From d4a36de60aafc58091f37ddadee5d442be0a140d Mon Sep 17 00:00:00 2001 From: "srvproxy001.itguys.com.br" Date: Sat, 20 Sep 2025 12:34:38 -0300 Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?= =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?= =?UTF-8?q?5-09-20=2012:34:38?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../conf.d/zabbix-nginx-status.conf | 0 nginx/modsecurity.conf | 298 +++++++++++++++++- .../modsecurity/exchange-rule-exceptions.conf | 0 .../modsecurity/gitea-rule-exceptions.conf | 0 .../modsecurity/global-exceptions.conf | 0 .../modsecurity/grafana-rule-exceptions.conf | 0 .../nextcloud-rule-exceptions.conf | 0 .../modsecurity/zabbix-rule-exceptions.conf | 0 .../modsecurity/zammad-rule-exceptions.conf | 0 .../modsecurity_includes.conf | 0 .../conf.d/default.conf | 44 --- nginx/nginx.bak-revert-debian/fastcgi.conf | 27 -- nginx/nginx.bak-revert-debian/fastcgi_params | 25 -- nginx/nginx.bak-revert-debian/koi-utf | 109 ------- nginx/nginx.bak-revert-debian/koi-win | 103 ------ nginx/nginx.bak-revert-debian/mime.types | 99 ------ .../nginx.bak-revert-debian/modsecurity.conf | 289 ----------------- nginx/nginx.bak-revert-debian/modules | 1 - nginx/nginx.bak-revert-debian/nginx.conf | 108 ------- .../nginx.conf.dpkg-dist | 32 -- .../nginx/conf.d/default.conf | 44 --- .../nginx/conf.d/zabbix-nginx-status.conf | 16 - .../nginx/fastcgi.conf | 27 -- .../nginx/fastcgi_params | 25 -- nginx/nginx.bak-revert-debian/nginx/koi-utf | 109 ------- nginx/nginx.bak-revert-debian/nginx/koi-win | 103 ------ .../nginx.bak-revert-debian/nginx/mime.types | 99 ------ .../nginx/modsecurity.conf | 289 ----------------- .../modsecurity/exchange-rule-exceptions.conf | 8 - .../modsecurity/gitea-rule-exceptions.conf | 7 - .../nginx/modsecurity/global-exceptions.conf | 56 ---- .../modsecurity/grafana-rule-exceptions.conf | 7 - .../nextcloud-rule-exceptions.conf | 14 - .../modsecurity/zabbix-rule-exceptions.conf | 11 - .../modsecurity/zammad-rule-exceptions.conf | 7 - .../nginx/modsecurity_includes.conf | 2 - nginx/nginx.bak-revert-debian/nginx/modules | 1 - .../nginx.bak-revert-debian/nginx/nginx.conf | 106 ------- .../nginx/nginx.conf.dpkg-dist | 32 -- .../nginx/proxy_params | 4 - .../nginx.bak-revert-debian/nginx/scgi_params | 17 - .../business.itguys.com.br.conf | 96 ------ .../cloud.grupopralog.com.br.conf | 91 ------ .../nginx/sites-available/default | 93 ------ .../nginx/sites-available/default-catchall | 37 --- .../nginx/sites-available/itguys.com.br.conf | 105 ------ .../sites-available/katalog.itguys.com.br | 79 ----- .../nginx/sites-available/ns1.itguys.com.br | 80 ----- .../telefonia.itguys.com.br.conf | 68 ---- .../sites-available/zammad.itguys.com.br.conf | 81 ----- .../nginx/snippets/fastcgi-php.conf | 13 - .../nginx/snippets/snakeoil.conf | 5 - .../nginx/uwsgi_params | 17 - nginx/nginx.bak-revert-debian/nginx/win-utf | 125 -------- nginx/nginx.bak-revert-debian/proxy_params | 4 - nginx/nginx.bak-revert-debian/scgi_params | 17 - .../sites-available/default | 93 ------ .../sites-available/default-modsecurity.conf | 98 ------ .../dns-primario.itguys.com.br | 63 ---- .../sites-available/git.itguys.com.br.conf | 112 ------- .../sites-available/mimir.itguys.com.br | 82 ----- .../monitoramento.itguys.com.br | 83 ----- .../sites-available/ns2.itguys.com.br | 80 ----- .../sites-available/proxy.itguys.com.br | 71 ----- .../snippets/cache_immutable_static.conf | 22 -- .../snippets/cache_static_assets.conf | 30 -- .../snippets/compression_params.conf | 19 -- .../snippets/fastcgi-php.conf | 13 - .../snippets/global_robots.conf | 13 - .../snippets/internal_networks.conf | 6 - .../snippets/proxy_params.conf | 17 - .../snippets/snakeoil.conf | 5 - .../snippets/ssl_params.conf | 41 --- .../snippets/websocket_params.conf | 16 - nginx/nginx.bak-revert-debian/unicode.mapping | 96 ------ nginx/nginx.bak-revert-debian/uwsgi_params | 17 - nginx/nginx.bak-revert-debian/win-utf | 125 -------- nginx/nginx.conf | 184 +++++++---- .../business.itguys.com.br.conf | 4 - .../cloud.grupopralog.com.br.conf | 4 - nginx/sites-available/default | 2 +- .../sites-available/default-catchall | 2 - .../sites-available/default-modsecurity.conf | 2 - .../dns-primario.itguys.com.br | 4 - .../sites-available/git.itguys.com.br.conf | 4 - .../sites-available/itguys.com.br.conf | 7 - .../sites-available/katalog.itguys.com.br | 4 - .../sites-available/mimir.itguys.com.br | 4 - .../monitoramento.itguys.com.br | 4 - .../sites-available/ns1.itguys.com.br | 4 - .../sites-available/ns2.itguys.com.br | 4 - .../sites-available/proxy.itguys.com.br | 3 - .../telefonia.itguys.com.br.conf | 4 - .../sites-available/zammad.itguys.com.br.conf | 4 - .../snippets/cache_immutable_static.conf | 0 .../snippets/cache_static_assets.conf | 0 .../snippets/compression_params.conf | 0 .../nginx => }/snippets/global_robots.conf | 0 .../snippets/internal_networks.conf | 0 .../nginx => }/snippets/proxy_params.conf | 0 .../nginx => }/snippets/ssl_params.conf | 0 .../nginx => }/snippets/websocket_params.conf | 0 .../nginx => }/unicode.mapping | 0 103 files changed, 400 insertions(+), 3976 deletions(-) rename nginx/{nginx.bak-revert-debian => }/conf.d/zabbix-nginx-status.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity/exchange-rule-exceptions.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity/gitea-rule-exceptions.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity/global-exceptions.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity/grafana-rule-exceptions.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity/nextcloud-rule-exceptions.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity/zabbix-rule-exceptions.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity/zammad-rule-exceptions.conf (100%) rename nginx/{nginx.bak-revert-debian => }/modsecurity_includes.conf (100%) delete mode 100644 nginx/nginx.bak-revert-debian/conf.d/default.conf delete mode 100644 nginx/nginx.bak-revert-debian/fastcgi.conf delete mode 100644 nginx/nginx.bak-revert-debian/fastcgi_params delete mode 100644 nginx/nginx.bak-revert-debian/koi-utf delete mode 100644 nginx/nginx.bak-revert-debian/koi-win delete mode 100644 nginx/nginx.bak-revert-debian/mime.types delete mode 100644 nginx/nginx.bak-revert-debian/modsecurity.conf delete mode 120000 nginx/nginx.bak-revert-debian/modules delete mode 100644 nginx/nginx.bak-revert-debian/nginx.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx.conf.dpkg-dist delete mode 100644 nginx/nginx.bak-revert-debian/nginx/conf.d/default.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/conf.d/zabbix-nginx-status.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/fastcgi.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/fastcgi_params delete mode 100644 nginx/nginx.bak-revert-debian/nginx/koi-utf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/koi-win delete mode 100644 nginx/nginx.bak-revert-debian/nginx/mime.types delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity/exchange-rule-exceptions.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity/gitea-rule-exceptions.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity/global-exceptions.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity/grafana-rule-exceptions.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity/nextcloud-rule-exceptions.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity/zabbix-rule-exceptions.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity/zammad-rule-exceptions.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/modsecurity_includes.conf delete mode 120000 nginx/nginx.bak-revert-debian/nginx/modules delete mode 100644 nginx/nginx.bak-revert-debian/nginx/nginx.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/nginx.conf.dpkg-dist delete mode 100644 nginx/nginx.bak-revert-debian/nginx/proxy_params delete mode 100644 nginx/nginx.bak-revert-debian/nginx/scgi_params delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/business.itguys.com.br.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/cloud.grupopralog.com.br.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/default delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/default-catchall delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/itguys.com.br.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/katalog.itguys.com.br delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/ns1.itguys.com.br delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/telefonia.itguys.com.br.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/sites-available/zammad.itguys.com.br.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/snippets/fastcgi-php.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/snippets/snakeoil.conf delete mode 100644 nginx/nginx.bak-revert-debian/nginx/uwsgi_params delete mode 100644 nginx/nginx.bak-revert-debian/nginx/win-utf delete mode 100644 nginx/nginx.bak-revert-debian/proxy_params delete mode 100644 nginx/nginx.bak-revert-debian/scgi_params delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/default delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/default-modsecurity.conf delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/dns-primario.itguys.com.br delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/git.itguys.com.br.conf delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/mimir.itguys.com.br delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/monitoramento.itguys.com.br delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/ns2.itguys.com.br delete mode 100644 nginx/nginx.bak-revert-debian/sites-available/proxy.itguys.com.br delete mode 100644 nginx/nginx.bak-revert-debian/snippets/cache_immutable_static.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/cache_static_assets.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/compression_params.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/fastcgi-php.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/global_robots.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/internal_networks.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/proxy_params.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/snakeoil.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/ssl_params.conf delete mode 100644 nginx/nginx.bak-revert-debian/snippets/websocket_params.conf delete mode 100644 nginx/nginx.bak-revert-debian/unicode.mapping delete mode 100644 nginx/nginx.bak-revert-debian/uwsgi_params delete mode 100644 nginx/nginx.bak-revert-debian/win-utf rename nginx/{nginx.bak-revert-debian => }/sites-available/business.itguys.com.br.conf (95%) rename nginx/{nginx.bak-revert-debian => }/sites-available/cloud.grupopralog.com.br.conf (95%) rename nginx/{nginx.bak-revert-debian => }/sites-available/default-catchall (95%) rename nginx/{nginx.bak-revert-debian/nginx => }/sites-available/default-modsecurity.conf (96%) rename nginx/{nginx.bak-revert-debian/nginx => }/sites-available/dns-primario.itguys.com.br (92%) rename nginx/{nginx.bak-revert-debian/nginx => }/sites-available/git.itguys.com.br.conf (96%) rename nginx/{nginx.bak-revert-debian => }/sites-available/itguys.com.br.conf (93%) rename nginx/{nginx.bak-revert-debian => }/sites-available/katalog.itguys.com.br (94%) rename nginx/{nginx.bak-revert-debian/nginx => }/sites-available/mimir.itguys.com.br (95%) rename nginx/{nginx.bak-revert-debian/nginx => }/sites-available/monitoramento.itguys.com.br (95%) rename nginx/{nginx.bak-revert-debian => }/sites-available/ns1.itguys.com.br (95%) rename nginx/{nginx.bak-revert-debian/nginx => }/sites-available/ns2.itguys.com.br (95%) rename nginx/{nginx.bak-revert-debian/nginx => }/sites-available/proxy.itguys.com.br (95%) rename nginx/{nginx.bak-revert-debian => }/sites-available/telefonia.itguys.com.br.conf (94%) rename nginx/{nginx.bak-revert-debian => }/sites-available/zammad.itguys.com.br.conf (95%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/cache_immutable_static.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/cache_static_assets.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/compression_params.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/global_robots.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/internal_networks.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/proxy_params.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/ssl_params.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/snippets/websocket_params.conf (100%) rename nginx/{nginx.bak-revert-debian/nginx => }/unicode.mapping (100%) diff --git a/nginx/nginx.bak-revert-debian/conf.d/zabbix-nginx-status.conf b/nginx/conf.d/zabbix-nginx-status.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/conf.d/zabbix-nginx-status.conf rename to nginx/conf.d/zabbix-nginx-status.conf diff --git a/nginx/modsecurity.conf b/nginx/modsecurity.conf index bd8d670..a7c9eeb 100644 --- a/nginx/modsecurity.conf +++ b/nginx/modsecurity.conf @@ -1,17 +1,289 @@ -# /etc/nginx/modsecurity.conf +# -- Rule engine initialization ---------------------------------------------- + +# Enable ModSecurity, attaching it to every transaction. Use detection +# only to start with, because that minimises the chances of post-installation +# disruption. # -# Ficheiro de configuração principal do ModSecurity para o Nginx. -# VERSÃO CORRIGIDA: Carrega as regras diretamente, contornando os ficheiros de setup em falta. - -# Carrega o ficheiro de configuração recomendado do ModSecurity. -Include /etc/modsecurity/modsecurity.conf - -# --- Ativação do Motor de Regras --- SecRuleEngine On -# --- Carregar o Core Rule Set (CRS) do OWASP --- -# Em vez de procurar pelo crs-setup.conf, carregamos diretamente todas as regras. -Include /usr/share/modsecurity-crs/rules/*.conf +# -- Request body handling --------------------------------------------------- -# --- Carregar as NOSSAS Exceções Personalizadas --- -# É CRUCIAL que estas linhas venham DEPOIS das regras do CRS. +# Allow ModSecurity to access request bodies. If you don't, ModSecurity +# won't be able to see any POST parameters, which opens a large security +# hole for attackers to exploit. +# +SecRequestBodyAccess On +SecRequestBodyLimit 10737418240 +SecRequestBodyNoFilesLimit 1048576 + +# Enable XML request body parser. +# Initiate XML Processor in case of xml content-type +# +SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + +# Enable JSON request body parser. +# Initiate JSON Processor in case of JSON content-type; change accordingly +# if your application does not use 'application/json' +# +SecRule REQUEST_HEADERS:Content-Type "^application/json" \ + "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" + +# Sample rule to enable JSON request body parser for more subtypes. +# Uncomment or adapt this rule if you want to engage the JSON +# Processor for "+json" subtypes +# +#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ +# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" + +# Maximum request body size we will accept for buffering. If you support +# file uploads then the value given on the first line has to be as large +# as the largest file you are willing to accept. The second value refers +# to the size of data, with files excluded. You want to keep that value as +# low as practical. +# +SecRequestBodyNoFilesLimit 131072 + +# What to do if the request body size is above our configured limit. +# Keep in mind that this setting will automatically be set to ProcessPartial +# when SecRuleEngine is set to DetectionOnly mode in order to minimize +# disruptions when initially deploying ModSecurity. +# +SecRequestBodyLimitAction Reject + +# Maximum parsing depth allowed for JSON objects. You want to keep this +# value as low as practical. +# +SecRequestBodyJsonDepthLimit 512 + +# Maximum number of args allowed per request. You want to keep this +# value as low as practical. The value should match that in rule 200007. +SecArgumentsLimit 1000 + +# If SecArgumentsLimit has been set, you probably want to reject any +# request body that has only been partly parsed. The value used in this +# rule should match what was used with SecArgumentsLimit +SecRule &ARGS "@ge 1000" \ +"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2" + +# Verify that we've correctly processed the request body. +# As a rule of thumb, when failing to process a request body +# you should reject the request (when deployed in blocking mode) +# or log a high-severity alert (when deployed in detection-only mode). +# +SecRule REQBODY_ERROR "!@eq 0" \ +"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + +# By default be strict with what we accept in the multipart/form-data +# request body. If the rule below proves to be too strict for your +# environment consider changing it to detection-only. You are encouraged +# _not_ to remove it altogether. +# +SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ +"id:'200003',phase:2,t:none,log,deny,status:400, \ +msg:'Multipart request body failed strict validation: \ +PE %{REQBODY_PROCESSOR_ERROR}, \ +BQ %{MULTIPART_BOUNDARY_QUOTED}, \ +BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ +DB %{MULTIPART_DATA_BEFORE}, \ +DA %{MULTIPART_DATA_AFTER}, \ +HF %{MULTIPART_HEADER_FOLDING}, \ +LF %{MULTIPART_LF_LINE}, \ +SM %{MULTIPART_MISSING_SEMICOLON}, \ +IQ %{MULTIPART_INVALID_QUOTING}, \ +IP %{MULTIPART_INVALID_PART}, \ +IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ +FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + +# Did we see anything that might be a boundary? +# +# Here is a short description about the ModSecurity Multipart parser: the +# parser returns with value 0, if all "boundary-like" line matches with +# the boundary string which given in MIME header. In any other cases it returns +# with different value, eg. 1 or 2. +# +# The RFC 1341 descript the multipart content-type and its syntax must contains +# only three mandatory lines (above the content): +# * Content-Type: multipart/mixed; boundary=BOUNDARY_STRING +# * --BOUNDARY_STRING +# * --BOUNDARY_STRING-- +# +# First line indicates, that this is a multipart content, second shows that +# here starts a part of the multipart content, third shows the end of content. +# +# If there are any other lines, which starts with "--", then it should be +# another boundary id - or not. +# +# After 3.0.3, there are two kinds of types of boundary errors: strict and permissive. +# +# If multipart content contains the three necessary lines with correct order, but +# there are one or more lines with "--", then parser returns with value 2 (non-zero). +# +# If some of the necessary lines (usually the start or end) misses, or the order +# is wrong, then parser returns with value 1 (also a non-zero). +# +# You can choose, which one is what you need. The example below contains the +# 'strict' mode, which means if there are any lines with start of "--", then +# ModSecurity blocked the content. But the next, commented example contains +# the 'permissive' mode, then you check only if the necessary lines exists in +# correct order. Whit this, you can enable to upload PEM files (eg "----BEGIN.."), +# or other text files, which contains eg. HTTP headers. +# +# The difference is only the operator - in strict mode (first) the content blocked +# in case of any non-zero value. In permissive mode (second, commented) the +# content blocked only if the value is explicit 1. If it 0 or 2, the content will +# allowed. +# + +# +# See #1747 and #1924 for further information on the possible values for +# MULTIPART_UNMATCHED_BOUNDARY. +# +SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ + "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" + + +# PCRE Tuning +# We want to avoid a potential RegEx DoS condition +# +SecPcreMatchLimit 1000 +SecPcreMatchLimitRecursion 1000 + +# Some internal errors will set flags in TX and we will need to look for these. +# All of these are prefixed with "MSC_". The following flags currently exist: +# +# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. +# +SecRule TX:/^MSC_/ "!