[Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-11-11 01:13:31

2025-11-11 01:13:31 -03:00 · 2025-11-11 01:13:31 -03:00 · f764855d09
parent 2e1dab0a64
commit f764855d09
1 changed files with 80 additions and 110 deletions
--- a/nginx/sites-available/cloud.grupopralog.com.br.conf
+++ b/nginx/sites-available/cloud.grupopralog.com.br.conf
@ -1,15 +1,22 @@
 #
 # Configuração: cloud.grupopralog.com.br
 # Atualizado em: 2025-11-11 @ 01:10 (Horário de Brasília)
 # Contexto: Correção de sintaxe. Remoção de aspas ("") das diretivas 
 #           proxy_hide_header e proxy_ignore_headers.
 #
 map $request_uri $cache_asset {
    ~*\.(css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff|woff2|ttf|otf)$ 1y;
    default off;
 }
 map $request_uri $cacheable_session_request {
-    ~^/apps/files/$                 1;
+    ~^/apps/files/$            1;
-    ~^/apps/files/files$            1;
+    ~^/apps/files/files$       1;
-    ~^/apps/files/\?dir=            1;
+    ~^/apps/files/\?dir=       1;
-    ~^/apps/dashboard/$             1;
+    ~^/apps/dashboard/$        1;
-    ~^/remote\.php/dav/files/       1;
+    ~^/remote\.php/dav/files/  1;
-    default                         0;
+    default                    0;
 }
 map $cacheable_session_request $session_cache_zone {
@ -58,25 +65,29 @@ server {
    #}
    #limit_req zone=global_limit burst=100 nodelay;
    # Segurança Headers
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Referrer-Policy "no-referrer" always;
-    client_body_buffer_size     128M;
+    # Buffers
-    proxy_buffer_size           512k;
+    client_body_buffer_size   128M;
-    proxy_buffers               32 256k;
+    proxy_buffer_size         512k;
-    proxy_busy_buffers_size     512k;
+    proxy_buffers             32 256k;
-    proxy_connect_timeout       1200s;
+    proxy_busy_buffers_size   512k;
-    proxy_send_timeout          1200s;
+    proxy_connect_timeout     1200s;
-    proxy_read_timeout          1200s;
+    proxy_send_timeout        1200s;
-    proxy_temp_file_write_size  256k;
+    proxy_read_timeout        1200s;
    proxy_temp_file_write_size 256k;
-    proxy_hide_header "X-Content-Type-Options";
+    # Ocultar headers do backend (CORRIGIDO: Sem aspas)
-    proxy_hide_header "X-Frame-Options";
+    proxy_hide_header X-Content-Type-Options;
-    proxy_hide_header "Feature-Policy";
+    proxy_hide_header X-Frame-Options;
-    proxy_hide_header "Content-Security-Policy";
+    proxy_hide_header Feature-Policy;
    proxy_hide_header Content-Security-Policy;
    # SSL
    ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem;
    ssl_protocols TLSv1.3 TLSv1.2;
@ -86,12 +97,15 @@ server {
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    # SSL Stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem;
    resolver 127.0.0.1 valid=300s;
    resolver_timeout 5s;
    # Compressão
    brotli on;
    brotli_comp_level 6;
    brotli_min_length 1024;
@ -103,21 +117,24 @@ server {
    gzip_min_length 1024;
    gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
    # CalDAV / CardDAV
    location = /.well-known/carddav { return 301 /remote.php/dav; }
    location = /.well-known/caldav  { return 301 /remote.php/dav; }
    # Office Online (Discovery)
    location = /hosting/discovery {
-	proxy_pass              https://officeonline_backend;
+        proxy_pass            https://officeonline_backend;
-	proxy_set_header        Host "srvoffice001.itguys.com.br";
+        proxy_set_header      Host "srvoffice001.itguys.com.br";
-	proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header      X-Real-IP $remote_addr;
-	proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header      X-Forwarded-Proto $scheme;
-	proxy_set_header        Accept-Encoding "";
+        proxy_set_header      Accept-Encoding "";
-    	# IMPORTANTE: Permite que o Nginx se conecte ao OOS com certificado autoassinado.
+        # IMPORTANTE: Permite que o Nginx se conecte ao OOS com certificado autoassinado.
