diff --git a/nginx/snippets/proxy_params.conf b/nginx/snippets/proxy_params.conf
new file mode 100644
index 0000000..05d8d60
--- /dev/null
+++ b/nginx/snippets/proxy_params.conf
@@ -0,0 +1,8 @@
+# /etc/nginx/snippets/proxy_params.conf
+#
+# Cabeçalhos de proxy padrão para encaminhar informações do cliente para o backend.
+
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/nginx/snippets/ssl_params.conf b/nginx/snippets/ssl_params.conf
new file mode 100644
index 0000000..41b5a75
--- /dev/null
+++ b/nginx/snippets/ssl_params.conf
@@ -0,0 +1,13 @@
+# /etc/nginx/snippets/ssl_params.conf
+#
+# Parâmetros de SSL e segurança recomendados e centralizados.
+
+# Configurações de protocolo e cifras seguras.
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers on;
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+
+# Cabeçalhos de segurança HTTP.
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-Frame-Options "SAMEORIGIN" always;