diff --git a/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/sites-available/cloud.grupopralog.com.br.conf index 6074240..a296f31 100644 --- a/nginx/sites-available/cloud.grupopralog.com.br.conf +++ b/nginx/sites-available/cloud.grupopralog.com.br.conf @@ -1,9 +1,8 @@ # -# Configuração: cloud.grupopralog.com.br -# Atualizado em: 2025-11-11 @ 01:20 (Horário de Brasília) -# Contexto: Correção de sintaxe EM TODOS OS BLOCOS. -# Remoção de aspas ("") das diretivas proxy_hide_header -# e proxy_ignore_headers. +# Configuração de TESTE: cloud.grupopralog.com.br +# Atualizado em: 2025-11-11 @ 01:24 (Horário de Brasília) +# Contexto: TESTE. Remoção de TODAS as diretivas de proxy_cache +# para isolar o erro de sintaxe "Pragma". # map $request_uri $cache_asset { @@ -33,9 +32,6 @@ upstream officeonline_backend { server 172.16.253.101; } -upstream windmill_backend { - server 172.16.253.103:8000; -} server { listen 80; @@ -61,11 +57,6 @@ server { error_log /var/log/nginx/cloud.grupopralog.com.br.error.log warn; access_log /var/log/nginx/cloud.grupopralog.com.br.bad-bot.log suspicious_bot if=$is_bad_bot; - #if ($block_request) { - # return 404; - #} - #limit_req zone=global_limit burst=100 nodelay; - # Segurança Headers add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header X-Content-Type-Options "nosniff" always; @@ -82,7 +73,7 @@ server { proxy_read_timeout 1200s; proxy_temp_file_write_size 256k; - # Ocultar headers do backend (CORRIGIDO: Sem aspas) + # Ocultar headers do backend (Sintaxe Corrigida) proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header Feature-Policy; @@ -130,8 +121,6 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Accept-Encoding ""; - - # IMPORTANTE: Permite que o Nginx se conecte ao OOS com certificado autoassinado. proxy_ssl_verify off; } @@ -169,200 +158,11 @@ server { more_set_headers 'Access-Control-Allow-Credentials: true'; } - # Cache: Assets Estáticos - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff|woff2|ttf|otf|map)$ { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_cache nextcloud_cache; - proxy_cache_valid 200 12h; - proxy_cache_valid any 1m; - proxy_cache_revalidate on; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + # + # TODOS OS BLOCOS DE CACHE DE API, ESTÁTICOS E DAV FORAM REMOVIDOS PARA TESTE. + # - more_set_headers 'Cache-Control: public, max-age=43200'; - more_set_headers 'X-Proxy-Cache: $upstream_cache_status'; - - # CORRIGIDO: Sem aspas - proxy_hide_header Cache-Control; - proxy_hide_header Expires; - proxy_hide_header Pragma; - brotli_static on; - gzip_static on; - } - - # Cache: API Recommendations - location = /ocs/v2.php/apps/recommendations/api/v1/recommendations { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_buffering on; - proxy_cache nextcloud_session_cache; - proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args$cookie_nc_session_id"; - proxy_cache_valid 200 1d; - proxy_cache_revalidate on; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - more_set_headers 'X-API-Rec-Cache: $upstream_cache_status'; - } - - # Cache: API Folder-Tree - location ~ ^/(apps/files/api/v1/folder-tree|ocs/v2\.php/apps/files/api/v1/folder-tree) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - proxy_buffering on; - - proxy_cache foldertree_cache; - proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args$cookie_nc_session_id"; - - # Cache de 3 segundos - proxy_cache_valid 200 3s; - proxy_cache_lock on; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - - # CORRIGIDO: Sem aspas - proxy_ignore_headers Cache-Control Expires Pragma; - proxy_hide_header Cache-Control; - proxy_hide_header Pragma; - proxy_hide_header Expires; - add_header Cache-Control "public, max-age=3"; - - more_set_headers 'X-FolderTree-Cache: $upstream_cache_status'; - } - - # Cache: API User Info/Notifications - location ~ ^/(ocs/v[12].php/cloud/users|ocs/v[12].php/privatedata/get|ocs/v2.php/apps/notifications/api/v2/notifications|ocs/v[12].php/cloud/apps|ocs/v[12].php/cloud/user|ocs/v[12].php/privatedata/get/userinfo) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_buffering on; - proxy_cache nextcloud_cache; - proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - proxy_cache_valid 200 5s; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - more_set_headers 'X-APIMicroCache-Status: $upstream_cache_status'; - } - - # DAV (WebDAV / PROPFIND Cache) - location ~ ^/(remote\.php/(webdav|dav)|ocs/v[12]\.php/apps/forms/api/.*/submissions/files/.*) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - # 1. Por padrão, desabilitamos o buffering para streaming (uploads/downloads) - proxy_buffering off; - proxy_request_buffering off; - - # 2. SE for um PROPFIND (listagem de diretório), ligamos o buffering e o cache - if ($request_method = PROPFIND) { - proxy_buffering on; - proxy_request_buffering on; # Necessário para o cache - - proxy_cache nextcloud_cache; # Usar a zona de cache - proxy_cache_methods PROPFIND; - proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - - proxy_cache_valid 200 207 10s; - proxy_cache_lock on; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - - more_set_headers 'X-DAV-Cache: $upstream_cache_status'; - - # CORRIGIDO: Sem aspas - proxy_ignore_headers Cache-Control Expires Pragma; - proxy_hide_header Cache-Control; - proxy_hide_header Pragma; - proxy_hide_header Expires; - add_header Cache-Control "public, max-age=10"; - } - - # Timeouts longos (mantém para uploads/downloads) - proxy_connect_timeout 60s; - proxy_read_timeout 1200s; - proxy_send_timeout 1200s; - } - - # Cache: API Tables - location ~ ^/(apps/tables/(api|row|share)|index\.php/apps/tables/api/1|ocs/v2\.php/apps/tables/api/2) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - proxy_buffering on; - - proxy_cache nextcloud_cache; - proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - - proxy_cache_valid 200 3s; - proxy_cache_lock on; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - # CORRIGIDO: Sem aspas - proxy_ignore_headers Cache-Control Expires Pragma; - proxy_hide_header Cache-Control; - proxy_hide_header Pragma; - proxy_hide_header Expires; - - add_header Cache-Control "public, max-age=3"; - more_set_headers 'X-Tables-Cache: $upstream_cache_status'; - } - - # Cache: API Thumbnails / Direct Editing - location ~ ^/(index\.php/apps/files/api/v1/thumbnail/|ocs/v2\.php/apps/files/api/v1/(directEditing|templates|folder-tree)) { - proxy_pass http://nextcloud_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_http_version 1.1; - proxy_set_header Connection ""; - - proxy_buffering on; - - proxy_cache nextcloud_cache; - proxy_cache_key "$host$request_uri|$cookie_nc_session_id"; - - proxy_cache_valid 200 3s; - proxy_cache_lock on; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - # CORRIGIDO: Sem aspas - proxy_ignore_headers Cache-Control Expires Pragma; - proxy_hide_header Cache-Control; - proxy_hide_header Pragma; - proxy_hide_header Expires; - - add_header Cache-Control "public, max-age=3"; - more_set_headers 'X-Files-API-Cache: $upstream_cache_status'; - } - - # Location Padrão (Catch-all) + # Location Padrão (Catch-all) - SEM CACHE location / { proxy_pass http://nextcloud_backend; proxy_set_header Host $host; @@ -371,16 +171,6 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; - proxy_cache $session_cache_zone; - proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args$cookie_nc_session_id"; - proxy_cache_valid 200 5m; - proxy_cache_revalidate on; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - proxy_cache_bypass $http_cache_control; - proxy_no_cache $http_cache_control; - - more_set_headers 'X-Session-Cache: $upstream_cache_status'; - proxy_http_version 1.1; proxy_set_header Connection ""; proxy_connect_timeout 60s;