-	proxy_ssl_verify        off;
+        proxy_ssl_verify      off;
    }
    # Office Online (WOPI)
    location ~ ^/(m|x|we|o|p|wv|op|wd|rtc|rtc2|layouts|view|_layouts)/ {
        proxy_pass https://officeonline_backend;
        proxy_set_header Host "srvoffice001.itguys.com.br";
@ -129,11 +146,11 @@ server {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Accept-Encoding "";
-	proxy_buffering off;
+        proxy_buffering off;
-	proxy_request_buffering off;
+        proxy_request_buffering off;
-	proxy_connect_timeout 1200s;
+        proxy_connect_timeout 1200s;
-	proxy_send_timeout    1200s;
+        proxy_send_timeout    1200s;
-	proxy_read_timeout    1200s;
+        proxy_read_timeout    1200s;
        sub_filter 'srvoffice001.itguys.com.br' 'cloud.grupopralog.com.br';
        sub_filter_once off;
        sub_filter_types text/css text/javascript application/javascript application/json;
@ -151,6 +168,7 @@ server {
        more_set_headers 'Access-Control-Allow-Credentials: true';
    }
    # Cache: Assets Estáticos
    location ~* \.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|woff|woff2|ttf|otf|map)$ {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;
@ -166,34 +184,15 @@ server {
        more_set_headers 'Cache-Control: public, max-age=43200';
        more_set_headers 'X-Proxy-Cache: $upstream_cache_status';
-        proxy_hide_header "Cache-Control";
+        # CORRIGIDO: Sem aspas
-        proxy_hide_header "Expires";
+        proxy_hide_header Cache-Control;
-        proxy_hide_header "Pragma";
+        proxy_hide_header Expires;
        proxy_hide_header Pragma;
        brotli_static on;
        gzip_static on;
    }
-    #location ~ ^/(remote\.php/(webdav|dav)|ocs/v[12]\.php/apps/forms/api/.*/submissions/files/.*) {
+    # Cache: API Recommendations
    #    proxy_pass http://nextcloud_backend;
    #    proxy_set_header Host $host;
    #    proxy_set_header X-Real-IP $remote_addr;
    #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #    proxy_set_header X-Forwarded-Proto $scheme;
    #    proxy_set_header X-Forwarded-Host $host;
    #    
    #    proxy_http_version 1.1;
    #    proxy_set_header Connection "";
    #    # Desabilita o buffering para streaming de arquivos
    #    proxy_buffering off;
    #    proxy_request_buffering off;
    #    
    #    # Timeouts longos para uploads/downloads
    #    proxy_connect_timeout 60s;
    #    proxy_read_timeout 1200s;
    #    proxy_send_timeout 1200s;
    #}
    location = /ocs/v2.php/apps/recommendations/api/v1/recommendations {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;
@ -211,6 +210,7 @@ server {
        more_set_headers 'X-API-Rec-Cache: $upstream_cache_status';
    }
    # Cache: API Folder-Tree
    location ~ ^/(apps/files/api/v1/folder-tree|ocs/v2\.php/apps/files/api/v1/folder-tree) {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;
@ -222,7 +222,6 @@ server {
        proxy_buffering on;
        # Usar a zona de cache 'foldertree_cache' que você já tinha, ou a 'nextcloud_cache'
        proxy_cache foldertree_cache; 
        proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args$cookie_nc_session_id";
@ -231,17 +230,17 @@ server {
        proxy_cache_lock on;
        proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
-        # Ignora "no-cache" do backend
+        # CORRIGIDO: Sem aspas
-        proxy_ignore_headers "Cache-Control" "Expires" "Pragma";
+        proxy_ignore_headers Cache-Control Expires Pragma;
-        proxy_hide_header "Cache-Control";
+        proxy_hide_header Cache-Control;
-        proxy_hide_header "Pragma";
+        proxy_hide_header Pragma;
-        proxy_hide_header "Expires";
+        proxy_hide_header Expires;
        add_header Cache-Control "public, max-age=3";
        # Header de depuração
        more_set_headers 'X-FolderTree-Cache: $upstream_cache_status';
    }
    # Cache: API User Info/Notifications
    location ~ ^/(ocs/v[12].php/cloud/users|ocs/v[12].php/privatedata/get|ocs/v2.php/apps/notifications/api/v2/notifications|ocs/v[12].php/cloud/apps|ocs/v[12].php/cloud/user|ocs/v[12].php/privatedata/get/userinfo) {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;
@ -258,6 +257,7 @@ server {
        more_set_headers 'X-APIMicroCache-Status: $upstream_cache_status';
    }
    # DAV (WebDAV / PROPFIND Cache)
    location ~ ^/(remote\.php/(webdav|dav)|ocs/v[12]\.php/apps/forms/api/.*/submissions/files/.*) {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;
@ -268,8 +268,6 @@ server {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        # --- Lógica de Cache vs. Streaming ---
        # 1. Por padrão, desabilitamos o buffering para streaming (uploads/downloads)
        proxy_buffering off;
        proxy_request_buffering off;
@ -280,24 +278,20 @@ server {