@streq 0" \ + "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + + +# -- Response body handling -------------------------------------------------- + +# Allow ModSecurity to access response bodies. +# You should have this directive enabled in order to identify errors +# and data leakage issues. +# +# Do keep in mind that enabling this directive does increases both +# memory consumption and response latency. +# +SecResponseBodyAccess On + +# Which response MIME types do you want to inspect? You should adjust the +# configuration below to catch documents but avoid static files +# (e.g., images and archives). +# +SecResponseBodyMimeType text/plain text/html text/xml + +# Buffer response bodies of up to 512 KB in length. +SecResponseBodyLimit 524288 + +# What happens when we encounter a response body larger than the configured +# limit? By default, we process what we have and let the rest through. +# That's somewhat less secure, but does not break any legitimate pages. +# +SecResponseBodyLimitAction ProcessPartial + + +# -- Filesystem configuration ------------------------------------------------ + +# The location where ModSecurity stores temporary files (for example, when +# it needs to handle a file upload that is larger than the configured limit). +# +# This default setting is chosen due to all systems have /tmp available however, +# this is less than ideal. It is recommended that you specify a location that's private. +# +SecTmpDir /tmp/ + +# The location where ModSecurity will keep its persistent data. This default setting +# is chosen due to all systems have /tmp available however, it +# too should be updated to a place that other users can't access. +# +SecDataDir /tmp/ + + +# -- File uploads handling configuration ------------------------------------- + +# The location where ModSecurity stores intercepted uploaded files. This +# location must be private to ModSecurity. You don't want other users on +# the server to access the files, do you? +# +#SecUploadDir /opt/modsecurity/var/upload/ + +# By default, only keep the files that were determined to be unusual +# in some way (by an external inspection script). For this to work you +# will also need at least one file inspection rule. +# +#SecUploadKeepFiles RelevantOnly + +# Uploaded files are by default created with permissions that do not allow +# any other user to access them. You may need to relax that if you want to +# interface ModSecurity to an external program (e.g., an anti-virus). +# +#SecUploadFileMode 0600 + + +# -- Debug log configuration ------------------------------------------------- + +# The default debug log configuration is to duplicate the error, warning +# and notice messages from the error log. +# +#SecDebugLog /opt/modsecurity/var/log/debug.log +#SecDebugLogLevel 3 + + +# -- Audit log configuration ------------------------------------------------- + +# Log the transactions that are marked by a rule, as well as those that +# trigger a server error (determined by a 5xx or 4xx, excluding 404, +# level response status codes). +# +SecAuditEngine RelevantOnly +SecAuditLogRelevantStatus "^(?:5|4(?!04))" + +# Log everything we know about a transaction. +SecAuditLogParts ABIJDEFHZ + +# Use a single file for logging. This is much easier to look at, but +# assumes that you will use the audit log only ocassionally. +# +SecAuditLogType Serial +SecAuditLog /var/log/nginx/modsec_audit.log + +# Specify the path for concurrent audit logging. +#SecAuditLogStorageDir /opt/modsecurity/var/audit/ + + +# -- Miscellaneous ----------------------------------------------------------- + +# Use the most commonly used application/x-www-form-urlencoded parameter +# separator. There's probably only one application somewhere that uses +# something else so don't expect to change this value. +# +SecArgumentSeparator & + +# Settle on version 0 (zero) cookies, as that is what most applications +# use. Using an incorrect cookie version may open your installation to +# evasion attacks (against the rules that examine named cookies). +# +SecCookieFormat 0 + +# Specify your Unicode Code Point. +# This mapping is used by the t:urlDecodeUni transformation function +# to properly map encoded data to your language. Properly setting +# these directives helps to reduce false positives and negatives. +# +SecUnicodeMapFile unicode.mapping 20127 + +# Improve the quality of ModSecurity by sharing information about your +# current ModSecurity version and dependencies versions. +# The following information will be shared: ModSecurity version, +# Web Server version, APR version, PCRE version, Lua version, Libxml2 +# version, Anonymous unique id for host. +SecStatusEngine On + +# Inclui a configuração inicial do Core Rule Set (CRS) +Include /etc/modsecurity/crs/crs-setup.conf + +# Inclui os arquivos de regras principais da OWASP +Include /usr/share/modsecurity-crs/rules/*.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity/exchange-rule-exceptions.conf b/nginx/modsecurity/exchange-rule-exceptions.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity/exchange-rule-exceptions.conf rename to nginx/modsecurity/exchange-rule-exceptions.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity/gitea-rule-exceptions.conf b/nginx/modsecurity/gitea-rule-exceptions.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity/gitea-rule-exceptions.conf rename to nginx/modsecurity/gitea-rule-exceptions.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity/global-exceptions.conf b/nginx/modsecurity/global-exceptions.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity/global-exceptions.conf rename to nginx/modsecurity/global-exceptions.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity/grafana-rule-exceptions.conf b/nginx/modsecurity/grafana-rule-exceptions.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity/grafana-rule-exceptions.conf rename to nginx/modsecurity/grafana-rule-exceptions.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity/nextcloud-rule-exceptions.conf b/nginx/modsecurity/nextcloud-rule-exceptions.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity/nextcloud-rule-exceptions.conf rename to nginx/modsecurity/nextcloud-rule-exceptions.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity/zabbix-rule-exceptions.conf b/nginx/modsecurity/zabbix-rule-exceptions.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity/zabbix-rule-exceptions.conf rename to nginx/modsecurity/zabbix-rule-exceptions.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity/zammad-rule-exceptions.conf b/nginx/modsecurity/zammad-rule-exceptions.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity/zammad-rule-exceptions.conf rename to nginx/modsecurity/zammad-rule-exceptions.conf diff --git a/nginx/nginx.bak-revert-debian/modsecurity_includes.conf b/nginx/modsecurity_includes.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/modsecurity_includes.conf rename to nginx/modsecurity_includes.conf diff --git a/nginx/nginx.bak-revert-debian/conf.d/default.conf b/nginx/nginx.bak-revert-debian/conf.d/default.conf deleted file mode 100644 index ff2ced6..0000000 --- a/nginx/nginx.bak-revert-debian/conf.d/default.conf +++ /dev/null @@ -1,44 +0,0 @@ -server { - listen 80; - server_name localhost; - - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/nginx/nginx.bak-revert-debian/fastcgi.conf b/nginx/nginx.bak-revert-debian/fastcgi.conf deleted file mode 100644 index d53a628..0000000 --- a/nginx/nginx.bak-revert-debian/fastcgi.conf +++ /dev/null @@ -1,27 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REMOTE_USER $remote_user; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/fastcgi_params b/nginx/nginx.bak-revert-debian/fastcgi_params deleted file mode 100644 index 28decb9..0000000 --- a/nginx/nginx.bak-revert-debian/fastcgi_params +++ /dev/null @@ -1,25 +0,0 @@ - -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/koi-utf b/nginx/nginx.bak-revert-debian/koi-utf deleted file mode 100644 index e7974ff..0000000 --- a/nginx/nginx.bak-revert-debian/koi-utf +++ /dev/null @@ -1,109 +0,0 @@ - -# This map is not a full koi8-r <> utf8 map: it does not contain -# box-drawing and some other characters. Besides this map contains -# several koi8-u and Byelorussian letters which are not in koi8-r. -# If you need a full and standard map, use contrib/unicode2nginx/koi-utf -# map instead. - -charset_map koi8-r utf-8 { - - 80 E282AC ; # euro - - 95 E280A2 ; # bullet - - 9A C2A0 ; #   - - 9E C2B7 ; # · - - A3 D191 ; # small yo - A4 D194 ; # small Ukrainian ye - - A6 D196 ; # small Ukrainian i - A7 D197 ; # small Ukrainian yi - - AD D291 ; # small Ukrainian soft g - AE D19E ; # small Byelorussian short u - - B0 C2B0 ; # ° - - B3 D081 ; # capital YO - B4 D084 ; # capital Ukrainian YE - - B6 D086 ; # capital Ukrainian I - B7 D087 ; # capital Ukrainian YI - - B9 E28496 ; # numero sign - - BD D290 ; # capital Ukrainian soft G - BE D18E ; # capital Byelorussian short U - - BF C2A9 ; # (C) - - C0 D18E ; # small yu - C1 D0B0 ; # small a - C2 D0B1 ; # small b - C3 D186 ; # small ts - C4 D0B4 ; # small d - C5 D0B5 ; # small ye - C6 D184 ; # small f - C7 D0B3 ; # small g - C8 D185 ; # small kh - C9 D0B8 ; # small i - CA D0B9 ; # small j - CB D0BA ; # small k - CC D0BB ; # small l - CD D0BC ; # small m - CE D0BD ; # small n - CF D0BE ; # small o - - D0 D0BF ; # small p - D1 D18F ; # small ya - D2 D180 ; # small r - D3 D181 ; # small s - D4 D182 ; # small t - D5 D183 ; # small u - D6 D0B6 ; # small zh - D7 D0B2 ; # small v - D8 D18C ; # small soft sign - D9 D18B ; # small y - DA D0B7 ; # small z - DB D188 ; # small sh - DC D18D ; # small e - DD D189 ; # small shch - DE D187 ; # small ch - DF D18A ; # small hard sign - - E0 D0AE ; # capital YU - E1 D090 ; # capital A - E2 D091 ; # capital B - E3 D0A6 ; # capital TS - E4 D094 ; # capital D - E5 D095 ; # capital YE - E6 D0A4 ; # capital F - E7 D093 ; # capital G - E8 D0A5 ; # capital KH - E9 D098 ; # capital I - EA D099 ; # capital J - EB D09A ; # capital K - EC D09B ; # capital L - ED D09C ; # capital M - EE D09D ; # capital N - EF D09E ; # capital O - - F0 D09F ; # capital P - F1 D0AF ; # capital YA - F2 D0A0 ; # capital R - F3 D0A1 ; # capital S - F4 D0A2 ; # capital T - F5 D0A3 ; # capital U - F6 D096 ; # capital ZH - F7 D092 ; # capital V - F8 D0AC ; # capital soft sign - F9 D0AB ; # capital Y - FA D097 ; # capital Z - FB D0A8 ; # capital SH - FC D0AD ; # capital E - FD D0A9 ; # capital SHCH - FE D0A7 ; # capital CH - FF D0AA ; # capital hard sign -} diff --git a/nginx/nginx.bak-revert-debian/koi-win b/nginx/nginx.bak-revert-debian/koi-win deleted file mode 100644 index 72afabe..0000000 --- a/nginx/nginx.bak-revert-debian/koi-win +++ /dev/null @@ -1,103 +0,0 @@ - -charset_map koi8-r windows-1251 { - - 80 88 ; # euro - - 95 95 ; # bullet - - 9A A0 ; #   - - 9E B7 ; # · - - A3 B8 ; # small yo - A4 BA ; # small Ukrainian ye - - A6 B3 ; # small Ukrainian i - A7 BF ; # small Ukrainian yi - - AD B4 ; # small Ukrainian soft g - AE A2 ; # small Byelorussian short u - - B0 B0 ; # ° - - B3 A8 ; # capital YO - B4 AA ; # capital Ukrainian YE - - B6 B2 ; # capital Ukrainian I - B7 AF ; # capital Ukrainian YI - - B9 B9 ; # numero sign - - BD A5 ; # capital Ukrainian soft G - BE A1 ; # capital Byelorussian short U - - BF A9 ; # (C) - - C0 FE ; # small yu - C1 E0 ; # small a - C2 E1 ; # small b - C3 F6 ; # small ts - C4 E4 ; # small d - C5 E5 ; # small ye - C6 F4 ; # small f - C7 E3 ; # small g - C8 F5 ; # small kh - C9 E8 ; # small i - CA E9 ; # small j - CB EA ; # small k - CC EB ; # small l - CD EC ; # small m - CE ED ; # small n - CF EE ; # small o - - D0 EF ; # small p - D1 FF ; # small ya - D2 F0 ; # small r - D3 F1 ; # small s - D4 F2 ; # small t - D5 F3 ; # small u - D6 E6 ; # small zh - D7 E2 ; # small v - D8 FC ; # small soft sign - D9 FB ; # small y - DA E7 ; # small z - DB F8 ; # small sh - DC FD ; # small e - DD F9 ; # small shch - DE F7 ; # small ch - DF FA ; # small hard sign - - E0 DE ; # capital YU - E1 C0 ; # capital A - E2 C1 ; # capital B - E3 D6 ; # capital TS - E4 C4 ; # capital D - E5 C5 ; # capital YE - E6 D4 ; # capital F - E7 C3 ; # capital G - E8 D5 ; # capital KH - E9 C8 ; # capital I - EA C9 ; # capital J - EB CA ; # capital K - EC CB ; # capital L - ED CC ; # capital M - EE CD ; # capital N - EF CE ; # capital O - - F0 CF ; # capital P - F1 DF ; # capital YA - F2 D0 ; # capital R - F3 D1 ; # capital S - F4 D2 ; # capital T - F5 D3 ; # capital U - F6 C6 ; # capital ZH - F7 C2 ; # capital V - F8 DC ; # capital soft sign - F9 DB ; # capital Y - FA C7 ; # capital Z - FB D8 ; # capital SH - FC DD ; # capital E - FD D9 ; # capital SHCH - FE D7 ; # capital CH - FF DA ; # capital hard sign -} diff --git a/nginx/nginx.bak-revert-debian/mime.types b/nginx/nginx.bak-revert-debian/mime.types deleted file mode 100644 index 1c00d70..0000000 --- a/nginx/nginx.bak-revert-debian/mime.types +++ /dev/null @@ -1,99 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/nginx/nginx.bak-revert-debian/modsecurity.conf b/nginx/nginx.bak-revert-debian/modsecurity.conf deleted file mode 100644 index a7c9eeb..0000000 --- a/nginx/nginx.bak-revert-debian/modsecurity.conf +++ /dev/null @@ -1,289 +0,0 @@ -# -- Rule engine initialization ---------------------------------------------- - -# Enable ModSecurity, attaching it to every transaction. Use detection -# only to start with, because that minimises the chances of post-installation -# disruption. -# -SecRuleEngine On - -# -- Request body handling --------------------------------------------------- - -# Allow ModSecurity to access request bodies. If you don't, ModSecurity -# won't be able to see any POST parameters, which opens a large security -# hole for attackers to exploit. -# -SecRequestBodyAccess On -SecRequestBodyLimit 10737418240 -SecRequestBodyNoFilesLimit 1048576 - -# Enable XML request body parser. -# Initiate XML Processor in case of xml content-type -# -SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \ - "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" - -# Enable JSON request body parser. -# Initiate JSON Processor in case of JSON content-type; change accordingly -# if your application does not use 'application/json' -# -SecRule REQUEST_HEADERS:Content-Type "^application/json" \ - "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" - -# Sample rule to enable JSON request body parser for more subtypes. -# Uncomment or adapt this rule if you want to engage the JSON -# Processor for "+json" subtypes -# -#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ -# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" - -# Maximum request body size we will accept for buffering. If you support -# file uploads then the value given on the first line has to be as large -# as the largest file you are willing to accept. The second value refers -# to the size of data, with files excluded. You want to keep that value as -# low as practical. -# -SecRequestBodyNoFilesLimit 131072 - -# What to do if the request body size is above our configured limit. -# Keep in mind that this setting will automatically be set to ProcessPartial -# when SecRuleEngine is set to DetectionOnly mode in order to minimize -# disruptions when initially deploying ModSecurity. -# -SecRequestBodyLimitAction Reject - -# Maximum parsing depth allowed for JSON objects. You want to keep this -# value as low as practical. -# -SecRequestBodyJsonDepthLimit 512 - -# Maximum number of args allowed per request. You want to keep this -# value as low as practical. The value should match that in rule 200007. -SecArgumentsLimit 1000 - -# If SecArgumentsLimit has been set, you probably want to reject any -# request body that has only been partly parsed. The value used in this -# rule should match what was used with SecArgumentsLimit -SecRule &ARGS "@ge 1000" \ -"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2" - -# Verify that we've correctly processed the request body. -# As a rule of thumb, when failing to process a request body -# you should reject the request (when deployed in blocking mode) -# or log a high-severity alert (when deployed in detection-only mode). -# -SecRule REQBODY_ERROR "!@eq 0" \ -"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" - -# By default be strict with what we accept in the multipart/form-data -# request body. If the rule below proves to be too strict for your -# environment consider changing it to detection-only. You are encouraged -# _not_ to remove it altogether. -# -SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ -"id:'200003',phase:2,t:none,log,deny,status:400, \ -msg:'Multipart request body failed strict validation: \ -PE %{REQBODY_PROCESSOR_ERROR}, \ -BQ %{MULTIPART_BOUNDARY_QUOTED}, \ -BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ -DB %{MULTIPART_DATA_BEFORE}, \ -DA %{MULTIPART_DATA_AFTER}, \ -HF %{MULTIPART_HEADER_FOLDING}, \ -LF %{MULTIPART_LF_LINE}, \ -SM %{MULTIPART_MISSING_SEMICOLON}, \ -IQ %{MULTIPART_INVALID_QUOTING}, \ -IP %{MULTIPART_INVALID_PART}, \ -IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ -FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" - -# Did we see anything that might be a boundary? -# -# Here is a short description about the ModSecurity Multipart parser: the -# parser returns with value 0, if all "boundary-like" line matches with -# the boundary string which given in MIME header. In any other cases it returns -# with different value, eg. 1 or 2. -# -# The RFC 1341 descript the multipart content-type and its syntax must contains -# only three mandatory lines (above the content): -# * Content-Type: multipart/mixed; boundary=BOUNDARY_STRING -# * --BOUNDARY_STRING -# * --BOUNDARY_STRING-- -# -# First line indicates, that this is a multipart content, second shows that -# here starts a part of the multipart content, third shows the end of content. -# -# If there are any other lines, which starts with "--", then it should be -# another boundary id - or not. -# -# After 3.0.3, there are two kinds of types of boundary errors: strict and permissive. -# -# If multipart content contains the three necessary lines with correct order, but -# there are one or more lines with "--", then parser returns with value 2 (non-zero). -# -# If some of the necessary lines (usually the start or end) misses, or the order -# is wrong, then parser returns with value 1 (also a non-zero). -# -# You can choose, which one is what you need. The example below contains the -# 'strict' mode, which means if there are any lines with start of "--", then -# ModSecurity blocked the content. But the next, commented example contains -# the 'permissive' mode, then you check only if the necessary lines exists in -# correct order. Whit this, you can enable to upload PEM files (eg "----BEGIN.."), -# or other text files, which contains eg. HTTP headers. -# -# The difference is only the operator - in strict mode (first) the content blocked -# in case of any non-zero value. In permissive mode (second, commented) the -# content blocked only if the value is explicit 1. If it 0 or 2, the content will -# allowed. -# - -# -# See #1747 and #1924 for further information on the possible values for -# MULTIPART_UNMATCHED_BOUNDARY. -# -SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ - "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" - - -# PCRE Tuning -# We want to avoid a potential RegEx DoS condition -# -SecPcreMatchLimit 1000 -SecPcreMatchLimitRecursion 1000 - -# Some internal errors will set flags in TX and we will need to look for these. -# All of these are prefixed with "MSC_". The following flags currently exist: -# -# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. -# -SecRule TX:/^MSC_/ "!@streq 0" \ - "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" - - -# -- Response body handling -------------------------------------------------- - -# Allow ModSecurity to access response bodies. -# You should have this directive enabled in order to identify errors -# and data leakage issues. -# -# Do keep in mind that enabling this directive does increases both -# memory consumption and response latency. -# -SecResponseBodyAccess On - -# Which response MIME types do you want to inspect? You should adjust the -# configuration below to catch documents but avoid static files -# (e.g., images and archives). -# -SecResponseBodyMimeType text/plain text/html text/xml - -# Buffer response bodies of up to 512 KB in length. -SecResponseBodyLimit 524288 - -# What happens when we encounter a response body larger than the configured -# limit? By default, we process what we have and let the rest through. -# That's somewhat less secure, but does not break any legitimate pages. -# -SecResponseBodyLimitAction ProcessPartial - - -# -- Filesystem configuration ------------------------------------------------ - -# The location where ModSecurity stores temporary files (for example, when -# it needs to handle a file upload that is larger than the configured limit). -# -# This default setting is chosen due to all systems have /tmp available however, -# this is less than ideal. It is recommended that you specify a location that's private. -# -SecTmpDir /tmp/ - -# The location where ModSecurity will keep its persistent data. This default setting -# is chosen due to all systems have /tmp available however, it -# too should be updated to a place that other users can't access. -# -SecDataDir /tmp/ - - -# -- File uploads handling configuration ------------------------------------- - -# The location where ModSecurity stores intercepted uploaded files. This -# location must be private to ModSecurity. You don't want other users on -# the server to access the files, do you? -# -#SecUploadDir /opt/modsecurity/var/upload/ - -# By default, only keep the files that were determined to be unusual -# in some way (by an external inspection script). For this to work you -# will also need at least one file inspection rule. -# -#SecUploadKeepFiles RelevantOnly - -# Uploaded files are by default created with permissions that do not allow -# any other user to access them. You may need to relax that if you want to -# interface ModSecurity to an external program (e.g., an anti-virus). -# -#SecUploadFileMode 0600 - - -# -- Debug log configuration ------------------------------------------------- - -# The default debug log configuration is to duplicate the error, warning -# and notice messages from the error log. -# -#SecDebugLog /opt/modsecurity/var/log/debug.log -#SecDebugLogLevel 3 - - -# -- Audit log configuration ------------------------------------------------- - -# Log the transactions that are marked by a rule, as well as those that -# trigger a server error (determined by a 5xx or 4xx, excluding 404, -# level response status codes). -# -SecAuditEngine RelevantOnly -SecAuditLogRelevantStatus "^(?:5|4(?!04))" - -# Log everything we know about a transaction. -SecAuditLogParts ABIJDEFHZ - -# Use a single file for logging. This is much easier to look at, but -# assumes that you will use the audit log only ocassionally. -# -SecAuditLogType Serial -SecAuditLog /var/log/nginx/modsec_audit.log - -# Specify the path for concurrent audit logging. -#SecAuditLogStorageDir /opt/modsecurity/var/audit/ - - -# -- Miscellaneous ----------------------------------------------------------- - -# Use the most commonly used application/x-www-form-urlencoded parameter -# separator. There's probably only one application somewhere that uses -# something else so don't expect to change this value. -# -SecArgumentSeparator & - -# Settle on version 0 (zero) cookies, as that is what most applications -# use. Using an incorrect cookie version may open your installation to -# evasion attacks (against the rules that examine named cookies). -# -SecCookieFormat 0 - -# Specify your Unicode Code Point. -# This mapping is used by the t:urlDecodeUni transformation function -# to properly map encoded data to your language. Properly setting -# these directives helps to reduce false positives and negatives. -# -SecUnicodeMapFile unicode.mapping 20127 - -# Improve the quality of ModSecurity by sharing information about your -# current ModSecurity version and dependencies versions. -# The following information will be shared: ModSecurity version, -# Web Server version, APR version, PCRE version, Lua version, Libxml2 -# version, Anonymous unique id for host. -SecStatusEngine On - -# Inclui a configuração inicial do Core Rule Set (CRS) -Include /etc/modsecurity/crs/crs-setup.conf - -# Inclui os arquivos de regras principais da OWASP -Include /usr/share/modsecurity-crs/rules/*.conf diff --git a/nginx/nginx.bak-revert-debian/modules b/nginx/nginx.bak-revert-debian/modules deleted