From d0c14b76b385d5b7b754de88913d25ac2c55d16a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Pedro=20Toledo?= <joao.goncalves@itguys.com.br>
Date: Tue, 27 Jan 2026 08:56:09 -0300
Subject: [PATCH] fix(nginx): replace missing ssl include with explicit params
 in vcenter config

---
 conf.d/vcenter.itguys.com.br.conf | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/conf.d/vcenter.itguys.com.br.conf b/conf.d/vcenter.itguys.com.br.conf
index ce24ffd..fb7e382 100644
--- a/conf.d/vcenter.itguys.com.br.conf
+++ b/conf.d/vcenter.itguys.com.br.conf
@@ -34,8 +34,9 @@ server {
 
 # Servidor principal que lida com o tráfego HTTPS (Porta 443)
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    http2 on;
+    listen [::]:443 ssl;
     server_name vcenter.itguys.com.br;
 
     # --- Logs ---
@@ -46,7 +47,16 @@ server {
     # O Certbot irá criar e preencher estes caminhos automaticamente.
     #ssl_certificate /etc/letsencrypt/live/vcenter.itguys.com.br/fullchain.pem;
     #ssl_certificate_key /etc/letsencrypt/live/vcenter.itguys.com.br/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
+    
+    # Substituindo include por config explícita para evitar erro de arquivo inexistente
+    # include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_protocols TLSv1.3 TLSv1.2;
+    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout 1d;
+    ssl_session_tickets off;    
+    
+    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     # --- Cabeçalhos de Segurança ---