joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-11-10 23:01:01

This commit is contained in:
srvproxy001.itguys.com.br 2025-11-10 23:01:01 -03:00
parent 46218a830d
commit a2dab6ecb2
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
nginx/nginx.conf
View File

@ -51,7 +51,9 @@ http {
proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off;
proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off;
proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off;
proxy_cache_path /var/cache/nginx/nextcloud_cache_grupopralog levels=1:2 keys_zone=nextcloud_cache:120m max_size=10g inactive=6h use_temp_path=off;
# Caches for cloud.grupopralog.com.br
proxy_cache_path /var/cache/nginx/nc_static_cache levels=1:2 keys_zone=nc_static_cache:60m max_size=5g inactive=7d use_temp_path=off;
proxy_cache_path /var/cache/nginx/nc_api_cache levels=1:2 keys_zone=nc_api_cache:60m max_size=2g inactive=60m use_temp_path=off;
proxy_cache_path /var/cache/nginx/nextcloud_session_cache levels=1:2 keys_zone=nextcloud_session_cache:50m max_size=500m inactive=30m use_temp_path=off;
proxy_cache_path /var/cache/nginx/foldertree_cache keys_zone=foldertree_cache:10m levels=1:2 inactive=1m max_size=100m;
proxy_cache_path /var/cache/nginx/business_cache keys_zone=business_cache:10m inactive=60m max_size=1g;
@ -71,11 +73,24 @@ http {
# Define as 'variáveis' e 'zonas' que os sites podem usar para segurança.
map $http_user_agent $is_bad_bot {
default 0;
~*(nikto|sqlmap|wpscan|gobuster|dirbuster|feroxbuster|nessus|nmap|curl) 1;
# Security Scanners & Malicious Tools
~*(nikto|sqlmap|wpscan|gobuster|dirbuster|feroxbuster|nessus|nmap|masscan|zgrab|censys|shodan) 1;
# Common Crawlers (SEO, etc.)
~*(Googlebot|AdsBot-Google|Bingbot|Slurp|DuckDuckBot|Baiduspider|YandexBot|Sogou|Exabot|facebot|ia_archiver) 1;
# Aggressive Marketing/SEO Crawlers
~*(AhrefsBot|SemrushBot|MJ12bot|DotBot|PetalBot|Bytespider|BLEXBot) 1;
# Block curl for non-internal IPs
~*curl 1;
}
map $is_bad_bot$is_internal $should_block_bot {
default 0; # Default: do not block
"10" 1; # is_bad_bot = 1, is_internal = 0 -> block
}
map $request_uri $is_suspicious_uri {
default 0;
~*(\.env|\.git|/vendor/|/setup\.php|/\.well-known/|/phpmyadmin|/config\.php|composer\.json) 1;
~*(\.env|\.git|/vendor/|/setup\.php|/phpmyadmin|/config\.php|composer\.json) 1;
}
map $is_bad_bot$is_suspicious_uri $block_request {
default 0;
@ -254,3 +269,4 @@ http {
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}