file mode 120000 index 4b9b33f..0000000 --- a/nginx/nginx.bak-revert-debian/modules +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/nginx/modules \ No newline at end of file diff --git a/nginx/nginx.bak-revert-debian/nginx.conf b/nginx/nginx.bak-revert-debian/nginx.conf deleted file mode 100644 index 120c690..0000000 --- a/nginx/nginx.bak-revert-debian/nginx.conf +++ /dev/null @@ -1,108 +0,0 @@ -# Ficheiro de configuração global do Nginx (/etc/nginx/nginx.conf) -# VERSÃO CORRIGIDA E OTIMIZADA - -# --- Carregamento de Módulos Dinâmicos --- -# Esta secção é crucial para as versões mais recentes do Nginx. -# A linha abaixo carrega o módulo ModSecurity que instalámos. -load_module modules/mod-http-modsecurity.so; - -# --- Configurações Gerais --- -user www-data; -worker_processes auto; -worker_rlimit_nofile 65535; -pid /run/nginx.pid; -error_log /var/log/nginx/error.log; -# Esta linha carrega outros módulos padrão do Debian (como o 'stream'). -include /etc/nginx/modules-enabled/*.conf; - -# --- Bloco de Eventos --- -events { - worker_connections 16384; - multi_accept on; -} - -# ============================================================================== -# BLOCO HTTP: Para todo o tráfego Web (Sites, APIs, etc.) -# ============================================================================== -http { - # --- Configurações de Cache --- - proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; - proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; - proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; - - # --- Configurações Básicas e de Performance --- - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - server_tokens off; - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # --- Otimizações de Proxy Reverso e Buffers --- - client_body_buffer_size 128k; - client_max_body_size 10G; - proxy_buffer_size 16k; - proxy_buffers 8 16k; - proxy_busy_buffers_size 32k; - - # --- Otimizações de Keep-Alive e Timeouts --- - keepalive_timeout 65s; - keepalive_requests 1000; - send_timeout 10s; - - # --- Configurações de Segurança (WAF) --- - # Agora que o módulo está carregado, estas diretivas irão funcionar. - modsecurity on; - modsecurity_rules_file /etc/nginx/modsecurity.conf; - - # --- Configurações do GeoIP2 --- - geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { - $geoip2_country_code country iso_code; - $geoip2_country_name country names en; - $geoip2_region_name subdivisions 0 names en; - $geoip2_city_name city names en; - $geoip2_latitude location latitude; - $geoip2_longitude location longitude; - $geoip2_asn autonomous_system_number; - $geoip2_isp autonomous_system_organization; - } - - # --- Configurações de Logging --- - log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","cache_status":"$upstream_cache_status","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; - access_log /var/log/nginx/access.log detailed_proxy; - - # --- Configurações de Compressão --- - include /etc/nginx/snippets/compression_params.conf; - - # --- Carregar Ficheiros de Configuração dos Sites --- - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - -# ============================================================================== -# BLOCO STREAM: Para tráfego TCP/UDP (Telefonia, SSL Passthrough) -# ============================================================================== -stream { - # (O seu bloco stream existente vai aqui, sem alterações) - # Encaminhamento da porta de sinalização SIP (TCP) - server { - listen 5060; - proxy_pass 172.16.254.130:5060; - } - - # Encaminhamento da porta de sinalização SIP (UDP) - server { - listen 5060 udp; - proxy_pass 172.16.254.130:5060; - } - - # Encaminhamento da faixa de portas RTP para o áudio (UDP) - server { - listen 10000-20000 udp; - proxy_pass 172.16.254.130:$server_port; - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx.conf.dpkg-dist b/nginx/nginx.bak-revert-debian/nginx.conf.dpkg-dist deleted file mode 100644 index d4149db..0000000 --- a/nginx/nginx.bak-revert-debian/nginx.conf.dpkg-dist +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/nginx/nginx.bak-revert-debian/nginx/conf.d/default.conf b/nginx/nginx.bak-revert-debian/nginx/conf.d/default.conf deleted file mode 100644 index ff2ced6..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/conf.d/default.conf +++ /dev/null @@ -1,44 +0,0 @@ -server { - listen 80; - server_name localhost; - - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/nginx/nginx.bak-revert-debian/nginx/conf.d/zabbix-nginx-status.conf b/nginx/nginx.bak-revert-debian/nginx/conf.d/zabbix-nginx-status.conf deleted file mode 100644 index 45a6672..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/conf.d/zabbix-nginx-status.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - # Escuta em uma porta apenas no localhost (127.0.0.1) - # Usar uma porta diferente de 80 evita conflitos com seus sites reais. - listen 127.0.0.1:8080; - server_name localhost; - - # Define a localização (URL) para a página de status - location /nginx_status { - # Ativa a página de status do Nginx - stub_status; - - # Regras de segurança: - allow 127.0.0.1; # Permite acesso SOMENTE do próprio servidor - deny all; # Bloqueia todos os outros acessos - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx/fastcgi.conf b/nginx/nginx.bak-revert-debian/nginx/fastcgi.conf deleted file mode 100644 index d53a628..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/fastcgi.conf +++ /dev/null @@ -1,27 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REMOTE_USER $remote_user; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/nginx/fastcgi_params b/nginx/nginx.bak-revert-debian/nginx/fastcgi_params deleted file mode 100644 index 28decb9..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/fastcgi_params +++ /dev/null @@ -1,25 +0,0 @@ - -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/nginx.bak-revert-debian/nginx/koi-utf b/nginx/nginx.bak-revert-debian/nginx/koi-utf deleted file mode 100644 index e7974ff..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/koi-utf +++ /dev/null @@ -1,109 +0,0 @@ - -# This map is not a full koi8-r <> utf8 map: it does not contain -# box-drawing and some other characters. Besides this map contains -# several koi8-u and Byelorussian letters which are not in koi8-r. -# If you need a full and standard map, use contrib/unicode2nginx/koi-utf -# map instead. - -charset_map koi8-r utf-8 { - - 80 E282AC ; # euro - - 95 E280A2 ; # bullet - - 9A C2A0 ; #   - - 9E C2B7 ; # · - - A3 D191 ; # small yo - A4 D194 ; # small Ukrainian ye - - A6 D196 ; # small Ukrainian i - A7 D197 ; # small Ukrainian yi - - AD D291 ; # small Ukrainian soft g - AE D19E ; # small Byelorussian short u - - B0 C2B0 ; # ° - - B3 D081 ; # capital YO - B4 D084 ; # capital Ukrainian YE - - B6 D086 ; # capital Ukrainian I - B7 D087 ; # capital Ukrainian YI - - B9 E28496 ; # numero sign - - BD D290 ; # capital Ukrainian soft G - BE D18E ; # capital Byelorussian short U - - BF C2A9 ; # (C) - - C0 D18E ; # small yu - C1 D0B0 ; # small a - C2 D0B1 ; # small b - C3 D186 ; # small ts - C4 D0B4 ; # small d - C5 D0B5 ; # small ye - C6 D184 ; # small f - C7 D0B3 ; # small g - C8 D185 ; # small kh - C9 D0B8 ; # small i - CA D0B9 ; # small j - CB D0BA ; # small k - CC D0BB ; # small l - CD D0BC ; # small m - CE D0BD ; # small n - CF D0BE ; # small o - - D0 D0BF ; # small p - D1 D18F ; # small ya - D2 D180 ; # small r - D3 D181 ; # small s - D4 D182 ; # small t - D5 D183 ; # small u - D6 D0B6 ; # small zh - D7 D0B2 ; # small v - D8 D18C ; # small soft sign - D9 D18B ; # small y - DA D0B7 ; # small z - DB D188 ; # small sh - DC D18D ; # small e - DD D189 ; # small shch - DE D187 ; # small ch - DF D18A ; # small hard sign - - E0 D0AE ; # capital YU - E1 D090 ; # capital A - E2 D091 ; # capital B - E3 D0A6 ; # capital TS - E4 D094 ; # capital D - E5 D095 ; # capital YE - E6 D0A4 ; # capital F - E7 D093 ; # capital G - E8 D0A5 ; # capital KH - E9 D098 ; # capital I - EA D099 ; # capital J - EB D09A ; # capital K - EC D09B ; # capital L - ED D09C ; # capital M - EE D09D ; # capital N - EF D09E ; # capital O - - F0 D09F ; # capital P - F1 D0AF ; # capital YA - F2 D0A0 ; # capital R - F3 D0A1 ; # capital S - F4 D0A2 ; # capital T - F5 D0A3 ; # capital U - F6 D096 ; # capital ZH - F7 D092 ; # capital V - F8 D0AC ; # capital soft sign - F9 D0AB ; # capital Y - FA D097 ; # capital Z - FB D0A8 ; # capital SH - FC D0AD ; # capital E - FD D0A9 ; # capital SHCH - FE D0A7 ; # capital CH - FF D0AA ; # capital hard sign -} diff --git a/nginx/nginx.bak-revert-debian/nginx/koi-win b/nginx/nginx.bak-revert-debian/nginx/koi-win deleted file mode 100644 index 72afabe..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/koi-win +++ /dev/null @@ -1,103 +0,0 @@ - -charset_map koi8-r windows-1251 { - - 80 88 ; # euro - - 95 95 ; # bullet - - 9A A0 ; #   - - 9E B7 ; # · - - A3 B8 ; # small yo - A4 BA ; # small Ukrainian ye - - A6 B3 ; # small Ukrainian i - A7 BF ; # small Ukrainian yi - - AD B4 ; # small Ukrainian soft g - AE A2 ; # small Byelorussian short u - - B0 B0 ; # ° - - B3 A8 ; # capital YO - B4 AA ; # capital Ukrainian YE - - B6 B2 ; # capital Ukrainian I - B7 AF ; # capital Ukrainian YI - - B9 B9 ; # numero sign - - BD A5 ; # capital Ukrainian soft G - BE A1 ; # capital Byelorussian short U - - BF A9 ; # (C) - - C0 FE ; # small yu - C1 E0 ; # small a - C2 E1 ; # small b - C3 F6 ; # small ts - C4 E4 ; # small d - C5 E5 ; # small ye - C6 F4 ; # small f - C7 E3 ; # small g - C8 F5 ; # small kh - C9 E8 ; # small i - CA E9 ; # small j - CB EA ; # small k - CC EB ; # small l - CD EC ; # small m - CE ED ; # small n - CF EE ; # small o - - D0 EF ; # small p - D1 FF ; # small ya - D2 F0 ; # small r - D3 F1 ; # small s - D4 F2 ; # small t - D5 F3 ; # small u - D6 E6 ; # small zh - D7 E2 ; # small v - D8 FC ; # small soft sign - D9 FB ; # small y - DA E7 ; # small z - DB F8 ; # small sh - DC FD ; # small e - DD F9 ; # small shch - DE F7 ; # small ch - DF FA ; # small hard sign - - E0 DE ; # capital YU - E1 C0 ; # capital A - E2 C1 ; # capital B - E3 D6 ; # capital TS - E4 C4 ; # capital D - E5 C5 ; # capital YE - E6 D4 ; # capital F - E7 C3 ; # capital G - E8 D5 ; # capital KH - E9 C8 ; # capital I - EA C9 ; # capital J - EB CA ; # capital K - EC CB ; # capital L - ED CC ; # capital M - EE CD ; # capital N - EF CE ; # capital O - - F0 CF ; # capital P - F1 DF ; # capital YA - F2 D0 ; # capital R - F3 D1 ; # capital S - F4 D2 ; # capital T - F5 D3 ; # capital U - F6 C6 ; # capital ZH - F7 C2 ; # capital V - F8 DC ; # capital soft sign - F9 DB ; # capital Y - FA C7 ; # capital Z - FB D8 ; # capital SH - FC DD ; # capital E - FD D9 ; # capital SHCH - FE D7 ; # capital CH - FF DA ; # capital hard sign -} diff --git a/nginx/nginx.bak-revert-debian/nginx/mime.types b/nginx/nginx.bak-revert-debian/nginx/mime.types deleted file mode 100644 index 1c00d70..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/mime.types +++ /dev/null @@ -1,99 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity.conf deleted file mode 100644 index a7c9eeb..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity.conf +++ /dev/null @@ -1,289 +0,0 @@ -# -- Rule engine initialization ---------------------------------------------- - -# Enable ModSecurity, attaching it to every transaction. Use detection -# only to start with, because that minimises the chances of post-installation -# disruption. -# -SecRuleEngine On - -# -- Request body handling --------------------------------------------------- - -# Allow ModSecurity to access request bodies. If you don't, ModSecurity -# won't be able to see any POST parameters, which opens a large security -# hole for attackers to exploit. -# -SecRequestBodyAccess On -SecRequestBodyLimit 10737418240 -SecRequestBodyNoFilesLimit 1048576 - -# Enable XML request body parser. -# Initiate XML Processor in case of xml content-type -# -SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \ - "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" - -# Enable JSON request body parser. -# Initiate JSON Processor in case of JSON content-type; change accordingly -# if your application does not use 'application/json' -# -SecRule REQUEST_HEADERS:Content-Type "^application/json" \ - "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" - -# Sample rule to enable JSON request body parser for more subtypes. -# Uncomment or adapt this rule if you want to engage the JSON -# Processor for "+json" subtypes -# -#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ -# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" - -# Maximum request body size we will accept for buffering. If you support -# file uploads then the value given on the first line has to be as large -# as the largest file you are willing to accept. The second value refers -# to the size of data, with files excluded. You want to keep that value as -# low as practical. -# -SecRequestBodyNoFilesLimit 131072 - -# What to do if the request body size is above our configured limit. -# Keep in mind that this setting will automatically be set to ProcessPartial -# when SecRuleEngine is set to DetectionOnly mode in order to minimize -# disruptions when initially deploying ModSecurity. -# -SecRequestBodyLimitAction Reject - -# Maximum parsing depth allowed for JSON objects. You want to keep this -# value as low as practical. -# -SecRequestBodyJsonDepthLimit 512 - -# Maximum number of args allowed per request. You want to keep this -# value as low as practical. The value should match that in rule 200007. -SecArgumentsLimit 1000 - -# If SecArgumentsLimit has been set, you probably want to reject any -# request body that has only been partly parsed. The value used in this -# rule should match what was used with SecArgumentsLimit -SecRule &ARGS "@ge 1000" \ -"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2" - -# Verify that we've correctly processed the request body. -# As a rule of thumb, when failing to process a request body -# you should reject the request (when deployed in blocking mode) -# or log a high-severity alert (when deployed in detection-only mode). -# -SecRule REQBODY_ERROR "!@eq 0" \ -"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" - -# By default be strict with what we accept in the multipart/form-data -# request body. If the rule below proves to be too strict for your -# environment consider changing it to detection-only. You are encouraged -# _not_ to remove it altogether. -# -SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ -"id:'200003',phase:2,t:none,log,deny,status:400, \ -msg:'Multipart request body failed strict validation: \ -PE %{REQBODY_PROCESSOR_ERROR}, \ -BQ %{MULTIPART_BOUNDARY_QUOTED}, \ -BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ -DB %{MULTIPART_DATA_BEFORE}, \ -DA %{MULTIPART_DATA_AFTER}, \ -HF %{MULTIPART_HEADER_FOLDING}, \ -LF %{MULTIPART_LF_LINE}, \ -SM %{MULTIPART_MISSING_SEMICOLON}, \ -IQ %{MULTIPART_INVALID_QUOTING}, \ -IP %{MULTIPART_INVALID_PART}, \ -IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ -FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" - -# Did we see anything that might be a boundary? -# -# Here is a short description about the ModSecurity Multipart parser: the -# parser returns with value 0, if all "boundary-like" line matches with -# the boundary string which given in MIME header. In any other cases it returns -# with different value, eg. 1 or 2. -# -# The RFC 1341 descript the multipart content-type and its syntax must contains -# only three mandatory lines (above the content): -# * Content-Type: multipart/mixed; boundary=BOUNDARY_STRING -# * --BOUNDARY_STRING -# * --BOUNDARY_STRING-- -# -# First line indicates, that this is a multipart content, second shows that -# here starts a part of the multipart content, third shows the end of content. -# -# If there are any other lines, which starts with "--", then it should be -# another boundary id - or not. -# -# After 3.0.3, there are two kinds of types of boundary errors: strict and permissive. -# -# If multipart content contains the three necessary lines with correct order, but -# there are one or more lines with "--", then parser returns with value 2 (non-zero). -# -# If some of the necessary lines (usually the start or end) misses, or the order -# is wrong, then parser returns with value 1 (also a non-zero). -# -# You can choose, which one is what you need. The example below contains the -# 'strict' mode, which means if there are any lines with start of "--", then -# ModSecurity blocked the content. But the next, commented example contains -# the 'permissive' mode, then you check only if the necessary lines exists in -# correct order. Whit this, you can enable to upload PEM files (eg "----BEGIN.."), -# or other text files, which contains eg. HTTP headers. -# -# The difference is only the operator - in strict mode (first) the content blocked -# in case of any non-zero value. In permissive mode (second, commented) the -# content blocked only if the value is explicit 1. If it 0 or 2, the content will -# allowed. -# - -# -# See #1747 and #1924 for further information on the possible values for -# MULTIPART_UNMATCHED_BOUNDARY. -# -SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ - "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" - - -# PCRE Tuning -# We want to avoid a potential RegEx DoS condition -# -SecPcreMatchLimit 1000 -SecPcreMatchLimitRecursion 1000 - -# Some internal errors will set flags in TX and we will need to look for these. -# All of these are prefixed with "MSC_". The following flags currently exist: -# -# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. -# -SecRule TX:/^MSC_/ "!@streq 0" \ - "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" - - -# -- Response body handling -------------------------------------------------- - -# Allow ModSecurity to access response bodies. -# You should have this directive enabled in order to identify errors -# and data leakage issues. -# -# Do keep in mind that enabling this directive does increases both -# memory consumption and response latency. -# -SecResponseBodyAccess On - -# Which response MIME types do you want to inspect? You should adjust the -# configuration below to catch documents but avoid static files -# (e.g., images and archives). -# -SecResponseBodyMimeType text/plain text/html text/xml - -# Buffer response bodies of up to 512 KB in length. -SecResponseBodyLimit 524288 - -# What happens when we encounter a response body larger than the configured -# limit? By default, we process what we have and let the rest through. -# That's somewhat less secure, but does not break any legitimate pages. -# -SecResponseBodyLimitAction ProcessPartial - - -# -- Filesystem configuration ------------------------------------------------ - -# The location where ModSecurity stores temporary files (for example, when -# it needs to handle a file upload that is larger than the configured limit). -# -# This default setting is chosen due to all systems have /tmp available however, -# this is less than ideal. It is recommended that you specify a location that's private. -# -SecTmpDir /tmp/ - -# The location where ModSecurity will keep its persistent data. This default setting -# is chosen due to all systems have /tmp available however, it -# too should be updated to a place that other users can't access. -# -SecDataDir /tmp/ - - -# -- File uploads handling configuration ------------------------------------- - -# The location where ModSecurity stores intercepted uploaded files. This -# location must be private to ModSecurity. You don't want other users on -# the server to access the files, do you? -# -#SecUploadDir /opt/modsecurity/var/upload/ - -# By default, only keep the files that were determined to be unusual -# in some way (by an external inspection script). For this to work you -# will also need at least one file inspection rule. -# -#SecUploadKeepFiles RelevantOnly - -# Uploaded files are by default created with permissions that do not allow -# any other user to access them. You may need to relax that if you want to -# interface ModSecurity to an external program (e.g., an anti-virus). -# -#SecUploadFileMode 0600 - - -# -- Debug log configuration ------------------------------------------------- - -# The default debug log configuration is to duplicate the error, warning -# and notice messages from the error log. -# -#SecDebugLog /opt/modsecurity/var/log/debug.log -#SecDebugLogLevel 3 - - -# -- Audit log configuration ------------------------------------------------- - -# Log the transactions that are marked by a rule, as well as those that -# trigger a server error (determined by a 5xx or 4xx, excluding 404, -# level response status codes). -# -SecAuditEngine RelevantOnly -SecAuditLogRelevantStatus "^(?:5|4(?!04))" - -# Log everything we know about a transaction. -SecAuditLogParts ABIJDEFHZ - -# Use a single file for logging. This is much easier to look at, but -# assumes that you will use the audit log only ocassionally. -# -SecAuditLogType Serial -SecAuditLog /var/log/nginx/modsec_audit.log - -# Specify the path for concurrent audit logging. -#SecAuditLogStorageDir /opt/modsecurity/var/audit/ - - -# -- Miscellaneous ----------------------------------------------------------- - -# Use the most commonly used application/x-www-form-urlencoded parameter -# separator. There's probably only one application somewhere that uses -# something else so don't expect to change this value. -# -SecArgumentSeparator & - -# Settle on version 0 (zero) cookies, as that is what most applications -# use. Using an incorrect cookie version may open your installation to -# evasion attacks (against the rules that examine named cookies). -# -SecCookieFormat 0 - -# Specify your Unicode Code Point. -# This mapping is used by the t:urlDecodeUni transformation function -# to properly map encoded data to your language. Properly setting -# these directives helps to reduce false positives and negatives. -# -SecUnicodeMapFile unicode.mapping 20127 - -# Improve the quality of ModSecurity by sharing information about your -# current ModSecurity version and dependencies versions. -# The following information will be shared: ModSecurity version, -# Web Server version, APR version, PCRE version, Lua version, Libxml2 -# version, Anonymous unique id for host. -SecStatusEngine On - -# Inclui a configuração inicial do Core Rule Set (CRS) -Include /etc/modsecurity/crs/crs-setup.conf - -# Inclui os arquivos de regras principais da OWASP -Include /usr/share/modsecurity-crs/rules/*.