            proxy_request_buffering on; # Necessário para o cache
            proxy_cache nextcloud_cache; # Usar a zona de cache
            # IMPORTANTE: Autorizar cache do método PROPFIND
            proxy_cache_methods PROPFIND; 
            # Chave de cache por usuário/sessão
            proxy_cache_key "$host$request_uri|$cookie_nc_session_id";
            # Cache de 10 segundos para listagens de pasta (status 200 e 207)
            proxy_cache_valid 200 207 10s; 
            proxy_cache_lock on;
            proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
            # Header para depuração
            more_set_headers 'X-DAV-Cache: $upstream_cache_status';
-            # Ignorar "no-cache" do backend para PROPFIND
+            # CORRIGIDO: Sem aspas
-            proxy_ignore_headers "Cache-Control" "Expires" "Pragma";
+            proxy_ignore_headers Cache-Control Expires Pragma;
-            proxy_hide_header "Cache-Control";
+            proxy_hide_header Cache-Control;
-            proxy_hide_header "Pragma";
+            proxy_hide_header Pragma;
-            proxy_hide_header "Expires";
+            proxy_hide_header Expires;
            add_header Cache-Control "public, max-age=10";
        }
@ -307,6 +301,7 @@ server {
        proxy_send_timeout 1200s;
    }
    # Cache: API Tables
    location ~ ^/(apps/tables/(api|row|share)|index\.php/apps/tables/api/1|ocs/v2\.php/apps/tables/api/2) {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;
@ -317,38 +312,26 @@ server {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        # Habilita buffering para cache
        proxy_buffering on;
        # Define a chave de cache por usuário (baseado no cookie de sessão)
        proxy_cache nextcloud_cache;
        proxy_cache_key "$host$request_uri|$cookie_nc_session_id";
        # Cache de 3 segundos para dados dinâmicos.
        # Isso agrupa requisições idênticas feitas durante o carregamento da página.
        proxy_cache_valid 200 3s;
        # Trava o cache para evitar que múltiplas requisições batam no backend (Thundering Herd)
        proxy_cache_lock on;
        # Entrega conteúdo antigo se o backend falhar
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-        # Força o Nginx a IGNORAR os headers "não-cacheie" (no-cache, no-store) vindos do Nextcloud
+        # CORRIGIDO: Sem aspas
-        proxy_ignore_headers "Cache-Control" "Expires" "Pragma";
+        proxy_ignore_headers Cache-Control Expires Pragma;
-        
+        proxy_hide_header Cache-Control;
-        # Esconde os headers originais do backend para o cliente
+        proxy_hide_header Pragma;
-        proxy_hide_header "Cache-Control";
+        proxy_hide_header Expires;
        proxy_hide_header "Pragma";
        proxy_hide_header "Expires";
        # Adiciona nosso próprio header de cache para o navegador (3 segundos)
        add_header Cache-Control "public, max-age=3";
        # Header para depuração (para vermos se o cache funcionou)
        more_set_headers 'X-Tables-Cache: $upstream_cache_status';
    }
    # Cache: API Thumbnails / Direct Editing
    location ~ ^/(index\.php/apps/files/api/v1/thumbnail/|ocs/v2\.php/apps/files/api/v1/(directEditing|templates|folder-tree)) {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;
@ -359,39 +342,26 @@ server {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        # Habilita buffering para cache
        proxy_buffering on;
        # Reutiliza a zona de cache principal
        proxy_cache nextcloud_cache;
        proxy_cache_key "$host$request_uri|$cookie_nc_session_id";
        # Cache de 3 segundos (bom para APIs)
        # Nota: Você poderia criar um cache mais longo (ex: 1h)
        # se o /thumbnail/ for muito usado, mas 3s é seguro.
        proxy_cache_valid 200 3s;
        # Trava o cache (Thundering Herd)
        proxy_cache_lock on;
        # Entrega conteúdo antigo se o backend falhar
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-        # Ignora headers "não-cacheie"
+        # CORRIGIDO: Sem aspas
-        proxy_ignore_headers "Cache-Control" "Expires" "Pragma";
+        proxy_ignore_headers Cache-Control Expires Pragma;
-        
+        proxy_hide_header Cache-Control;
-        # Esconde os headers originais
+        proxy_hide_header Pragma;
-        proxy_hide_header "Cache-Control";
+        proxy_hide_header Expires;
        proxy_hide_header "Pragma";
        proxy_hide_header "Expires";
        # Adiciona nosso header de cache (3 segundos)
        add_header Cache-Control "public, max-age=3";
        # Header para depuração
        more_set_headers 'X-Files-API-Cache: $upstream_cache_status';
    }
    # Location Padrão (Catch-all)
    location / {
        proxy_pass http://nextcloud_backend;
        proxy_set_header Host $host;