++++++++++++++++++++++-------------------- 1 file changed, 84 insertions(+), 63 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index f52668a..5b39214 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,83 +1,104 @@ +# ============================================================================== +# FICHEIRO DE CONFIGURAÇÃO GLOBAL DO NGINX (/etc/nginx/nginx.conf) +# +# Versão final e limpa, desenhada para carregar módulos dinâmicos +# da forma padrão do Debian. +# ============================================================================== + +# --- Configurações Gerais --- user www-data; worker_processes auto; +worker_rlimit_nofile 65535; pid /run/nginx.pid; error_log /var/log/nginx/error.log; +# A linha abaixo é a mais importante: ela carrega automaticamente todos os +# módulos que instalámos (Stream, ModSecurity, GeoIP2). include /etc/nginx/modules-enabled/*.conf; +# --- Bloco de Eventos --- events { - worker_connections 768; - # multi_accept on; + worker_connections 16384; + multi_accept on; } +# ============================================================================== +# BLOCO HTTP: Para todo o tráfego Web (Sites, APIs, etc.) +# ============================================================================== http { + # --- Configurações de Cache --- + proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; + proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; + proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; - ## - # Basic Settings - ## + # --- Configurações Básicas e de Performance --- + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; + include /etc/nginx/mime.types; + default_type application/octet-stream; - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - # server_tokens off; + # --- Otimizações de Proxy Reverso e Buffers --- + client_body_buffer_size 128k; + client_max_body_size 10G; + proxy_buffer_size 16k; + proxy_buffers 8 16k; + proxy_busy_buffers_size 32k; - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; + # --- Otimizações de Keep-Alive e Timeouts --- + keepalive_timeout 65s; + keepalive_requests 1000; + send_timeout 10s; - include /etc/nginx/mime.types; - default_type application/octet-stream; + # --- Configurações de Segurança (WAF) --- + # Agora que o módulo está carregado, estas diretivas irão funcionar. + modsecurity on; + modsecurity_rules_file /etc/nginx/modsecurity.conf; - ## - # SSL Settings - ## + # --- Configurações do GeoIP2 --- + # Esta diretiva agora será reconhecida pelo Nginx. + geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { + $geoip2_country_code country iso_code; + $geoip2_country_name country names en; + $geoip2_region_name subdivisions 0 names en; + $geoip2_city_name city names en; + $geoip2_latitude location latitude; + $geoip2_longitude location longitude; + $geoip2_asn autonomous_system_number; + $geoip2_isp autonomous_system_organization; + } - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; + # --- Configurações de Logging --- + log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","cache_status":"$upstream_cache_status","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; + access_log /var/log/nginx/access.log detailed_proxy; - ## - # Logging Settings - ## + # --- Configurações de Compressão --- + include /etc/nginx/snippets/compression_params.conf; - access_log /var/log/nginx/access.log; - - ## - # Gzip Settings - ## - - gzip on; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; + # --- Carregar Ficheiros de Configuração dos Sites --- + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; } - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} +# ============================================================================== +# BLOCO STREAM: Para tráfego TCP/UDP (Telefonia, SSL Passthrough) +# ============================================================================== +stream { + # (O seu bloco stream existente vai aqui, sem alterações) + server { + listen 5060; + proxy_pass 172.16.254.130:5060; + } + server { + listen 5060 udp; + proxy_pass 172.16.254.130:5060; + } + server { + listen 10000-20000 udp; + proxy_pass 172.16.254.130:$server_port; + } +}