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/exchange-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/exchange-rule-exceptions.conf deleted file mode 100644 index 1014363..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity/exchange-rule-exceptions.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Ficheiro de Exceções do ModSecurity para o Microsoft Exchange - -# Desativa completamente o motor de regras do ModSecurity para QUALQUER URL -# que comece com /owa/ ou /ecp/. -# Isto resolve os falsos positivos que bloqueiam a funcionalidade legítima -# do Outlook Web App e do Exchange Admin Center. -SecRule REQUEST_URI "@rx ^/(owa|ecp)/" \ - "id:1003,phase:1,nolog,allow,ctl:ruleEngine=Off" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/gitea-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/gitea-rule-exceptions.conf deleted file mode 100644 index 1bb33f2..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity/gitea-rule-exceptions.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ficheiro de Exceções do ModSecurity para o Gitea (VERSÃO FINAL E COMPLETA) - -# Desativa completamente o motor de regras do ModSecurity para QUALQUER URL -# que envolva a visualização, edição, criação ou visualização de commits de ficheiros no Gitea. -# A expressão regular agora apanha os caminhos "/src/branch/", "/_edit/", "/_new/" e "/commits/branch/". -SecRule REQUEST_URI "@rx ^/.*/(src/branch|_edit|_new|commits/branch)/" \ - "id:1005,phase:1,nolog,allow,ctl:ruleEngine=Off" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/global-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/global-exceptions.conf deleted file mode 100644 index 52bac7d..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity/global-exceptions.conf +++ /dev/null @@ -1,56 +0,0 @@ -# ========================================================================== -# Arquivo Global de Exceções do ModSecurity -# ========================================================================== -# Este arquivo centraliza todas as regras de exceção para as aplicações. -# Todos os IDs foram reorganizados para serem únicos. - -# -------------------------------------------------------------------------- -# Exceções para o Nextcloud -# -------------------------------------------------------------------------- -# Desliga o motor de regras para as rotas de sincronização (WebDAV). -SecRule REQUEST_URI "@beginsWith /remote.php" "id:10001,phase:1,nolog,pass,ctl:ruleEngine=Off" -SecRule REQUEST_URI "@streq /.well-known/caldav" "id:10002,phase:1,nolog,pass,ctl:ruleEngine=Off" -SecRule REQUEST_URI "@streq /.well-known/carddav" "id:10003,phase:1,nolog,pass,ctl:ruleEngine=Off" - -# -------------------------------------------------------------------------- -# Exceções para o Zabbix -# -------------------------------------------------------------------------- -# Desliga o ModSecurity para a API JSON-RPC e zabbix.php. -SecRule REQUEST_URI "@rx (jsrpc\.php|zabbix\.php)" "id:10004,phase:1,nolog,allow,ctl:ruleEngine=Off" -# Desativa regras específicas na página de Descoberta de Hosts. -# Lembre-se de substituir os IDs abaixo pelos que encontrou no seu log. -SecRule REQUEST_URI "@beginsWith /zabbix/host_discovery.php" "id:10005,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX,ctl:ruleRemoveById=9YYYYY" - -# -------------------------------------------------------------------------- -# Exceções para o Microsoft Exchange -# -------------------------------------------------------------------------- -# Desliga o ModSecurity para o Outlook Web App (OWA) e o Exchange Admin Center (ECP). -SecRule REQUEST_URI "@rx ^/(owa|ecp)/" "id:10006,phase:1,nolog,allow,ctl:ruleEngine=Off" - -# -------------------------------------------------------------------------- -# Exceções para o Zammad -# -------------------------------------------------------------------------- -# Desativa regra de falso positivo para a API do Zammad. -# Lembre-se de substituir '9XXXXX' pelo ID da regra real. -SecRule REQUEST_URI "@beginsWith /api/v1/" "id:10007,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" - -# -------------------------------------------------------------------------- -# Exceções para o Gitea -# -------------------------------------------------------------------------- -# Desliga o motor de regras para operações de ficheiros no Gitea. -SecRule REQUEST_URI "@rx ^/.*/(src/branch|_edit|_new|commits/branch)/" "id:10008,phase:1,nolog,allow,ctl:ruleEngine=Off" - -# -------------------------------------------------------------------------- -# Exceções para o Grafana -# -------------------------------------------------------------------------- -# Desativa a regra de falso positivo para a API de dashboards. -# Lembre-se de substituir '9XXXXX' pelo ID da regra real. -SecRule REQUEST_URI "@beginsWith /api/dashboards/" "id:10009,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" - -# -------------------------------------------------------------------------- -# Exceções para a Geração de Prévias (Thumbnails) do Nextcloud -# -------------------------------------------------------------------------- -# Desativa a regra de falso positivo que bloqueia a criação de miniaturas. -# Substitua '9XXXXX' pelo ID real encontrado no log de auditoria. -SecRule REQUEST_URI "@beginsWith /index.php/core/preview" "id:10010,phase:1,nolog,pass,ctl:ruleRemoveById=9XXXXX - diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/grafana-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/grafana-rule-exceptions.conf deleted file mode 100644 index 7e08f55..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity/grafana-rule-exceptions.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ficheiro de Exceções do ModSecurity para o Grafana - -# Desativa a regra 9XXXXX (que estava a causar um falso positivo com o método DELETE) -# APENAS para as requisições que começam com /api/dashboards/. -# Isto mantém a regra ativa para o resto do site. -SecRule REQUEST_URI "@beginsWith /api/dashboards/" \ - "id:1007,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/nextcloud-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/nextcloud-rule-exceptions.conf deleted file mode 100644 index 968d20b..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity/nextcloud-rule-exceptions.conf +++ /dev/null @@ -1,14 +0,0 @@ -# -------------------------------------------------------------------------- -# Nextcloud: Exceções para o Nextcloud (Sintaxe para Nginx) -# -------------------------------------------------------------------------- -# Este arquivo contém regras de exclusão para o Nextcloud. -# A ação aqui desliga completamente o motor do ModSecurity para as rotas -# de sincronização (WebDAV), o que é funcional mas menos seguro. - -# Desliga o motor de regras para qualquer URL que comece com /remote.php -# Isso cobre o WebDAV e outras operações do cliente. -SecRule REQUEST_URI "@beginsWith /remote.php" "id:1001,phase:1,nolog,pass,ctl:ruleEngine=Off" - -# Desliga o motor de regras para as rotas de descoberta de CalDAV e CardDAV. -SecRule REQUEST_URI "@streq /.well-known/caldav" "id:1002,phase:1,nolog,pass,ctl:ruleEngine=Off" -SecRule REQUEST_URI "@streq /.well-known/carddav" "id:1003,phase:1,nolog,pass,ctl:ruleEngine=Off" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/zabbix-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/zabbix-rule-exceptions.conf deleted file mode 100644 index 9e8842f..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity/zabbix-rule-exceptions.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Ficheiro de Exceções do ModSecurity para o Zabbix (VERSÃO CORRIGIDA) - -# Regra 1: Desativa completamente o ModSecurity para a API JSON-RPC e zabbix.php. -# Esta regra continua a ser útil e está correta. -SecRule REQUEST_URI "@rx (jsrpc\.php|zabbix\.php)" \ - "id:1001,phase:1,nolog,allow,ctl:ruleEngine=Off" - -# Regra 2: Desativa as regras específicas que causam falsos positivos na página de Descoberta de Hosts. -# Lembre-se de substituir os IDs abaixo pelos que encontrou no seu log de auditoria. -SecRule REQUEST_URI "@beginsWith /zabbix/host_discovery.php" \ - "id:1002,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX,ctl:ruleRemoveById=9YYYYY" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity/zammad-rule-exceptions.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity/zammad-rule-exceptions.conf deleted file mode 100644 index 0f61de6..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity/zammad-rule-exceptions.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ficheiro de Exceções do ModSecurity para o Zammad - -# Desativa a regra de falso positivo para toda a API do Zammad (/api/v1/). -# Isto previne que o WAF bloqueie as ações legítimas da interface. -# Lembre-se de substituir '9XXXXX' pelo ID da regra que encontrou no seu log de auditoria. -SecRule REQUEST_URI "@beginsWith /api/v1/" \ - "id:1004,phase:1,nolog,allow,ctl:ruleRemoveById=9XXXXX" diff --git a/nginx/nginx.bak-revert-debian/nginx/modsecurity_includes.conf b/nginx/nginx.bak-revert-debian/nginx/modsecurity_includes.conf deleted file mode 100644 index 505c992..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modsecurity_includes.conf +++ /dev/null @@ -1,2 +0,0 @@ -include modsecurity.conf -#include /usr/share/modsecurity-crs/owasp-crs.load diff --git a/nginx/nginx.bak-revert-debian/nginx/modules b/nginx/nginx.bak-revert-debian/nginx/modules deleted file mode 120000 index 4b9b33f..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/modules +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/nginx/modules \ No newline at end of file diff --git a/nginx/nginx.bak-revert-debian/nginx/nginx.conf b/nginx/nginx.bak-revert-debian/nginx/nginx.conf deleted file mode 100644 index c89bd9b..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/nginx.conf +++ /dev/null @@ -1,106 +0,0 @@ -# Ficheiro de configuração global do Nginx (/etc/nginx/nginx.conf) -# VERSÃO CORRIGIDA E OTIMIZADA - -# --- Carregamento de Módulos Dinâmicos --- -# Esta secção é crucial para as versões mais recentes do Nginx. -# A linha abaixo carrega o módulo ModSecurity que instalámos. -# --- Configurações Gerais --- -user www-data; -worker_processes auto; -worker_rlimit_nofile 65535; -pid /run/nginx.pid; -error_log /var/log/nginx/error.log; -# Esta linha carrega outros módulos padrão do Debian (como o 'stream'). -include /etc/nginx/modules-enabled/*.conf; - -# --- Bloco de Eventos --- -events { - worker_connections 16384; - multi_accept on; -} - -# ============================================================================== -# BLOCO HTTP: Para todo o tráfego Web (Sites, APIs, etc.) -# ============================================================================== -http { - # --- Configurações de Cache --- - proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; - proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; - proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; - - # --- Configurações Básicas e de Performance --- - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - server_tokens off; - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # --- Otimizações de Proxy Reverso e Buffers --- - client_body_buffer_size 128k; - client_max_body_size 10G; - proxy_buffer_size 16k; - proxy_buffers 8 16k; - proxy_busy_buffers_size 32k; - - # --- Otimizações de Keep-Alive e Timeouts --- - keepalive_timeout 65s; - keepalive_requests 1000; - send_timeout 10s; - - # --- Configurações de Segurança (WAF) --- - # Agora que o módulo está carregado, estas diretivas irão funcionar. - #modsecurity on; - #modsecurity_rules_file /etc/nginx/modsecurity.conf; - - # --- Configurações do GeoIP2 --- - geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { - $geoip2_country_code country iso_code; - $geoip2_country_name country names en; - $geoip2_region_name subdivisions 0 names en; - $geoip2_city_name city names en; - $geoip2_latitude location latitude; - $geoip2_longitude location longitude; - $geoip2_asn autonomous_system_number; - $geoip2_isp autonomous_system_organization; - } - - # --- Configurações de Logging --- - log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","cache_status":"$upstream_cache_status","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; - access_log /var/log/nginx/access.log detailed_proxy; - - # --- Configurações de Compressão --- - include /etc/nginx/snippets/compression_params.conf; - - # --- Carregar Ficheiros de Configuração dos Sites --- - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - -# ============================================================================== -# BLOCO STREAM: Para tráfego TCP/UDP (Telefonia, SSL Passthrough) -# ============================================================================== -stream { - # (O seu bloco stream existente vai aqui, sem alterações) - # Encaminhamento da porta de sinalização SIP (TCP) - server { - listen 5060; - proxy_pass 172.16.254.130:5060; - } - - # Encaminhamento da porta de sinalização SIP (UDP) - server { - listen 5060 udp; - proxy_pass 172.16.254.130:5060; - } - - # Encaminhamento da faixa de portas RTP para o áudio (UDP) - server { - listen 10000-20000 udp; - proxy_pass 172.16.254.130:$server_port; - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx/nginx.conf.dpkg-dist b/nginx/nginx.bak-revert-debian/nginx/nginx.conf.dpkg-dist deleted file mode 100644 index d4149db..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/nginx.conf.dpkg-dist +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/nginx/nginx.bak-revert-debian/nginx/proxy_params b/nginx/nginx.bak-revert-debian/nginx/proxy_params deleted file mode 100644 index df75bc5..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/proxy_params +++ /dev/null @@ -1,4 +0,0 @@ -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/nginx.bak-revert-debian/nginx/scgi_params b/nginx/nginx.bak-revert-debian/nginx/scgi_params deleted file mode 100644 index 6d4ce4f..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/scgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $server_name; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/business.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/business.itguys.com.br.conf deleted file mode 100644 index 0b2e6df..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/business.itguys.com.br.conf +++ /dev/null @@ -1,96 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/business.itguys.com.br.conf -# -# Configuração de Proxy Reverso padrão para um site de negócios, com acesso público -# e uma estratégia de cache otimizada. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - if ($host = business.itguys.com.br) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - listen [::]:80; - server_name business.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Permite a validação do Let's Encrypt. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Redireciona todo o outro tráfego para a versão segura. - location / { - return 301 https://$host$request_uri; - } - - -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name business.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança SSL --- - # O Certbot irá gerir estas linhas. Lembre-se de o executar para este domínio. - #ssl_certificate /etc/letsencrypt/live/business.itguys.com.br/fullchain.pem; - #ssl_certificate_key /etc/letsencrypt/live/business.itguys.com.br/privkey.pem; - #ssl_trusted_certificate /etc/letsencrypt/live/business.itguys.com.br/fullchain.pem; - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos de segurança. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # Não incluímos a trava de rede interna para permitir o acesso público. - # Usa o robots.txt restritivo por padrão. Se este site precisa de ser indexado, - # remova esta linha e configure o robots.txt no backend. - include /etc/nginx/snippets/global_robots.conf; - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - # Usa a nossa zona de cache pública. - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - # Regra geral: NÃO cachear nada por defeito. - proxy_no_cache 1; - proxy_cache_bypass 1; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # 1. Rota para Ficheiros Estáticos (Cache Agressivo) - # Apanha a "casca" da aplicação para acelerar o carregamento. - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/cache_static_assets.conf; - proxy_pass http://172.16.121.13; - } - - # 2. Rota Principal para a Aplicação (Cache Curto) - # Apanha todo o resto do tráfego (páginas HTML, APIs, etc.). - location / { - # Ativa o cache, mas por um período curto (5 minutos). - # Isto acelera a navegação sem o risco de mostrar conteúdo muito desatualizado. - proxy_no_cache 0; - proxy_cache_bypass 0; - proxy_cache_valid 200 5m; - - include /etc/nginx/snippets/proxy_params.conf; - # Se a aplicação usar WebSockets, inclua o snippet abaixo. - # include /etc/nginx/snippets/websocket_params.conf; - - proxy_pass http://172.16.121.13; - } - - ssl_certificate /etc/letsencrypt/live/business.itguys.com.br/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/business.itguys.com.br/privkey.pem; # managed by Certbot -} diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/cloud.grupopralog.com.br.conf deleted file mode 100644 index 706ddea..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/cloud.grupopralog.com.br.conf +++ /dev/null @@ -1,91 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/cloud.grupopralog.com.br.conf -# -# Configuração de Proxy Reverso de ALTA PERFORMANCE para Nextcloud, -# incluindo cache privado de curta duração para a interface dinâmica. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name cloud.grupopralog.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - location /.well-known/acme-challenge/ { root /var/www/html; } - location / { return 301 https://$host$request_uri; } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name cloud.grupopralog.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança SSL --- - ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem; - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - include /etc/nginx/snippets/global_robots.conf; - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- Parâmetros Gerais --- - client_max_body_size 10G; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - # A ordem destas regras é CRUCIAL. - - # 1. Redirecionamentos para CalDAV e CardDAV - location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } - location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } - - # 2. Rota para Ficheiros Estáticos (Cache Agressivo) - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/cache_immutable_static.conf; # Usa o nosso cache mais agressivo - proxy_pass http://172.16.253.12; - } - - # 3. Rota para Sincronização de Ficheiros (WebDAV, etc.) - SEM CACHE - location ~ ^/(remote|dav|carddav|caldav) { - proxy_no_cache 1; - proxy_cache_bypass 1; - proxy_buffering off; - proxy_request_buffering off; - proxy_read_timeout 3600s; - include /etc/nginx/snippets/proxy_params.conf; - proxy_pass http://172.16.253.12; - } - - # 4. Rota Principal para a Aplicação (CACHE PRIVADO DE CURTA DURAÇÃO) - location / { - # Usa a nossa zona de cache dedicada 'nextcloud_private_cache'. - proxy_cache nextcloud_private_cache; - # A "CHAVE" PESSOAL DE CADA UTILIZADOR. Usa o cookie de sessão do Nextcloud. - proxy_cache_key "$scheme$proxy_host$request_uri$cookie_ocrx6w0vy907"; - # Cacheia por um tempo muito curto: 1 minuto. - proxy_cache_valid 200 1m; - # Ignora e esconde os cabeçalhos de sessão para permitir o cache. - proxy_ignore_headers Expires Cache-Control Set-Cookie; - proxy_hide_header Set-Cookie; - # Adiciona um cabeçalho de depuração para este cache. - add_header X-Private-Cache $upstream_cache_status; - # O cache SÓ é usado para requisições GET. POST, PUT, DELETE, etc., são passadas diretamente. - proxy_cache_methods GET HEAD; - - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/websocket_params.conf; - - proxy_pass http://172.16.253.12; - } -} - - diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/default b/nginx/nginx.bak-revert-debian/nginx/sites-available/default deleted file mode 100644 index 335c876..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/default +++ /dev/null @@ -1,93 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## -# TESTE -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; - add_header Alt-Svc 'h3=":443"; ma=86400'; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/default-catchall b/nginx/nginx.bak-revert-debian/nginx/sites-available/default-catchall deleted file mode 100644 index ad6e2d9..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/default-catchall +++ /dev/null @@ -1,37 +0,0 @@ -# Este é o server block "catch-all" (padrão). -# Ele responderá a qualquer requisição que não corresponda a um dos seus sites. - -server { - # Escuta na porta 80 para IPv4 e IPv6 e se declara o servidor padrão. - listen 80 default_server; - listen [::]:80 default_server; - - # Também escuta na porta 443 para pegar requisições HTTPS diretas ao IP. - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; - - # Usa um certificado "snakeoil" auto-assinado que já vem com o Debian. - # O navegador dará um aviso de certificado, o que é esperado e ajuda a - # desencorajar o acesso pelo IP. - ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; - ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - - # O server_name "_" é uma forma especial de capturar qualquer hostname - add_header Alt-Svc 'h3=":443"; ma=86400'; - # que não tenha sido definido em outros arquivos de configuração. - server_name _; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Adicione esta linha para dizer ao navegador que a resposta é uma página web - charset utf-8; - default_type text/html; - - # Desativa os logs para essas requisições, para não poluir seus arquivos. - access_log off; - log_not_found off; - - # Esta é a mágica: em vez de servir um arquivo, o Nginx retorna - # diretamente este conteúdo HTML. A variável $host será substituída - # pelo endereço de IP que o visitante usou para chegar aqui. - return 200 'Acesso Indevido

Acesso por Endereço de IP

Você tentou acessar este servidor usando o endereço: $host.

