From 894796ea7c073ac451548bcaeb22c1aab51da56c Mon Sep 17 00:00:00 2001 From: "srvproxy001.itguys.com.br" Date: Sat, 6 Dec 2025 00:39:27 -0300 Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?= =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?= =?UTF-8?q?5-12-06=2000:39:27?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx/.certbot.lock | 0 nginx/nginx.conf | 2 + nginx/sites-available/default-catchall.conf | 67 +++++++++++++++++++++ 3 files changed, 69 insertions(+) create mode 100644 nginx/.certbot.lock diff --git a/nginx/.certbot.lock b/nginx/.certbot.lock new file mode 100644 index 0000000..e69de29 diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 99be1af..e8f28a8 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -33,6 +33,8 @@ events { } http { +server_names_hash_bucket_size 128; +include /etc/letsencrypt/le_http_01_cert_challenge.conf; # --- Configurações Globais Mínimas --- sendfile on; tcp_nopush on; diff --git a/nginx/sites-available/default-catchall.conf b/nginx/sites-available/default-catchall.conf index 0080493..e19e8ee 100644 --- a/nginx/sites-available/default-catchall.conf +++ b/nginx/sites-available/default-catchall.conf @@ -103,3 +103,70 @@ server { return 404; } } + + +server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot + +rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot + + + # --- Bloco 1: Configurações de Escuta e Servidor Padrão --- + listen 80 ; + listen [::]:80 ; + listen 8080 ; + listen 443 ssl http2 ; + listen [::]:443 ssl http2 ; + + # --- Bloco 2: Configurações de SSL --- + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + # --- Bloco 3: Nome do Servidor --- + server_name www.enseg.com.br enseg.com.br; # managed by Certbot + + # --- Bloco 4: Gestão de Logs --- + access_log off; + log_not_found off; + + # --- Bloco 5: Diretório Raiz para os Ficheiros de Erro --- + root /var/www/html/errors; + + # --- Bloco 6: Mapeamento de Códigos de Erro para Páginas Personalizadas --- + location = /nginx_status { + stub_status; + + # --- Segurança (removi a linha duplicada para limpeza) --- + allow 127.0.0.1; # Acesso local (localhost) + allow 172.16.254.1; # Permite o próprio servidor / Zabbix + deny all; # Bloqueia todos os outros + } + + error_page 403 /403.html; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + + # --- Bloco 7: Lógica para Servir as Páginas de Erro de Forma Segura --- + location = /403.html { + internal; + } + + location = /404.html { + internal; + } + + location = /50x.html { + internal; + } + + # --- Bloco 8: Ação Padrão para Todas as Requisições --- + # Retorna 404 para qualquer URI, o que aciona a regra "error_page" correspondente. + location / { + return 404; + } + +location = /.well-known/acme-challenge/E0FFk2o2YIoAWaDSOItFmLJCQEpDdrI81GvVyIrSzCI{default_type text/plain;return 200 E0FFk2o2YIoAWaDSOItFmLJCQEpDdrI81GvVyIrSzCI.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot + + +location = /.well-known/acme-challenge/R2POPZkiUgPRjGFy0yp2TBXsnwhe3IuRhUOi_7u0iY8{default_type text/plain;return 200 R2POPZkiUgPRjGFy0yp2TBXsnwhe3IuRhUOi_7u0iY8.6NQOP-_cyjMVLz8P4PfH0klS5ZH2qgREfeMrgpUfnEk;} # managed by Certbot + +} \ No newline at end of file