From e2d43cb86321c6f77255315e8e3be063c7c5327d Mon Sep 17 00:00:00 2001
From: "srvproxy001.itguys.com.br" <srvproxy001@itguys.com.br>
Date: Sun, 21 Sep 2025 07:05:12 -0300
Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?=
 =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?=
 =?UTF-8?q?5-09-21=2007:05:12?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../sites-available/unifi.itguys.com.br.conf  | 73 ++++++++-----------
 1 file changed, 32 insertions(+), 41 deletions(-)

diff --git a/nginx/sites-available/unifi.itguys.com.br.conf b/nginx/sites-available/unifi.itguys.com.br.conf
index 65baa92..2051db6 100644
--- a/nginx/sites-available/unifi.itguys.com.br.conf
+++ b/nginx/sites-available/unifi.itguys.com.br.conf
@@ -57,55 +57,46 @@ server {
 # BLOCO 2: Servidor Principal - Proxy Reverso para a Interface Web (HTTPS)
 # ==============================================================================
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-    server_name unifi.itguys.com.br;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name unifi.itguys.com.br;
 
-    # --- CONFIGURAÇÕES DE SSL E SEGURANÇA ---
-    ssl_certificate /etc/letsencrypt/live/unifi.itguys.com.br/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/unifi.itguys.com.br/privkey.pem; # managed by Certbot
-    include /etc/nginx/snippets/ssl_params.conf;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
+    # --- CONFIGURAÇÕES DE SSL E SEGURANÇA ---
+    ssl_certificate /etc/letsencrypt/live/unifi.itguys.com.br/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/unifi.itguys.com.br/privkey.pem; # managed by Certbot
+    include /etc/nginx/snippets/ssl_params.conf;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
 
-    # --- POLÍTICAS DE ACESSO E LOGS ---
-    include /etc/nginx/snippets/internal_networks.conf;
-    include /etc/nginx/snippets/global_robots.conf;
-    access_log /var/log/nginx/unifi.itguys.com.br.access.log;
-    error_log /var/log/nginx/unifi.itguys.com.br.error.log warn;
+    # --- POLÍTICAS DE ACESSO E LOGS ---
+    include /etc/nginx/snippets/internal_networks.conf;
+    include /etc/nginx/snippets/global_robots.conf;
+    access_log /var/log/nginx/unifi.itguys.com.br.access.log;
+    error_log /var/log/nginx/unifi.itguys.com.br.error.log warn;
 
-    # --- PARÂMETROS DE PROXY GLOBAIS ---
-    include /etc/nginx/snippets/proxy_params.conf;
-    # Essencial para o proxy funcionar com o backend HTTPS autoassinado do UniFi.
-    proxy_ssl_verify off;
+    # --- PARÂMETROS DE PROXY GLOBAIS ---
+    include /etc/nginx/snippets/proxy_params.conf;
+    proxy_ssl_verify off;
 
-    # --- REGRAS DE ROTEAMENTO (LOCATIONS) ---
+    # --- REGRAS DE ROTEAMENTO (LOCATIONS) ---
 
-    # 1. Rota para assets estáticos (CACHE AGRESSIVO)
-    location ~* ^/(static|v2|js|css|fonts|images)/ {
-        proxy_cache unifi_cache;
-        proxy_cache_valid 200 7d;
-        proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
-        add_header X-Proxy-Cache $upstream_cache_status;
+    # Rota Única para a aplicação (SEM CACHE, COM WEBSOCKETS).
+    # Esta regra centralizada garante que todos os requests, incluindo assets,
+    # sejam enviados corretamente para o backend do UniFi.
+    location / {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
 
-        proxy_pass https://unifi_backend_web;
-    }
+        # Cabeçalhos essenciais para o proxy funcionar corretamente com o UniFi
+        proxy_set_header Authorization "";
+        proxy_set_header Host $host;
 
-    # 2. Rota principal para a aplicação (SEM CACHE, COM WEBSOCKETS)
-    location / {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
+        proxy_pass https://unifi_backend_web;
+    }
 
-        # Adicione estas duas linhas para resolver o erro 400
-        proxy_set_header Authorization "";
-        proxy_set_header Host $host;
-
-        proxy_pass https://unifi_backend_web;
-    }
-
-    # --- Páginas de Erro Personalizadas ---
-    include /etc/nginx/snippets/custom_errors.conf;
+    # --- Páginas de Erro Personalizadas ---
+    include /etc/nginx/snippets/custom_errors.conf;
 }
    
 # ==============================================================================