Para acessar o site hospedado aqui, por favor, use a URL correta (ex: www.meusite.com).

'; -} diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/itguys.com.br.conf deleted file mode 100644 index bc5628c..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/itguys.com.br.conf +++ /dev/null @@ -1,105 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/itguys.com.br.conf -# -# Configuração de Proxy Reverso OTIMIZADA com redirecionamento canónico -# para o site itguys.com.br. Esta versão usa snippets para a máxima -# consistência e permite a indexação por motores de busca. - -# ============================================================================== -# BLOCO 1: Redirecionar todo o tráfego da porta 80 para a versão segura COM WWW -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name itguys.com.br www.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - location / { - return 301 https://www.itguys.com.br$request_uri; - } -} - -# ============================================================================== -# BLOCO 2: Redirecionar o tráfego HTTPS SEM WWW para a versão COM WWW -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; - - return 301 https://www.itguys.com.br$request_uri; -} - -# ============================================================================== -# BLOCO 3: O SERVIDOR PRINCIPAL E CANÓNICO (HTTPS COM WWW) -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name www.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança --- - ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # NÃO incluímos o robots_block_all.conf aqui para permitir a indexação pelo Google. - # O ficheiro robots.txt deve ser gerido pelo servidor de backend. - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - proxy_no_cache 1; - proxy_cache_bypass 1; - # Inclui os nossos cabeçalhos de proxy padrão (Host, X-Real-IP, etc.). - include /etc/nginx/snippets/proxy_params.conf; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # Localização para o formulário (sem cache) - location = /php/enviar.php { - proxy_no_cache 1; - proxy_cache_bypass 1; - proxy_pass http://172.16.12.17:80; - } - - # Localização para ficheiros estáticos (cache agressivo) - location ~* \.(jpg|jpeg|gif|png|webp|svg|css|js|ico|woff2|ttf|json)$ { - # Usa o nosso snippet de cache mais agressivo para a máxima performance. - include /etc/nginx/snippets/cache_static_assets.conf; - proxy_pass http://172.16.12.17:80; - } - - # Localização para páginas HTML estáticas (cache longo) - location ~* ^/(Sobre|Serviços)\.html$ { - proxy_no_cache 0; - proxy_cache_bypass 0; - proxy_cache_valid 200 1h; - proxy_pass http://172.16.12.17:80; - } - - # Localização principal para o resto do site (cache curto) - location / { - proxy_no_cache 0; - proxy_cache_bypass 0; - proxy_cache_valid 200 5m; - proxy_pass http://172.16.12.17:80; - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/katalog.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/katalog.itguys.com.br deleted file mode 100644 index 461aa10..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/katalog.itguys.com.br +++ /dev/null @@ -1,79 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/katalog.itguys.com.br.conf -# -# Configuração de Proxy Reverso OTIMIZADA para Snipe-IT. -# Esta versão usa snippets, inclui cache para ficheiros estáticos e está restrita à rede interna. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name katalog.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Permite a validação do Let's Encrypt, mesmo com a trava de rede na porta 443. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Redireciona todo o outro tráfego para a versão segura. - location / { - return 301 https://$host$request_uri; - } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name katalog.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança SSL --- - ssl_certificate /etc/letsencrypt/live/katalog.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/katalog.itguys.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/katalog.itguys.com.br/fullchain.pem; - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. - include /etc/nginx/snippets/internal_networks.conf; - # Bloqueia a indexação por motores de busca. - include /etc/nginx/snippets/global_robots.conf; - # Usa o nosso formato de log JSON detalhado. - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - # Usa a nossa zona de cache pública. - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - # Regra geral: NÃO cachear nada por defeito. Isto protege todo o conteúdo dinâmico. - proxy_no_cache 1; - proxy_cache_bypass 1; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # 1. Rota para Ficheiros Estáticos (Cache Agressivo) - # Apanha a "casca" da aplicação Snipe-IT para acelerar o carregamento. - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/cache_static_assets.conf; - - proxy_pass http://10.10.253.112; - } - - # 2. Rota Principal para a Aplicação (SEM CACHE) - # Apanha todo o resto do tráfego (páginas, relatórios, APIs, etc.). - location / { - include /etc/nginx/snippets/proxy_params.conf; - - proxy_pass http://10.10.253.112; - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/ns1.itguys.com.br b/nginx/nginx.bak-revert-debian/nginx/sites-available/ns1.itguys.com.br deleted file mode 100644 index 24939ec..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/ns1.itguys.com.br +++ /dev/null @@ -1,80 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/ns1.itguys.com.br.conf -# -# Configuração de Proxy Reverso OTIMIZADA para a interface web de um servidor DNS (Technitium). -# Esta versão usa snippets, inclui suporte a WebSockets e está restrita à rede interna. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name ns1.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Permite a validação do Let's Encrypt, mesmo com a trava de rede. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Redireciona todo o outro tráfego para a versão segura. - location / { - return 301 https://$host$request_uri; - } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name ns1.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. - include /etc/nginx/snippets/internal_networks.conf; - # Bloqueia a indexação por motores de busca. - include /etc/nginx/snippets/global_robots.conf; - # Usa o nosso formato de log JSON detalhado. - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - # Usa a nossa zona de cache pública. - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - # Regra geral: NÃO cachear nada por defeito. - proxy_no_cache 1; - proxy_cache_bypass 1; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # 1. Rota para Ficheiros Estáticos (Cache Agressivo) - # Apanha a "casca" da aplicação para acelerar o carregamento. - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/cache_static_assets.conf; - # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. - proxy_ssl_verify off; - proxy_pass https://172.16.254.253:53443; - } - - # 2. Rota Principal para a Aplicação (SEM CACHE, com WebSockets) - # Apanha todo o resto do tráfego (a interface, as APIs, etc.). - location / { - include /etc/nginx/snippets/proxy_params.conf; - # Inclui os parâmetros para WebSockets, essenciais para as atualizações em tempo real. - include /etc/nginx/snippets/websocket_params.conf; - # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. - proxy_ssl_verify off; - - proxy_pass https://172.16.254.253:53443; - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/telefonia.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/telefonia.itguys.com.br.conf deleted file mode 100644 index 2964266..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/telefonia.itguys.com.br.conf +++ /dev/null @@ -1,68 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/telefonia.itguys.com.br.conf -# -# Configuração de Proxy Reverso OTIMIZADA para a interface web do MagnusBilling. -# Esta versão usa snippets para modularidade, inclui suporte a WebSockets e -# está restrita à rede interna. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name telefonia.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Permite a validação do Let's Encrypt, que acontece na porta 80. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Redireciona todo o outro tráfego para a versão segura. - location / { - return 301 https://$host$request_uri; - } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name telefonia.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança SSL --- - ssl_certificate /etc/letsencrypt/live/telefonia.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/telefonia.itguys.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/telefonia.itguys.com.br/fullchain.pem; - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. - include /etc/nginx/snippets/internal_networks.conf; - # Bloqueia a indexação por motores de busca. - include /etc/nginx/snippets/global_robots.conf; - # Usa o nosso formato de log JSON detalhado. - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- Rota Principal para a Aplicação --- - # Como a interface do MagnusBilling é totalmente dinâmica, não aplicamos - # nenhuma regra de cache para garantir que os dados estejam sempre atualizados. - location / { - # Inclui os cabeçalhos de proxy padrão (Host, X-Real-IP, etc.). - include /etc/nginx/snippets/proxy_params.conf; - - # Inclui os parâmetros para WebSockets, que podem ser necessários - # para atualizações em tempo real na interface. - include /etc/nginx/snippets/websocket_params.conf; - - # Encaminha o tráfego para o seu servidor MagnusBilling. - proxy_pass http://172.16.254.130; - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/zammad.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/nginx/sites-available/zammad.itguys.com.br.conf deleted file mode 100644 index bfb096b..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/zammad.itguys.com.br.conf +++ /dev/null @@ -1,81 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/zammad.itguys.com.br.conf -# -# TEMPLATE DE CONFIGURAÇÃO OTIMIZADO PARA APLICAÇÕES WEB MODERNAS -# Este ficheiro foi reescrito para usar snippets, tornando-o mais limpo, seguro e fácil de manter. -# Acesso: RESTRITO À REDE INTERNA. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name zammad.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - location /.well-known/acme-challenge/ { root /var/www/html; } - location / { return 301 https://$host$request_uri; } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name zammad.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança SSL --- - ssl_certificate /etc/letsencrypt/live/zammad.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/zammad.itguys.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/zammad.itguys.com.br/fullchain.pem; - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # A CORREÇÃO ESTÁ AQUI: A trava de rede é incluída APENAS neste ficheiro de site. - include /etc/nginx/snippets/internal_networks.conf; - include /etc/nginx/snippets/global_robots.conf; - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # Aumenta o tamanho máximo do corpo da requisição para permitir anexos grandes. - client_max_body_size 50M; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - proxy_cache zammad_cache; - add_header X-Proxy-Cache $upstream_cache_status; - proxy_no_cache 1; # Regra geral: NÃO cachear por defeito. - proxy_cache_bypass 1; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # 1. Localização para Ficheiros Estáticos (CACHE ATIVADO) - location /assets/ { - # Inclui o nosso "kit" de cache para ficheiros estáticos. - include /etc/nginx/snippets/cache_static_assets.conf; - # Inclui os cabeçalhos de proxy padrão. - include /etc/nginx/snippets/proxy_params.conf; - proxy_pass http://172.16.254.59; - } - - # 2. Localização para WebSockets (SEM CACHE) - location /ws { - # Inclui os cabeçalhos de proxy padrão. - include /etc/nginx/snippets/proxy_params.conf; - # Inclui os parâmetros específicos para WebSockets. - include /etc/nginx/snippets/websocket_params.conf; - - # Encaminha para a porta correta do serviço de WebSocket do Zammad. - proxy_pass http://172.16.254.59:6042; - } - - # 3. Localização Principal para a Aplicação (SEM CACHE) - location / { - # Inclui os cabeçalhos de proxy padrão. - include /etc/nginx/snippets/proxy_params.conf; - proxy_pass http://172.16.254.59; - } -} diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/fastcgi-php.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/fastcgi-php.conf deleted file mode 100644 index 467a9e7..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/snippets/fastcgi-php.conf +++ /dev/null @@ -1,13 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+?\.php)(/.*)$; - -# Check that the PHP script exists before passing it -try_files $fastcgi_script_name =404; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -fastcgi_index index.php; -include fastcgi.conf; diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/snakeoil.conf b/nginx/nginx.bak-revert-debian/nginx/snippets/snakeoil.conf deleted file mode 100644 index ad26c3e..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/snippets/snakeoil.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Self signed certificates generated by the ssl-cert package -# Don't use them in a production server! - -ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; -ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/nginx/nginx.bak-revert-debian/nginx/uwsgi_params b/nginx/nginx.bak-revert-debian/nginx/uwsgi_params deleted file mode 100644 index 09c732c..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/uwsgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; diff --git a/nginx/nginx.bak-revert-debian/nginx/win-utf b/nginx/nginx.bak-revert-debian/nginx/win-utf deleted file mode 100644 index 774fd9f..0000000 --- a/nginx/nginx.bak-revert-debian/nginx/win-utf +++ /dev/null @@ -1,125 +0,0 @@ -# This map is not a full windows-1251 <> utf8 map: it does not -# contain Serbian and Macedonian letters. If you need a full map, -# use contrib/unicode2nginx/win-utf map instead. - -charset_map windows-1251 utf-8 { - - 82 E2809A; # single low-9 quotation mark - - 84 E2809E; # double low-9 quotation mark - 85 E280A6; # ellipsis - 86 E280A0; # dagger - 87 E280A1; # double dagger - 88 E282AC; # euro - 89 E280B0; # per mille - - 91 E28098; # left single quotation mark - 92 E28099; # right single quotation mark - 93 E2809C; # left double quotation mark - 94 E2809D; # right double quotation mark - 95 E280A2; # bullet - 96 E28093; # en dash - 97 E28094; # em dash - - 99 E284A2; # trade mark sign - - A0 C2A0; #   - A1 D18E; # capital Byelorussian short U - A2 D19E; # small Byelorussian short u - - A4 C2A4; # currency sign - A5 D290; # capital Ukrainian soft G - A6 C2A6; # borken bar - A7 C2A7; # section sign - A8 D081; # capital YO - A9 C2A9; # (C) - AA D084; # capital Ukrainian YE - AB C2AB; # left-pointing double angle quotation mark - AC C2AC; # not sign - AD C2AD; # soft hypen - AE C2AE; # (R) - AF D087; # capital Ukrainian YI - - B0 C2B0; # ° - B1 C2B1; # plus-minus sign - B2 D086; # capital Ukrainian I - B3 D196; # small Ukrainian i - B4 D291; # small Ukrainian soft g - B5 C2B5; # micro sign - B6 C2B6; # pilcrow sign - B7 C2B7; # · - B8 D191; # small yo - B9 E28496; # numero sign - BA D194; # small Ukrainian ye - BB C2BB; # right-pointing double angle quotation mark - - BF D197; # small Ukrainian yi - - C0 D090; # capital A - C1 D091; # capital B - C2 D092; # capital V - C3 D093; # capital G - C4 D094; # capital D - C5 D095; # capital YE - C6 D096; # capital ZH - C7 D097; # capital Z - C8 D098; # capital I - C9 D099; # capital J - CA D09A; # capital K - CB D09B; # capital L - CC D09C; # capital M - CD D09D; # capital N - CE D09E; # capital O - CF D09F; # capital P - - D0 D0A0; # capital R - D1 D0A1; # capital S - D2 D0A2; # capital T - D3 D0A3; # capital U - D4 D0A4; # capital F - D5 D0A5; # capital KH - D6 D0A6; # capital TS - D7 D0A7; # capital CH - D8 D0A8; # capital SH - D9 D0A9; # capital SHCH - DA D0AA; # capital hard sign - DB D0AB; # capital Y - DC D0AC; # capital soft sign - DD D0AD; # capital E - DE D0AE; # capital YU - DF D0AF; # capital YA - - E0 D0B0; # small a - E1 D0B1; # small b - E2 D0B2; # small v - E3 D0B3; # small g - E4 D0B4; # small d - E5 D0B5; # small ye - E6 D0B6; # small zh - E7 D0B7; # small z - E8 D0B8; # small i - E9 D0B9; # small j - EA D0BA; # small k - EB D0BB; # small l - EC D0BC; # small m - ED D0BD; # small n - EE D0BE; # small o - EF D0BF; # small p - - F0 D180; # small r - F1 D181; # small s - F2 D182; # small t - F3 D183; # small u - F4 D184; # small f - F5 D185; # small kh - F6 D186; # small ts - F7 D187; # small ch - F8 D188; # small sh - F9 D189; # small shch - FA D18A; # small hard sign - FB D18B; # small y - FC D18C; # small soft sign - FD D18D; # small e - FE D18E; # small yu - FF D18F; # small ya -} diff --git a/nginx/nginx.bak-revert-debian/proxy_params b/nginx/nginx.bak-revert-debian/proxy_params deleted file mode 100644 index df75bc5..0000000 --- a/nginx/nginx.bak-revert-debian/proxy_params +++ /dev/null @@ -1,4 +0,0 @@ -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/nginx.bak-revert-debian/scgi_params b/nginx/nginx.bak-revert-debian/scgi_params deleted file mode 100644 index 6d4ce4f..0000000 --- a/nginx/nginx.bak-revert-debian/scgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $server_name; diff --git a/nginx/nginx.bak-revert-debian/sites-available/default b/nginx/nginx.bak-revert-debian/sites-available/default deleted file mode 100644 index 335c876..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/default +++ /dev/null @@ -1,93 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## -# TESTE -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; - add_header Alt-Svc 'h3=":443"; ma=86400'; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/nginx/nginx.bak-revert-debian/sites-available/default-modsecurity.conf b/nginx/nginx.bak-revert-debian/sites-available/default-modsecurity.conf deleted file mode 100644 index 3d8b3fd..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/default-modsecurity.conf +++ /dev/null @@ -1,98 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Enable ModSecurity WAF, if need - #modsecurity on; - # Load ModSecurity CRS, if need - #modsecurity_rules_file /etc/nginx/modsecurity_includes.conf; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; - add_header Alt-Svc 'h3=":443"; ma=86400'; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/nginx/nginx.bak-revert-debian/sites-available/dns-primario.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/dns-primario.itguys.com.br deleted file mode 100644 index 2eaf37e..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/dns-primario.itguys.com.br +++ /dev/null @@ -1,63 +0,0 @@ -# Bloco para redirecionar todo o tráfego HTTP para HTTPS -server { - listen 80; - listen [::]:80; - server_name dns-primario.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name dns-primario.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # O Certbot irá gerenciar estas linhas - # ssl_certificate /etc/letsencrypt/live/ns1.itguys.com.br/fullchain.pem; - # ssl_certificate_key /etc/letsencrypt/live/ns1.itguys.com.br/privkey.pem; - include /etc/nginx/snippets/global_robots.conf; - include /etc/nginx/snippets/internal_networks.conf; - - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- CABEÇALHOS DE PROXY GLOBAIS --- - # Colocados aqui, eles serão herdados por TODAS as localizações abaixo. - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_ssl_verify off; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - proxy_no_cache 1; # Regra geral: NÃO cachear - proxy_cache_bypass 1; - - # --- LOCALIZAÇÃO PARA ARQUIVOS ESTÁTICOS (CACHE ATIVADO) --- - # Este é o primeiro bloco "irmão" - location ~* \.(css|js|jpg|jpeg|gif|png|ico|svg|webp|ttf|woff2)$ { - proxy_no_cache 0; # Ativa o cache para esta localização - proxy_cache_bypass 0; - proxy_cache_valid 200 60m; - - proxy_pass https://172.16.254.252:53443; - } - - # --- LOCALIZAÇÃO PRINCIPAL (SEM CACHE) --- - # Este é o segundo bloco "irmão", ele pega todo o resto. - location / { - # O cache permanece desativado aqui por herdar da regra geral - proxy_pass https://172.16.254.252:53443; - } -} diff --git a/nginx/nginx.bak-revert-debian/sites-available/git.itguys.com.br.conf b/nginx/nginx.bak-revert-debian/sites-available/git.itguys.com.br.conf deleted file mode 100644 index ad70409..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/git.itguys.com.br.conf +++ /dev/null @@ -1,112 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/git.itguys.com.br.conf -# -# Configuração de Proxy Reverso com Cache Inteligente e suporte para operações Git sobre HTTP/S. -# Esta versão é para acesso público e NÃO usa HTTP/3. - -# ============================================================================== -# BLOCO HTTP: Redirecionar todo o tráfego inseguro para HTTPS -# ============================================================================== -server { - if ($host = git.itguys.com.br) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - listen [::]:80; - server_name git.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Regra especial para a validação do Let's Encrypt funcionar corretamente. