From b7301c6ba42913086c7921604cdfa3237cf0fa27 Mon Sep 17 00:00:00 2001 From: "srvproxy001.itguys.com.br" Date: Tue, 16 Sep 2025 23:49:45 -0300 Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?= =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?= =?UTF-8?q?5-09-16=2023:49:45?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx/snippets/proxy_params.conf | 8 ++++++++ nginx/snippets/ssl_params.conf | 13 +++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 nginx/snippets/proxy_params.conf create mode 100644 nginx/snippets/ssl_params.conf diff --git a/nginx/snippets/proxy_params.conf b/nginx/snippets/proxy_params.conf new file mode 100644 index 0000000..05d8d60 --- /dev/null +++ b/nginx/snippets/proxy_params.conf @@ -0,0 +1,8 @@ +# /etc/nginx/snippets/proxy_params.conf +# +# Cabeçalhos de proxy padrão para encaminhar informações do cliente para o backend. + +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/snippets/ssl_params.conf b/nginx/snippets/ssl_params.conf new file mode 100644 index 0000000..41b5a75 --- /dev/null +++ b/nginx/snippets/ssl_params.conf @@ -0,0 +1,13 @@ +# /etc/nginx/snippets/ssl_params.conf +# +# Parâmetros de SSL e segurança recomendados e centralizados. + +# Configurações de protocolo e cifras seguras. +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers on; +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + +# Cabeçalhos de segurança HTTP. +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-Frame-Options "SAMEORIGIN" always;