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - location / { - return 301 https://$host$request_uri; - } - - -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - # --- Configuração de Escuta (Apenas TCP para HTTP/2) --- - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - - server_name git.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - include /etc/nginx/snippets/global_robots.conf; - # --- Cabeçalhos de Segurança --- - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - # --- Configurações de Log --- - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA E SEGURA --- - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - proxy_no_cache 1; - proxy_cache_bypass 1; - - # --- LOCALIZAÇÃO PARA OPERAÇÕES GIT (SEM CACHE, TIMEOUTS LONGOS) --- - # Esta regra é a mais importante. Ela captura as URLs usadas pelos clientes Git. - location ~ /.*/(git-upload-pack|git-receive-pack|info/refs|HEAD|objects) { - # DESATIVA o cache completamente para estas operações. - proxy_no_cache 1; - proxy_cache_bypass 1; - - # Aumenta os timeouts para 1 hora para suportar pushes e pulls grandes. - proxy_read_timeout 3600s; - proxy_send_timeout 300s; - - # Desativa o buffering para permitir o streaming de grandes volumes de dados. - proxy_buffering off; - proxy_request_buffering off; - - proxy_pass http://10.10.253.128; - - # Cabeçalhos de proxy essenciais - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # --- LOCALIZAÇÃO PARA FICHEIROS ESTÁTICOS (CACHE ATIVADO) --- - # Esta regra captura ficheiros que são seguros para cachear (interface do Gitea). - location ~* \.(jpg|jpeg|gif|png|webp|svg|css|js|ico|woff2|ttf)$ { - # Ativa o cache apenas para estes ficheiros. - proxy_no_cache 0; - proxy_cache_bypass 0; - proxy_cache_valid 200 60m; - - proxy_pass http://10.10.253.128; - proxy_set_header Host $host; - } - - # --- LOCALIZAÇÃO PRINCIPAL PARA A INTERFACE WEB (SEM CACHE) --- - # Esta regra apanha todo o resto do tráfego (páginas, APIs, WebSockets). - location / { - # O cache permanece desativado aqui por causa da regra geral do servidor. - proxy_pass http://10.10.253.128; - - # Cabeçalhos essenciais para que a interface e os WebSockets funcionem. - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - ssl_certificate /etc/letsencrypt/live/git.itguys.com.br/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/git.itguys.com.br/privkey.pem; # managed by Certbot -} diff --git a/nginx/nginx.bak-revert-debian/sites-available/mimir.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/mimir.itguys.com.br deleted file mode 100644 index 449f67f..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/mimir.itguys.com.br +++ /dev/null @@ -1,82 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/mimir.itguys.com.br.conf -# -# Configuração de Proxy Reverso OTIMIZADA para Zabbix. -# Esta versão usa snippets, inclui cache para ficheiros estáticos e está restrita à rede interna. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name mimir.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Permite a validação do Let's Encrypt, mesmo com a trava de rede na porta 443. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Redireciona todo o outro tráfego para a versão segura. - location / { - return 301 https://$host$request_uri; - } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name mimir.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança SSL --- - ssl_certificate /etc/letsencrypt/live/mimir.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/mimir.itguys.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/mimir.itguys.com.br/fullchain.pem; - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. - include /etc/nginx/snippets/internal_networks.conf; - # Bloqueia a indexação por motores de busca. - include /etc/nginx/snippets/global_robots.conf; - # Usa o nosso formato de log JSON detalhado. - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - # Usa a nossa zona de cache pública. - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - # Regra geral: NÃO cachear nada por defeito. Isto protege todo o conteúdo dinâmico. - proxy_no_cache 1; - proxy_cache_bypass 1; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # 1. Rota para Ficheiros Estáticos (Cache Agressivo) - # Apanha a "casca" da aplicação Zabbix para acelerar o carregamento. - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/cache_static_assets.conf; - - proxy_pass http://172.16.254.11; - } - - # 2. Rota Principal para a Aplicação (SEM CACHE) - # Apanha todo o resto do tráfego (zabbix.php, dashboards, APIs, etc.). - location / { - include /etc/nginx/snippets/proxy_params.conf; - # Embora o Zabbix não use WebSockets de forma intensiva, incluir este snippet - # não prejudica e mantém a configuração padronizada. - include /etc/nginx/snippets/websocket_params.conf; - - proxy_pass http://172.16.254.11; - } -} diff --git a/nginx/nginx.bak-revert-debian/sites-available/monitoramento.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/monitoramento.itguys.com.br deleted file mode 100644 index bf63f11..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/monitoramento.itguys.com.br +++ /dev/null @@ -1,83 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/monitoramento.itguys.com.br.conf -# -# Configuração de Proxy Reverso OTIMIZADA para Grafana. -# Esta versão usa snippets, inclui suporte a WebSockets e está restrita à rede interna. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name monitoramento.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Permite a validação do Let's Encrypt, mesmo com a trava de rede. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Redireciona todo o outro tráfego para a versão segura. - location / { - return 301 https://$host$request_uri; - } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name monitoramento.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- Certificados e Segurança SSL --- - ssl_certificate /etc/letsencrypt/live/monitoramento.itguys.com.br/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/monitoramento.itguys.com.br/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/monitoramento.itguys.com.br/fullchain.pem; - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # Bloqueia a indexação por motores de busca. - include /etc/nginx/snippets/global_robots.conf; - # Usa o nosso formato de log JSON detalhado. - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - # Usa a nossa zona de cache pública. - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - # Regra geral: NÃO cachear nada por defeito. - proxy_no_cache 1; - proxy_cache_bypass 1; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # 1. Rota para Ficheiros Estáticos do Grafana (CACHE ATIVADO) - # O Grafana serve a sua "casca" (CSS, JS, etc.) a partir do caminho /public/ - location /public/ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/cache_static_assets.conf; - proxy_pass http://172.16.254.13:3000; - } - - # 2. Rota para WebSockets do Grafana (SEM CACHE) - # Essencial para os dashboards com atualização em tempo real. - location /api/live/ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/websocket_params.conf; - proxy_pass http://172.16.254.13:3000; - } - - # 3. Rota Principal para a Aplicação (SEM CACHE) - # Apanha todo o resto do tráfego (dashboards, APIs, etc.). - location / { - include /etc/nginx/snippets/proxy_params.conf; - proxy_pass http://172.16.254.13:3000; - } -} diff --git a/nginx/nginx.bak-revert-debian/sites-available/ns2.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/ns2.itguys.com.br deleted file mode 100644 index 5bdedbf..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/ns2.itguys.com.br +++ /dev/null @@ -1,80 +0,0 @@ -# Ficheiro: /etc/nginx/sites-available/ns2.itguys.com.br.conf -# -# Configuração de Proxy Reverso OTIMIZADA para a interface web de um servidor DNS (Technitium). -# Esta versão usa snippets, inclui suporte a WebSockets e está restrita à rede interna. - -# ============================================================================== -# BLOCO HTTP: Redirecionar para HTTPS -# ============================================================================== -server { - listen 80; - listen [::]:80; - server_name ns2.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Permite a validação do Let's Encrypt, mesmo com a trava de rede. - location /.well-known/acme-challenge/ { - root /var/www/html; - } - - # Redireciona todo o outro tráfego para a versão segura. - location / { - return 301 https://$host$request_uri; - } -} - -# ============================================================================== -# BLOCO HTTPS: O Coração da nossa Configuração -# ============================================================================== -server { - listen 443 ssl http2; - listen 443 quic reuseport; - listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; - server_name ns2.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. - include /etc/nginx/snippets/ssl_params.conf; - - # --- Políticas de Acesso e Logs --- - # A TRAVA DE SEGURANÇA: Restringe o acesso apenas às suas redes internas. - include /etc/nginx/snippets/internal_networks.conf; - # Bloqueia a indexação por motores de busca. - include /etc/nginx/snippets/global_robots.conf; - # Usa o nosso formato de log JSON detalhado. - access_log /var/log/nginx/access.log detailed_proxy; - error_log /var/log/nginx/error.log; - - # --- ESTRATÉGIA DE CACHE HÍBRIDA --- - # Usa a nossa zona de cache pública. - proxy_cache zabbix_cache; - add_header X-Proxy-Cache $upstream_cache_status; - # Regra geral: NÃO cachear nada por defeito. - proxy_no_cache 1; - proxy_cache_bypass 1; - - # --- REGRAS DE ROTEAMENTO (LOCATIONS) --- - - # 1. Rota para Ficheiros Estáticos (Cache Agressivo) - # Apanha a "casca" da aplicação para acelerar o carregamento. - location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff2?|ttf|eot)$ { - include /etc/nginx/snippets/proxy_params.conf; - include /etc/nginx/snippets/cache_static_assets.conf; - # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. - proxy_ssl_verify off; - proxy_pass https://172.16.254.251:53443; - } - - # 2. Rota Principal para a Aplicação (SEM CACHE, com WebSockets) - # Apanha todo o resto do tráfego (a interface, as APIs, etc.). - location / { - include /etc/nginx/snippets/proxy_params.conf; - # Inclui os parâmetros para WebSockets, essenciais para as atualizações em tempo real. - include /etc/nginx/snippets/websocket_params.conf; - # Como o backend é HTTPS, precisamos de dizer ao Nginx para não verificar o certificado interno. - proxy_ssl_verify off; - - proxy_pass https://172.16.254.251:53443; - } -} diff --git a/nginx/nginx.bak-revert-debian/sites-available/proxy.itguys.com.br b/nginx/nginx.bak-revert-debian/sites-available/proxy.itguys.com.br deleted file mode 100644 index 78c7890..0000000 --- a/nginx/nginx.bak-revert-debian/sites-available/proxy.itguys.com.br +++ /dev/null @@ -1,71 +0,0 @@ -server { - if ($host = proxy.itguys.com.br) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - server_name proxy.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # ---- CONTROLE DE ACESSO ---- - # 1. Inclui o arquivo de restrição de IPs - #include /etc/nginx/conf.d/internal_networks.conf; - # ---- FIM DO CONTROLE DE ACESSO ---- - - # Redireciona para HTTPS - location / { - return 301 https://$host$request_uri; - } - - -} - -server { - listen 443 ssl http2; - listen 443 quic reuseport; - server_name proxy.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; - - # --- CAMINHO PARA OS CERTIFICADOS SSL (Será preenchido pelo Certbot) --- - # ssl_certificate /etc/letsencrypt/live/proxy.itguys.com.br/fullchain.pem; - # ssl_certificate_key /etc/letsencrypt/live/proxy.itguys.com.br/privkey.pem; - - # ---- CONTROLE DE ACESSO (Repetido para HTTPS) ---- - include /etc/nginx/conf.d/internal_networks.conf; - error_page 403 @acesso_negado; - - # Localização do relatório HTML estático - location / { - root /var/www/html/goaccess; - index report.html; - } - - # Localização do WebSocket para atualizações em tempo real - location /ws { - # O GoAccess por padrão abre o websocket na porta 7890 - proxy_pass http://127.0.0.1:7890; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - # ------------------------------------------------------------------- - # ---- BLOCO QUE GERA A NOSSA PÁGINA DE ERRO 403 PERSONALIZADA ---- - # - # O @ significa que esta é uma localização "nomeada" e só pode ser - # acessada internamente pelo Nginx, não diretamente por um usuário. - location @acesso_negado { - default_type text/html; - charset utf-8; - - # Retornamos o código de status 403 (correto para o erro) - # mas com o nosso próprio conteúdo HTML. - # A variável $remote_addr mostrará ao usuário o IP que foi bloqueado. - return 403 'Acesso Negado

403 - Acesso Negado

O acesso a este recurso é restrito e permitido apenas a partir de redes autorizadas.

Seu endereço de IP ($remote_addr) não está na lista de permissões.

'; - } - # ------------------------------------------------------------------- - - ssl_certificate /etc/letsencrypt/live/proxy.itguys.com.br/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/proxy.itguys.com.br/privkey.pem; # managed by Certbot -} diff --git a/nginx/nginx.bak-revert-debian/snippets/cache_immutable_static.conf b/nginx/nginx.bak-revert-debian/snippets/cache_immutable_static.conf deleted file mode 100644 index 4b11ce7..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/cache_immutable_static.conf +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/nginx/snippets/cache_immutable_static.conf -# -# Snippet de cache EXTREMAMENTE agressivo para ficheiros estáticos que usam -# a técnica de "cache busting" (como o Nextcloud). - -# Ativa o cache para esta localização, usando a nossa zona de cache estática. -proxy_cache static_cache; -proxy_no_cache 0; -proxy_cache_bypass 0; - -# Otimizações de alta disponibilidade. -proxy_cache_lock on; -proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - -# Define que as respostas válidas ficam no cache do Nginx por 30 dias. -proxy_cache_valid 200 30d; - -# --- A OTIMIZAÇÃO MÁXIMA --- -# Instrui o NAVEGADOR do cliente a guardar uma cópia por 1 ANO e a NUNCA a revalidar. -# A flag 'immutable' diz ao navegador: "Este ficheiro nunca mudará. Não volte a pedi-lo." -expires 1y; -add_header Cache-Control "public, immutable"; diff --git a/nginx/nginx.bak-revert-debian/snippets/cache_static_assets.conf b/nginx/nginx.bak-revert-debian/snippets/cache_static_assets.conf deleted file mode 100644 index 1e26146..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/cache_static_assets.conf +++ /dev/null @@ -1,30 +0,0 @@ -# /etc/nginx/snippets/cache_aggressive_static.conf -# -# Snippet de cache agressivo para ficheiros estáticos que raramente mudam. -# AVISO: Só use isto se os seus ficheiros tiverem nomes únicos a cada deploy (técnica de "cache busting"). - -# --- Configuração do Cache do Nginx --- - -# Ativa o cache para esta localização, usando a zona de cache 'static_cache'. -# Garanta que esta zona está definida no seu /etc/nginx/nginx.conf. -proxy_cache static_cache; -# Define que as respostas válidas ficam no cache do Nginx por 30 dias. -proxy_cache_valid 200 301 302 30d; -# Cacheia erros de "Não Encontrado" por um período curto. -proxy_cache_valid 404 1m; -# Em caso de erro no backend, serve uma versão antiga do cache em vez de mostrar um erro. -proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; -# Ativa explicitamente o cache para esta localização. -proxy_no_cache 0; -proxy_cache_bypass 0; -# Otimização que impede que múltiplas requisições para o mesmo recurso em falta atinjam o backend. -proxy_cache_lock on; - -# --- Configuração do Cache do Cliente (Navegador) --- - -# Instrui o NAVEGADOR do cliente a guardar uma cópia por 30 dias e a nunca a revalidar. -# 'immutable' é uma otimização de performance poderosa. -add_header Cache-Control "public, immutable, max-age=2592000"; - -# Adiciona um cabeçalho de depuração para vermos o status do cache (HIT/MISS/BYPASS). -add_header X-Cache-Status $upstream_cache_status; diff --git a/nginx/nginx.bak-revert-debian/snippets/compression_params.conf b/nginx/nginx.bak-revert-debian/snippets/compression_params.conf deleted file mode 100644 index 0c92b8b..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/compression_params.conf +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/nginx/snippets/compression_params.conf -# -# Configurações otimizadas para compressão Brotli e Gzip. -# --- Brotli (Prioridade 1, se o navegador suportar) --- -brotli on; -brotli_types text/plain text/css text/xml application/javascript application/json application/xml image/svg+xml; -brotli_comp_level 6; - -# --- Gzip (Fallback, para navegadores antigos) --- -# Ativa a compressão Gzip. -gzip on; -# Define os mesmos tipos de ficheiros. -gzip_types text/plain text/css application/json application/javascript text/xml application/xml image/svg+xml; -# Diz aos proxies para não modificarem o cabeçalho. -gzip_proxied any; -# Nível de compressão. -gzip_comp_level 6; -# Adiciona um cabeçalho para que os proxies saibam que o conteúdo varia com base na compressão. -gzip_vary on; diff --git a/nginx/nginx.bak-revert-debian/snippets/fastcgi-php.conf b/nginx/nginx.bak-revert-debian/snippets/fastcgi-php.conf deleted file mode 100644 index 467a9e7..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/fastcgi-php.conf +++ /dev/null @@ -1,13 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+?\.php)(/.*)$; - -# Check that the PHP script exists before passing it -try_files $fastcgi_script_name =404; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -fastcgi_index index.php; -include fastcgi.conf; diff --git a/nginx/nginx.bak-revert-debian/snippets/global_robots.conf b/nginx/nginx.bak-revert-debian/snippets/global_robots.conf deleted file mode 100644 index 9645eae..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/global_robots.conf +++ /dev/null @@ -1,13 +0,0 @@ -# /etc/nginx/conf.d/global_robots.conf -# -# Esta configuração serve um ficheiro robots.txt genérico e restritivo -# para TODOS os sites servidos por este Nginx. - -location = /robots.txt { - # Adiciona um log para sabermos quando este ficheiro foi acedido. - access_log /var/log/nginx/robots.log; - - # Retorna o código de status 200 (OK) com o tipo de conteúdo 'text/plain'. - # O conteúdo é gerado diretamente aqui, sem precisar de um ficheiro físico. - return 200 "User-agent: *\nDisallow: /\n"; -} diff --git a/nginx/nginx.bak-revert-debian/snippets/internal_networks.conf b/nginx/nginx.bak-revert-debian/snippets/internal_networks.conf deleted file mode 100644 index 890fe4b..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/internal_networks.conf +++ /dev/null @@ -1,6 +0,0 @@ -# Redes internas permitidas -allow 172.16.254.0/24; # Rede Infraestrutura -allow 10.10.253.0/24; # Rede Lan -allow 10.11.0.0/24; # Rede VPN -allow 10.10.5.6; # Maquina Vitor dentro da Enseg -deny all; # Bloqueia todos os outros diff --git a/nginx/nginx.bak-revert-debian/snippets/proxy_params.conf b/nginx/nginx.bak-revert-debian/snippets/proxy_params.conf deleted file mode 100644 index 8b1a7e6..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/proxy_params.conf +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/nginx/snippets/proxy_params.conf -# -# Snippet com os cabeçalhos de proxy padrão e essenciais. -# Estes cabeçalhos garantem que a aplicação de backend receba -# informações cruciais sobre a requisição original do cliente. - -# Passa o nome do host original pedido pelo cliente. Essencial para aplicações multi-tenant. -proxy_set_header Host $host; - -# Passa o endereço de IP real do cliente. -proxy_set_header X-Real-IP $remote_addr; - -# Passa uma lista de todos os IPs pelos quais a requisição passou (incluindo o do cliente). -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - -# Informa ao backend se a conexão original foi HTTP ou HTTPS. -proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/nginx.bak-revert-debian/snippets/snakeoil.conf b/nginx/nginx.bak-revert-debian/snippets/snakeoil.conf deleted file mode 100644 index ad26c3e..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/snakeoil.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Self signed certificates generated by the ssl-cert package -# Don't use them in a production server! - -ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; -ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/nginx/nginx.bak-revert-debian/snippets/ssl_params.conf b/nginx/nginx.bak-revert-debian/snippets/ssl_params.conf deleted file mode 100644 index 9e6dfb8..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/ssl_params.conf +++ /dev/null @@ -1,41 +0,0 @@ -# /etc/nginx/snippets/ssl_params.conf -# -# Parâmetros de SSL e segurança centralizados, otimizados e reutilizáveis. -# --- Configurações de Protocolo e Cifras --- -# Permite apenas os protocolos TLS modernos e seguros. -ssl_protocols TLSv1.2 TLSv1.3; - -# Dá preferência às cifras do servidor, que nós definimos como seguras. -ssl_prefer_server_ciphers on; - -# Lista de cifras modernas, seguras e com boa performance. -ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; - -# --- Configurações de Sessão e Performance --- -# Cache de sessão para acelerar reconexões TLS. 50MB pode guardar ~200,000 sessões. -ssl_session_cache shared:SSL:50m; -ssl_session_timeout 1d; - -# Desativa os 'session tickets' por segurança, favorecendo o 'session cache'. -ssl_session_tickets off; - -# Ativa o OCSP Stapling para acelerar a verificação de certificados. -ssl_stapling on; -ssl_stapling_verify on; - -# Define os servidores DNS para a verificação do OCSP. -resolver 1.0.0.1 8.8.8.8 1.1.1.1 8.8.4.4 valid=300s; -resolver_timeout 15s; - -# Aponta para o nosso ficheiro de parâmetros Diffie-Hellman para Perfect Forward Secrecy. -ssl_dhparam /etc/ssl/certs/dhparam.pem; - -# --- Cabeçalhos HTTP de Segurança --- -# Força o uso de HTTPS por 2 anos e inclui subdomínios. 'preload' permite a submissão para listas de HSTS dos navegadores. -add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; - -# Impede que o navegador tente interpretar MIME types incorretamente. -add_header X-Content-Type-Options "nosniff" always; - -# Protege contra ataques de 'clickjacking', impedindo que o site seja incorporado em iframes de outros domínios. -add_header X-Frame-Options "SAMEORIGIN" always; diff --git a/nginx/nginx.bak-revert-debian/snippets/websocket_params.conf b/nginx/nginx.bak-revert-debian/snippets/websocket_params.conf deleted file mode 100644 index 4b38909..0000000 --- a/nginx/nginx.bak-revert-debian/snippets/websocket_params.conf +++ /dev/null @@ -1,16 +0,0 @@ -# /etc/nginx/snippets/websocket_params.conf -# -# Parâmetros otimizados e corrigidos para conexões WebSocket. -# Este snippet DEVE ser usado em conjunto com o proxy_params.conf. - -# As 3 linhas mágicas para permitir a "promoção" da conexão para WebSocket. -proxy_http_version 1.1; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection "upgrade"; - -# Desativa o buffering para garantir a comunicação em tempo real. -proxy_buffering off; - -# Define um timeout longo para evitar que as conexões de longa duração sejam fechadas. -proxy_read_timeout 86400s; # 24 horas -proxy_send_timeout 86400s; # 24 horas diff --git a/nginx/nginx.bak-revert-debian/unicode.mapping b/nginx/nginx.bak-revert-debian/unicode.mapping deleted file mode 100644 index 2654c4a..0000000 --- a/nginx/nginx.bak-revert-debian/unicode.mapping +++ /dev/null @@ -1,96 +0,0 @@ -(MAC - Roman) - - -(MAC - Icelandic) - - -1250 (ANSI - Central Europe) -00a1:21 00a2:63 00a3:4c 00a5:59 00aa:61 00b2:32 00b3:33 00b9:31 00ba:6f 00bc:31 00bd:31 00be:33 00c0:41 00c3:41 00c5:41 00c6:41 00c8:45 00ca:45 00cc:49 00cf:49 00d1:4e 00d2:4f 00d5:4f 00d8:4f 00d9:55 00db:55 00e0:61 00e3:61 00e5:61 00e6:61 00e8:65 00ea:65 00ec:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f8:6f 00f9:75 00fb:75 00ff:79 0100:41 0101:61 0108:43 0109:63 010a:43 010b:63 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 013b:4c 013c:6c 0145:4e 0146:6e 014c:4f 014d:6f 014e:4f 014f:6f 0152:4f 0153:6f 0156:52 0157:72 015c:53 015d:73 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0180:62 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2032:27 2035:60 203c:21 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2191:5e 2194:2d 2195:7c 21a8:7c 2212:2d 2215:2f 2216:5c 2217:2a 221f:4c 2223:7c 2236:3a 223c:7e 2303:5e 2329:3c 232a:3e 2502:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263c:30 2640:2b 2642:3e 266a:64 266b:64 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -1251 (ANSI - Cyrillic) -00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 203c:21 2190:3c 2191:5e 2192:3e 2193:76 2194:2d 221a:76 221f:4c 2500:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2552:2d 2558:4c 2559:4c 255a:4c 255b:2d 255c:2d 255d:2d 2564:54 2565:54 2566:54 256a:2b 256b:2b 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -1252 (ANSI - Latin I) -0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c8:27 02cb:60 02cd:5f 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 0393:47 0398:54 03a3:53 03a6:46 03a9:4f 03b1:61 03b4:64 03b5:65 03c0:70 03c3:73 03c4:74 03c6:66 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2017:3d 2032:27 2035:60 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 207f:6e 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2212:2d 2215:2f 2216:5c 2217:2a 221a:76 221e:38 2223:7c 2229:6e 2236:3a 223c:7e 2261:3d 2264:3d 2265:3d 2303:5e 2320:28 2321:29 2329:3c 232a:3e 2500:2d 250c:2b 2510:2b 2514:2b 2518:2b 251c:2b 252c:2d 2534:2d 253c:2b 2550:2d 2552:2b 2553:2b 2554:2b 2555:2b 2556:2b 2557:2b 2558:2b 2559:2b 255a:2b 255b:2b 255c:2b 255d:2b 2564:2d 2565:2d 2566:2d 2567:2d 2568:2d 2569:2d 256a:2b 256b:2b 256c:2b 2584:5f 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -1253 (ANSI - Greek) -00b4:2f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 037e:3b 203c:21 2190:3c 2191:5e 2192:3e 2193:76 2194:2d 221f:4c 2500:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -1254 (ANSI - Turkish) -00dd:59 00fd:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c7:5e 02c8:27 02cb:60 02cd:5f 02d8:5e 02d9:27 0300:60 0302:5e 0331:5f 0332:5f 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2032:27 2035:60 203c:21 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2081:30 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2191:5e 2193:76 2194:2d 2195:7c 21a8:7c 2212:2d 2215:2f 2216:5c 2217:2a 221f:4c 2223:7c 2236:3a 223c:7e 2303:5e 2329:3c 232a:3e 2502:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:3d 301d:22 301e:22 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -1255 (ANSI - Hebrew) -0191:46 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -1256 (ANSI - Arabic) -0620:41 0621:41 0622:43 0623:45 0624:45 0625:45 0626:45 0627:49 0628:49 0629:4f 062a:55 062b:55 062c:55 062d:46 062e:43 062f:44 0630:45 0631:46 0632:47 0633:48 0634:49 0635:4a 0636:4b 0637:4c 0638:4d 0639:4e 063a:4f 0641:41 0642:42 0643:43 0644:44 0645:45 0646:46 0647:47 0648:48 0649:49 064a:4a 064b:4b 064c:4c 064d:4d 064e:4e 064f:4f 0650:50 0651:51 0652:52 - -1257 (ANSI - Baltic) -ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -1258 (ANSI/OEM - Viet Nam) -ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -20127 (US-ASCII) -00a0:20 00a1:21 00a2:63 00a4:24 00a5:59 00a6:7c 00a9:43 00aa:61 00ab:3c 00ad:2d 00ae:52 00b2:32 00b3:33 00b7:2e 00b8:2c 00b9:31 00ba:6f 00bb:3e 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -20261 (T.61) -f8dd:5c f8de:5e f8df:60 f8e0:7b f8fc:7d f8fd:7e f8fe:7f - -20866 (Russian - KOI8) -00a7:15 00ab:3c 00ad:2d 00ae:52 00b1:2b 00b6:14 00bb:3e 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2026:3a 2030:25 2039:3c 203a:3e 203c:13 2122:54 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 221f:1c 2302:7f 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e - -28591 (ISO 8859-1 Latin I) -0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -28592 (ISO 8859-2 Central Europe) -00a1:21 00a2:63 00a5:59 00a6:7c 00a9:43 00aa:61 00ab:3c 00ae:52 00b2:32 00b3:33 00b7:2e 00b9:31 00ba:6f 00bb:3e 00c0:41 00c3:41 00c5:41 00c6:41 00c8:45 00ca:45 00cc:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d5:4f 00d8:4f 00d9:55 00db:55 00e0:61 00e3:61 00e5:61 00e6:61 00e8:65 00ea:65 00ec:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f8:6f 00f9:75 00fb:75 00ff:79 0100:41 0101:61 0108:43 0109:63 010a:43 010b:63 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 013b:4c 013c:6c 0145:4e 0146:6e 014c:4f 014d:6f 014e:4f 014f:6f 0152:4f 0153:6f 0156:52 0157:72 015c:53 015d:73 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -28605 (ISO 8859-15 Latin 9) -00a6:7c 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0138:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014a:4e 014b:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:54 0169:74 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -37 (IBM EBCDIC - U.S./Canada) -0004:37 0005:2d 0006:2e 0007:2f 0008:16 0009:05 000a:25 0014:3c 0015:3d 0016:32 0017:26 001a:3f 001b:27 0020:40 0021:5a 0022:7f 0023:7b 0024:5b 0025:6c 0026:50 0027:7d 0028:4d 0029:5d 002a:5c 002b:4e 002c:6b 002d:60 002e:4b 002f:61 003a:7a 003b:5e 003c:4c 003d:7e 003e:6e 003f:6f 0040:7c 005f:6d 0060:79 007c:4f 007f:07 0080:20 0081:21 0082:22 0083:23 0084:24 0085:15 0086:06 0087:17 0088:28 0089:29 008a:2a 008b:2b 008c:2c 008d:09 008e:0a 008f:1b 0090:30 0091:31 0092:1a 0093:33 0094:34 0095:35 0096:36 0097:08 0098:38 0099:39 009a:3a 009b:3b 009c:04 009d:14 009e:3e 00a0:41 00a2:4a 00a6:6a 00ac:5f 00c0:64 00c1:65 00c2:62 00c3:66 00c4:63 00c5:67 00c7:68 00c8:74 00c9:71 00ca:72 00cb:73 00cc:78 00cd:75 00ce:76 00cf:77 00d1:69 00df:59 00e0:44 00e1:45 00e2:42 00e3:46 00e4:43 00e5:47 00e7:48 00e8:54 00e9:51 00ea:52 00eb:53 00ec:58 00ed:55 00ee:56 00ef:57 00f1:49 00f8:70 ff01:5a ff02:7f ff03:7b ff04:5b ff05:6c ff06:50 ff07:7d ff08:4d ff09:5d ff0a:5c ff0b:4e ff0c:6b ff0d:60 ff0e:4b ff0f:61 ff1a:7a ff1b:5e ff1c:4c ff1d:7e ff1e:6e ff20:7c ff3f:6d ff40:79 ff5c:4f - -437 (OEM - United States) -00a4:0f 00a7:15 00a8:22 00a9:63 00ad:2d 00ae:72 00af:5f 00b3:33 00b4:27 00b6:14 00b8:2c 00b9:31 00be:5f 00c0:41 00c1:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d7:78 00d8:4f 00d9:55 00da:55 00db:55 00dd:59 00de:5f 00e3:61 00f0:64 00f5:6f 00f8:6f 00fd:79 00fe:5f 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02ca:27 02cb:60 02cd:5f 02dc:7e 0300:60 0301:27 0302:5e 0303:7e 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:60 2019:27 201a:2c 201c:22 201d:22 201e:2c 2020:2b 2022:07 2026:2e 2030:25 2032:27 2035:60 2039:3c 203a:3e 203c:13 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:09 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2122:54 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2212:2d 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 2758:7c 3000:20 3007:09 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -500 (IBM EBCDIC - International) -0004:37 0005:2d 0006:2e 0007:2f 0008:16 0009:05 000a:25 0014:3c 0015:3d 0016:32 0017:26 001a:3f 001b:27 0020:40 0021:4f 0022:7f 0023:7b 0024:5b 0025:6c 0026:50 0027:7d 0028:4d 0029:5d 002a:5c 002b:4e 002c:6b 002d:60 002e:4b 002f:61 003a:7a 003b:5e 003c:4c 003d:7e 003e:6e 003f:6f 0040:7c 005b:4a 005d:5a 005e:5f 005f:6d 0060:79 007f:07 0080:20 0081:21 0082:22 0083:23 0084:24 0085:15 0086:06 0087:17 0088:28 0089:29 008a:2a 008b:2b 008c:2c 008d:09 008e:0a 008f:1b 0090:30 0091:31 0092:1a 0093:33 0094:34 0095:35 0096:36 0097:08 0098:38 0099:39 009a:3a 009b:3b 009c:04 009d:14 009e:3e 00a0:41 00a6:6a 00c0:64 00c1:65 00c2:62 00c3:66 00c4:63 00c5:67 00c7:68 00c8:74 00c9:71 00ca:72 00cb:73 00cc:78 00cd:75 00ce:76 00cf:77 00d1:69 00df:59 00e0:44 00e1:45 00e2:42 00e3:46 00e4:43 00e5:47 00e7:48 00e8:54 00e9:51 00ea:52 00eb:53 00ec:58 00ed:55 00ee:56 00ef:57 00f1:49 00f8:70 ff01:4f ff02:7f ff03:7b ff04:5b ff05:6c ff06:50 ff07:7d ff08:4d ff09:5d ff0a:5c ff0b:4e ff0c:6b ff0d:60 ff0e:4b ff0f:61 ff1a:7a ff1b:5e ff1c:4c ff1d:7e ff1e:6e ff20:7c ff3b:4a ff3d:5a ff3e:5f ff3f:6d ff40:79 - -850 (OEM - Multilingual Latin I) -0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01a9:53 01ab:74 01ae:54 01af:55 01b0:75 01b6:5a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:27 02cd:5f 02dc:7e 0300:27 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 0393:47 03a3:53 03a6:46 03a9:4f 03b1:61 03b4:64 03b5:65 03c0:70 03c3:73 03c4:74 03c6:66 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:2e 2030:25 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:39 207f:6e 2080:30 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2122:54 2124:5a 2126:4f 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2211:53 2212:2d 2215:2f 2216:2f 2217:2a 2219:07 221a:56 221e:38 221f:1c 2229:6e 2236:3a 223c:7e 2248:7e 2261:3d 2264:3d 2265:3d 2302:7f 2303:5e 2320:28 2321:29 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 2713:56 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -860 (OEM - Portuguese) -00a4:0f 00a5:59 00a7:15 00a8:22 00a9:63 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00be:33 00c4:41 00c5:41 00c6:41 00cb:45 00ce:49 00cf:49 00d0:44 00d6:4f 00d7:58 00d8:4f 00db:55 00dd:59 00de:54 00e4:61 00e5:61 00e6:61 00eb:65 00ee:69 00ef:69 00f0:64 00f6:6f 00f8:6f 00fb:75 00fd:79 00fe:74 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:5c 0161:7c 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 0278:66 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:5f 2011:5f 2013:5f 2014:5f 2017:5f 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:07 2024:07 2026:2e 2030:25 2032:27 2035:60 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212b:41 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 - -861 (OEM - Icelandic) -00a2:63 00a4:0f 00a5:59 00a7:15 00a8:22 00a9:63 00aa:61 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00ba:6f 00be:33 00c0:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d4:4f 00d5:4f 00d7:58 00d9:55 00db:55 00e3:61 00ec:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f9:75 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 0278:66 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 - -863 (OEM - Canadian French) -00a1:21 00a5:59 00a9:63 00aa:61 00ad:16 00ae:72 00b9:33 00ba:6f 00c1:41 00c3:41 00c4:41 00c5:41 00c6:41 00cc:49 00cd:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d5:4f 00d6:4f 00d7:58 00d8:4f 00da:55 00dd:59 00de:54 00e1:61 00e3:61 00e4:61 00e5:61 00e6:61 00ec:69 00ed:69 00f0:64 00f1:6e 00f2:6f 00f5:6f 00f6:6f 00f8:6f 00fd:79 00fe:74 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:22 02ba:27 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 0304:16 0305:16 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212b:41 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 - -865 (OEM - Nordic) -00a2:63 00a5:59 00a7:15 00a8:22 00a9:63 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00bb:3e 00be:33 00c0:41 00c1:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d7:58 00d9:55 00da:55 00db:55 00dd:59 00de:54 00e3:61 00f0:64 00f5:6f 00fd:79 00fe:74 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 226b:3c 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 300b:3e 301a:5b 301b:5d 30fb:07 - -874 (ANSI/OEM - Thai) -00a7:15 00b6:14 203c:13 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 221f:1c 2302:7f 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e - -932 (ANSI/OEM - Japanese Shift-JIS) -00a1:21 00a5:5c 00a6:7c 00a9:63 00aa:61 00ad:2d 00ae:52 00b2:32 00b3:33 00b9:31 00ba:6f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00de:54 00df:73 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f0:64 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00fe:74 00ff:79 - -936 (ANSI/OEM - Simplified Chinese GBK) -00a6:7c 00aa:61 00ad:2d 00b2:32 00b3:33 00b9:31 00ba:6f 00d0:44 00dd:59 00de:54 00e2:61 00f0:65 00fd:79 00fe:74 - -949 (ANSI/OEM - Korean) -00a6:7c 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 20a9:5c - -950 (ANSI/OEM - Traditional Chinese Big5) -00a1:21 00a6:7c 00a9:63 00aa:61 00ad:2d 00ae:52 00b2:32 00b3:33 00b9:31 00ba:6f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00de:54 00df:73 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f0:65 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00fe:74 00ff:79 - -(UTF-7) - - -(UTF-8) - - diff --git a/nginx/nginx.bak-revert-debian/uwsgi_params b/nginx/nginx.bak-revert-debian/uwsgi_params deleted file mode 100644 index 09c732c..0000000 --- a/nginx/nginx.bak-revert-debian/uwsgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; diff --git a/nginx/nginx.bak-revert-debian/win-utf b/nginx/nginx.bak-revert-debian/win-utf deleted file mode 100644 index 774fd9f..0000000 --- a/nginx/nginx.bak-revert-debian/win-utf +++ /dev/null @@ -1,125 +0,0 @@ -# This map is not a full windows-1251 <> utf8 map: it does not -# contain Serbian and Macedonian letters. If you need a full map, -# use contrib/unicode2nginx/win-utf map instead. - -charset_map windows-1251 utf-8 { - - 82 E2809A; # single low-9 quotation mark - - 84 E2809E; # double low-9 quotation mark - 85 E280A6; # ellipsis - 86 E280A0; # dagger - 87 E280A1; # double dagger - 88 E282AC; # euro - 89 E280B0; # per mille - - 91 E28098; # left single quotation mark - 92 E28099; # right single quotation mark - 93 E2809C; # left double quotation mark - 94 E2809D; # right double quotation mark - 95 E280A2; # bullet - 96 E28093; # en dash - 97 E28094; # em dash - - 99 E284A2; # trade mark sign - - A0 C2A0; #   - A1 D18E; # capital Byelorussian short U - A2 D19E; # small Byelorussian short u - - A4 C2A4; # currency sign - A5 D290; # capital Ukrainian soft G - A6 C2A6; # borken bar - A7 C2A7; # section sign - A8 D081; # capital YO - A9 C2A9; # (C) - AA D084; # capital Ukrainian YE - AB C2AB; # left-pointing double angle quotation mark - AC C2AC; # not sign - AD C2AD; # soft hypen - AE C2AE; # (R) - AF D087; # capital Ukrainian YI - - B0 C2B0; # ° - B1 C2B1; # plus-minus sign - B2 D086; # capital Ukrainian I - B3 D196; # small Ukrainian i - B4 D291; # small Ukrainian soft g - B5 C2B5; # micro sign - B6 C2B6; # pilcrow sign - B7 C2B7; # · - B8 D191; # small yo - B9 E28496; # numero sign - BA D194; # small Ukrainian ye - BB C2BB; # right-pointing double angle quotation mark - - BF D197; # small Ukrainian yi - - C0 D090; # capital A - C1 D091; # capital B - C2 D092; # capital V - C3 D093; # capital G - C4 D094; # capital D - C5 D095; # capital YE - C6 D096; # capital ZH - C7 D097; # capital Z - C8 D098; # capital I - C9 D099; # capital J - CA D09A; # capital K - CB D09B; # capital L - CC D09C; # capital M - CD D09D; # capital N - CE D09E; # capital O - CF D09F; # capital P - - D0 D0A0; # capital R - D1 D0A1; # capital S - D2 D0A2; # capital T - D3 D0A3; # capital U - D4 D0A4; # capital F - D5 D0A5; # capital KH - D6 D0A6; # capital TS - D7 D0A7; # capital CH - D8 D0A8; # capital SH - D9 D0A9; # capital SHCH - DA D0AA; # capital hard sign - DB D0AB; # capital Y - DC D0AC; # capital soft sign - DD D0AD; # capital E - DE D0AE; # capital YU - DF D0AF; # capital YA - - E0 D0B0; # small a - E1 D0B1; # small b - E2 D0B2; # small v - E3 D0B3; # small g - E4 D0B4; # small d - E5 D0B5; # small ye - E6 D0B6; # small zh - E7 D0B7; # small z - E8 D0B8; # small i - E9 D0B9; # small j - EA D0BA; # small k - EB D0BB; # small l - EC D0BC; # small m - ED D0BD; # small n - EE D0BE; # small o - EF D0BF; # small p - - F0 D180; # small r - F1 D181; # small s - F2 D182; # small t - F3 D183; # small u - F4 D184; # small f - F5 D185; # small kh - F6 D186; # small ts - F7 D187; # small ch - F8 D188; # small sh - F9 D189; # small shch - FA D18A; # small hard sign - FB D18B; # small y - FC D18C; # small soft sign - FD D18D; # small e - FE D18E; # small yu - FF D18F; # small ya -} diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 5b39214..1124b91 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,104 +1,148 @@ -# ============================================================================== -# FICHEIRO DE CONFIGURAÇÃO GLOBAL DO NGINX (/etc/nginx/nginx.conf) -# -# Versão final e limpa, desenhada para carregar módulos dinâmicos -# da forma padrão do Debian. -# ============================================================================== - -# --- Configurações Gerais --- user www-data; worker_processes auto; worker_rlimit_nofile 65535; pid /run/nginx.pid; error_log /var/log/nginx/error.log; -# A linha abaixo é a mais importante: ela carrega automaticamente todos os -# módulos que instalámos (Stream, ModSecurity, GeoIP2). include /etc/nginx/modules-enabled/*.conf; -# --- Bloco de Eventos --- events { - worker_connections 16384; - multi_accept on; + worker_connections 16384; + multi_accept on; } -# ============================================================================== -# BLOCO HTTP: Para todo o tráfego Web (Sites, APIs, etc.) -# ============================================================================== http { - # --- Configurações de Cache --- - proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; - proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; - proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; - proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; - proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; + #Configuraçoes de Cache + proxy_cache_path /var/cache/nginx/zabbix_cache levels=1:2 keys_zone=zabbix_cache:10m max_size=1g inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/api_cache levels=1:2 keys_zone=api_cache:10m max_size=100m inactive=5m use_temp_path=off; + proxy_cache_path /var/cache/nginx/exchange_private_cache levels=1:2 keys_zone=exchange_private_cache:20m max_size=500m inactive=10m use_temp_path=off; + proxy_cache_path /var/cache/nginx/zammad_cache levels=1:2 keys_zone=zammad_cache:10m max_size=500m inactive=60m use_temp_path=off; + proxy_cache_path /var/cache/nginx/static_cache levels=1:2 keys_zone=static_cache:10m max_size=2g inactive=90d use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_private_cache levels=1:2 keys_zone=nextcloud_private_cache:20m max_size=1g inactive=15m use_temp_path=off; + proxy_cache_path /var/cache/nginx/nextcloud_previews_cache levels=1:2 keys_zone=nextcloud_previews:20m max_size=2g inactive=7d use_temp_path=off; - # --- Configurações Básicas e de Performance --- - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - server_tokens off; - include /etc/nginx/mime.types; - default_type application/octet-stream; + ## + # Basic Settings + ## - # --- Otimizações de Proxy Reverso e Buffers --- - client_body_buffer_size 128k; - client_max_body_size 10G; - proxy_buffer_size 16k; - proxy_buffers 8 16k; - proxy_busy_buffers_size 32k; + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; - # --- Otimizações de Keep-Alive e Timeouts --- - keepalive_timeout 65s; - keepalive_requests 1000; - send_timeout 10s; + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; - # --- Configurações de Segurança (WAF) --- - # Agora que o módulo está carregado, estas diretivas irão funcionar. - modsecurity on; - modsecurity_rules_file /etc/nginx/modsecurity.conf; + include /etc/nginx/mime.types; + default_type application/octet-stream; - # --- Configurações do GeoIP2 --- - # Esta diretiva agora será reconhecida pelo Nginx. - geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { - $geoip2_country_code country iso_code; - $geoip2_country_name country names en; - $geoip2_region_name subdivisions 0 names en; - $geoip2_city_name city names en; - $geoip2_latitude location latitude; - $geoip2_longitude location longitude; - $geoip2_asn autonomous_system_number; - $geoip2_isp autonomous_system_organization; - } + ## + # Otimizações de Proxy Reverso e Buffers + ## + client_body_buffer_size 128k; + client_max_body_size 10G; # Ajuste conforme a necessidade de upload da sua aplicação + proxy_buffer_size 16k; + proxy_buffers 8 16k; + proxy_busy_buffers_size 32k; - # --- Configurações de Logging --- - log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","cache_status":"$upstream_cache_status","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; - access_log /var/log/nginx/access.log detailed_proxy; + # Otimizações de Keep-Alive e Timeouts + ## + keepalive_timeout 65s; + keepalive_requests 1000; # Número de requests por conexão keep-alive + send_timeout 10s; # Tempo para o backend responder - # --- Configurações de Compressão --- - include /etc/nginx/snippets/compression_params.conf; + # Ativa o ModSecurity e aponta para o arquivo de configuração + modsecurity on; + modsecurity_rules_file /etc/nginx/modsecurity.conf; + modsecurity_rules_file /etc/nginx/modsecurity/global-exceptions.conf; + ## + # SSL Settings + ## - # --- Carregar Ficheiros de Configuração dos Sites --- - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + # Configurações do GeoIP2 + ## + geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { + $geoip2_country_code country iso_code; + $geoip2_country_name country names en; + $geoip2_region_name subdivisions 0 names en; + $geoip2_city_name city names en; + $geoip2_latitude location latitude; + $geoip2_longitude location longitude; + $geoip2_asn autonomous_system_number; + $geoip2_isp autonomous_system_organization; + } + + geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb { + $geoip2_asn autonomous_system_number; + $geoip2_isp autonomous_system_organization; + } + + ## + # Logging Settings + ## + + log_format detailed_proxy escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","remote_user":"$remote_user","request":"$request","method":"$request_method","uri":"$uri","args":"$args","status":$status,"request_length":$request_length,"body_bytes_sent":$body_bytes_sent,"request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_accept_language":"$http_accept_language","http_cookie":"$http_cookie","http_origin":"$http_origin","http_host":"$http_host","server_name":"$server_name","scheme":"$scheme","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","ssl_curves":"$ssl_curves","ssl_session_reused":"$ssl_session_reused","ssl_server_name":"$ssl_server_name","ssl_client_s_dn":"$ssl_client_s_dn","ssl_client_i_dn":"$ssl_client_i_dn","ssl_client_verify":"$ssl_client_verify","ssl_client_serial":"$ssl_client_serial","ssl_client_v_start":"$ssl_client_v_start","ssl_client_v_end":"$ssl_client_v_end","geoip_country_code":"$geoip2_country_code","geoip_country_name":"$geoip2_country_name","geoip_region_name":"$geoip2_region_name","geoip_city_name":"$geoip2_city_name","geoip_latitude":"$geoip2_latitude","geoip_longitude":"$geoip2_longitude","geoip_asn":"$geoip2_asn","geoip_isp":"$geoip2_isp"}'; + + access_log /var/log/nginx/access.log detailed_proxy; + # DIRETIVA DE LOG GLOBAL + # Todas as requisições de todos os sites serão salvas aqui neste formato, por padrão. + + + ## + # Gzip Settings + ## + + include /etc/nginx/snippets/compression_params.conf; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; } -# ============================================================================== -# BLOCO STREAM: Para tráfego TCP/UDP (Telefonia, SSL Passthrough) -# ============================================================================== stream { - # (O seu bloco stream existente vai aqui, sem alterações) + # Encaminhamento da porta de sinalização SIP (TCP) server { listen 5060; proxy_pass 172.16.254.130:5060; } + + # Encaminhamento da porta de sinalização SIP (UDP) server { listen 5060 udp; proxy_pass 172.16.254.130:5060; } + + # Encaminhamento da faixa de portas RTP para o áudio (UDP) + # Nota: Isto requer que o Nginx tenha sido compilado com a opção --with-stream_udp_proxy_listen_gated + # Se der erro, comece apenas com as portas 5060 e adicione esta parte depois se necessário. server { listen 10000-20000 udp; - proxy_pass 172.16.254.130:$server_port; + proxy_pass 172.16.254.130:$server_port; # O Nginx irá manter a porta de destino original } } + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/nginx/nginx.bak-revert-debian/sites-available/business.itguys.com.br.conf b/nginx/sites-available/business.itguys.com.br.conf similarity index 95% rename from nginx/nginx.bak-revert-debian/sites-available/business.itguys.com.br.conf rename to nginx/sites-available/business.itguys.com.br.conf index 0b2e6df..d8970a3 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/business.itguys.com.br.conf +++ b/nginx/sites-available/business.itguys.com.br.conf @@ -15,7 +15,6 @@ server { listen 80; listen [::]:80; server_name business.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Permite a validação do Let's Encrypt. location /.well-known/acme-challenge/ { @@ -35,11 +34,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name business.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança SSL --- # O Certbot irá gerir estas linhas. Lembre-se de o executar para este domínio. diff --git a/nginx/nginx.bak-revert-debian/sites-available/cloud.grupopralog.com.br.conf b/nginx/sites-available/cloud.grupopralog.com.br.conf similarity index 95% rename from nginx/nginx.bak-revert-debian/sites-available/cloud.grupopralog.com.br.conf rename to nginx/sites-available/cloud.grupopralog.com.br.conf index 706ddea..b600ba7 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/cloud.grupopralog.com.br.conf +++ b/nginx/sites-available/cloud.grupopralog.com.br.conf @@ -10,7 +10,6 @@ server { listen 80; listen [::]:80; server_name cloud.grupopralog.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; location /.well-known/acme-challenge/ { root /var/www/html; } location / { return 301 https://$host$request_uri; } } @@ -20,11 +19,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name cloud.grupopralog.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança SSL --- ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem; diff --git a/nginx/sites-available/default b/nginx/sites-available/default index c5af914..f9b2d65 100644 --- a/nginx/sites-available/default +++ b/nginx/sites-available/default @@ -15,7 +15,7 @@ # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## - +# TESTE # Default server configuration # server { diff --git a/nginx/nginx.bak-revert-debian/sites-available/default-catchall b/nginx/sites-available/default-catchall similarity index 95% rename from nginx/nginx.bak-revert-debian/sites-available/default-catchall rename to nginx/sites-available/default-catchall index ad6e2d9..8cef29f 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/default-catchall +++ b/nginx/sites-available/default-catchall @@ -17,10 +17,8 @@ server { ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; # O server_name "_" é uma forma especial de capturar qualquer hostname - add_header Alt-Svc 'h3=":443"; ma=86400'; # que não tenha sido definido em outros arquivos de configuração. server_name _; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Adicione esta linha para dizer ao navegador que a resposta é uma página web charset utf-8; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/default-modsecurity.conf b/nginx/sites-available/default-modsecurity.conf similarity index 96% rename from nginx/nginx.bak-revert-debian/nginx/sites-available/default-modsecurity.conf rename to nginx/sites-available/default-modsecurity.conf index 3d8b3fd..3af513f 100644 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/default-modsecurity.conf +++ b/nginx/sites-available/default-modsecurity.conf @@ -44,7 +44,6 @@ server { index index.html index.htm index.nginx-debian.html; server_name _; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Enable ModSecurity WAF, if need #modsecurity on; @@ -87,7 +86,6 @@ server { # listen [::]:80; # # server_name example.com; - add_header Alt-Svc 'h3=":443"; ma=86400'; # # root /var/www/example.com; # index index.html; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/dns-primario.itguys.com.br b/nginx/sites-available/dns-primario.itguys.com.br similarity index 92% rename from nginx/nginx.bak-revert-debian/nginx/sites-available/dns-primario.itguys.com.br rename to nginx/sites-available/dns-primario.itguys.com.br index 2eaf37e..9673a48 100644 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/dns-primario.itguys.com.br +++ b/nginx/sites-available/dns-primario.itguys.com.br @@ -3,7 +3,6 @@ server { listen 80; listen [::]:80; server_name dns-primario.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; location / { return 301 https://$host$request_uri; @@ -12,11 +11,8 @@ server { server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name dns-primario.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # O Certbot irá gerenciar estas linhas # ssl_certificate /etc/letsencrypt/live/ns1.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/git.itguys.com.br.conf b/nginx/sites-available/git.itguys.com.br.conf similarity index 96% rename from nginx/nginx.bak-revert-debian/nginx/sites-available/git.itguys.com.br.conf rename to nginx/sites-available/git.itguys.com.br.conf index ad70409..b494739 100644 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/git.itguys.com.br.conf +++ b/nginx/sites-available/git.itguys.com.br.conf @@ -15,7 +15,6 @@ server { listen 80; listen [::]:80; server_name git.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Regra especial para a validação do Let's Encrypt funcionar corretamente. location /.well-known/acme-challenge/ { @@ -35,12 +34,9 @@ server { server { # --- Configuração de Escuta (Apenas TCP para HTTP/2) --- listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name git.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; include /etc/nginx/snippets/global_robots.conf; # --- Cabeçalhos de Segurança --- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; diff --git a/nginx/nginx.bak-revert-debian/sites-available/itguys.com.br.conf b/nginx/sites-available/itguys.com.br.conf similarity index 93% rename from nginx/nginx.bak-revert-debian/sites-available/itguys.com.br.conf rename to nginx/sites-available/itguys.com.br.conf index bc5628c..c93c0cd 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/itguys.com.br.conf +++ b/nginx/sites-available/itguys.com.br.conf @@ -11,7 +11,6 @@ server { listen 80; listen [::]:80; server_name itguys.com.br www.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; location /.well-known/acme-challenge/ { root /var/www/html; @@ -27,11 +26,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.itguys.com.br/privkey.pem; @@ -45,11 +41,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name www.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança --- ssl_certificate /etc/letsencrypt/live/www.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/sites-available/katalog.itguys.com.br b/nginx/sites-available/katalog.itguys.com.br similarity index 94% rename from nginx/nginx.bak-revert-debian/sites-available/katalog.itguys.com.br rename to nginx/sites-available/katalog.itguys.com.br index 461aa10..4e93066 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/katalog.itguys.com.br +++ b/nginx/sites-available/katalog.itguys.com.br @@ -10,7 +10,6 @@ server { listen 80; listen [::]:80; server_name katalog.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Permite a validação do Let's Encrypt, mesmo com a trava de rede na porta 443. location /.well-known/acme-challenge/ { @@ -28,11 +27,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name katalog.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança SSL --- ssl_certificate /etc/letsencrypt/live/katalog.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/mimir.itguys.com.br b/nginx/sites-available/mimir.itguys.com.br similarity index 95% rename from nginx/nginx.bak-revert-debian/nginx/sites-available/mimir.itguys.com.br rename to nginx/sites-available/mimir.itguys.com.br index 449f67f..89b31ab 100644 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/mimir.itguys.com.br +++ b/nginx/sites-available/mimir.itguys.com.br @@ -10,7 +10,6 @@ server { listen 80; listen [::]:80; server_name mimir.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Permite a validação do Let's Encrypt, mesmo com a trava de rede na porta 443. location /.well-known/acme-challenge/ { @@ -28,11 +27,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name mimir.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança SSL --- ssl_certificate /etc/letsencrypt/live/mimir.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/monitoramento.itguys.com.br b/nginx/sites-available/monitoramento.itguys.com.br similarity index 95% rename from nginx/nginx.bak-revert-debian/nginx/sites-available/monitoramento.itguys.com.br rename to nginx/sites-available/monitoramento.itguys.com.br index bf63f11..510f346 100644 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/monitoramento.itguys.com.br +++ b/nginx/sites-available/monitoramento.itguys.com.br @@ -10,7 +10,6 @@ server { listen 80; listen [::]:80; server_name monitoramento.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Permite a validação do Let's Encrypt, mesmo com a trava de rede. location /.well-known/acme-challenge/ { @@ -28,11 +27,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name monitoramento.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança SSL --- ssl_certificate /etc/letsencrypt/live/monitoramento.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/sites-available/ns1.itguys.com.br b/nginx/sites-available/ns1.itguys.com.br similarity index 95% rename from nginx/nginx.bak-revert-debian/sites-available/ns1.itguys.com.br rename to nginx/sites-available/ns1.itguys.com.br index 24939ec..0a33263 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/ns1.itguys.com.br +++ b/nginx/sites-available/ns1.itguys.com.br @@ -10,7 +10,6 @@ server { listen 80; listen [::]:80; server_name ns1.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Permite a validação do Let's Encrypt, mesmo com a trava de rede. location /.well-known/acme-challenge/ { @@ -28,11 +27,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name ns1.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. include /etc/nginx/snippets/ssl_params.conf; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/ns2.itguys.com.br b/nginx/sites-available/ns2.itguys.com.br similarity index 95% rename from nginx/nginx.bak-revert-debian/nginx/sites-available/ns2.itguys.com.br rename to nginx/sites-available/ns2.itguys.com.br index 5bdedbf..94a264d 100644 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/ns2.itguys.com.br +++ b/nginx/sites-available/ns2.itguys.com.br @@ -10,7 +10,6 @@ server { listen 80; listen [::]:80; server_name ns2.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Permite a validação do Let's Encrypt, mesmo com a trava de rede. location /.well-known/acme-challenge/ { @@ -28,11 +27,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name ns2.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Inclui o nosso "kit" de segurança SSL com cifras modernas e cabeçalhos. include /etc/nginx/snippets/ssl_params.conf; diff --git a/nginx/nginx.bak-revert-debian/nginx/sites-available/proxy.itguys.com.br b/nginx/sites-available/proxy.itguys.com.br similarity index 95% rename from nginx/nginx.bak-revert-debian/nginx/sites-available/proxy.itguys.com.br rename to nginx/sites-available/proxy.itguys.com.br index 78c7890..700b0af 100644 --- a/nginx/nginx.bak-revert-debian/nginx/sites-available/proxy.itguys.com.br +++ b/nginx/sites-available/proxy.itguys.com.br @@ -6,7 +6,6 @@ server { listen 80; server_name proxy.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # ---- CONTROLE DE ACESSO ---- # 1. Inclui o arquivo de restrição de IPs @@ -23,9 +22,7 @@ server { server { listen 443 ssl http2; - listen 443 quic reuseport; server_name proxy.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- CAMINHO PARA OS CERTIFICADOS SSL (Será preenchido pelo Certbot) --- # ssl_certificate /etc/letsencrypt/live/proxy.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/sites-available/telefonia.itguys.com.br.conf b/nginx/sites-available/telefonia.itguys.com.br.conf similarity index 94% rename from nginx/nginx.bak-revert-debian/sites-available/telefonia.itguys.com.br.conf rename to nginx/sites-available/telefonia.itguys.com.br.conf index 2964266..b326c2f 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/telefonia.itguys.com.br.conf +++ b/nginx/sites-available/telefonia.itguys.com.br.conf @@ -11,7 +11,6 @@ server { listen 80; listen [::]:80; server_name telefonia.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # Permite a validação do Let's Encrypt, que acontece na porta 80. location /.well-known/acme-challenge/ { @@ -29,11 +28,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name telefonia.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança SSL --- ssl_certificate /etc/letsencrypt/live/telefonia.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/sites-available/zammad.itguys.com.br.conf b/nginx/sites-available/zammad.itguys.com.br.conf similarity index 95% rename from nginx/nginx.bak-revert-debian/sites-available/zammad.itguys.com.br.conf rename to nginx/sites-available/zammad.itguys.com.br.conf index bfb096b..da5ac78 100644 --- a/nginx/nginx.bak-revert-debian/sites-available/zammad.itguys.com.br.conf +++ b/nginx/sites-available/zammad.itguys.com.br.conf @@ -11,7 +11,6 @@ server { listen 80; listen [::]:80; server_name zammad.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; location /.well-known/acme-challenge/ { root /var/www/html; } location / { return 301 https://$host$request_uri; } } @@ -21,11 +20,8 @@ server { # ============================================================================== server { listen 443 ssl http2; - listen 443 quic reuseport; listen [::]:443 ssl http2; - listen [::]:443 quic reuseport; server_name zammad.itguys.com.br; - add_header Alt-Svc 'h3=":443"; ma=86400'; # --- Certificados e Segurança SSL --- ssl_certificate /etc/letsencrypt/live/zammad.itguys.com.br/fullchain.pem; diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/cache_immutable_static.conf b/nginx/snippets/cache_immutable_static.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/cache_immutable_static.conf rename to nginx/snippets/cache_immutable_static.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/cache_static_assets.conf b/nginx/snippets/cache_static_assets.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/cache_static_assets.conf rename to nginx/snippets/cache_static_assets.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/compression_params.conf b/nginx/snippets/compression_params.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/compression_params.conf rename to nginx/snippets/compression_params.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/global_robots.conf b/nginx/snippets/global_robots.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/global_robots.conf rename to nginx/snippets/global_robots.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/internal_networks.conf b/nginx/snippets/internal_networks.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/internal_networks.conf rename to nginx/snippets/internal_networks.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/proxy_params.conf b/nginx/snippets/proxy_params.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/proxy_params.conf rename to nginx/snippets/proxy_params.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/ssl_params.conf b/nginx/snippets/ssl_params.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/ssl_params.conf rename to nginx/snippets/ssl_params.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/snippets/websocket_params.conf b/nginx/snippets/websocket_params.conf similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/snippets/websocket_params.conf rename to nginx/snippets/websocket_params.conf diff --git a/nginx/nginx.bak-revert-debian/nginx/unicode.mapping b/nginx/unicode.mapping similarity index 100% rename from nginx/nginx.bak-revert-debian/nginx/unicode.mapping rename to nginx/unicode.mapping