NgixProxy_Pathfinder

Commit Graph

Author	SHA1	Message	Date
João Pedro	0ee283eab1	feat(rede): Implementa conectividade com redes Docker internas e IPs externos ## Tarefa 4 - Conexão Direta na Interface do Host ### Alterações no Docker Compose - Adicionado host.docker.internal:host-gateway no modsecurity e nginx-proxy - Permite acesso à rede física do host para alcançar IPs externos (10.10.253.x) - Adicionados mapeamentos extras para server-254 e gitea-server ### Novos Arquivos - snippets/docker_resolver.conf: Resolver DNS Docker para containers dinâmicos - conf.d/test-connectivity.conf: Endpoints temporários para validar conectividade (REMOVER após testes no host de deploy) ### Documentação - README.md: Diagrama de arquitetura atualizado com cores mais legíveis - README.md: Adicionada tabela de sistemas/servidores (Docker/VM/LXC) - TODO.md: Status da tarefa 4 atualizado para 'Aguardando Teste' ### Próximos Passos (no host de deploy) 1. docker compose build --no-cache nginx-proxy 2. docker compose down && docker compose up -d 3. Testar ping para 10.10.253.254 e 10.10.253.128 4. Remover test-connectivity.conf após validação	2026-01-22 18:18:44 -03:00
João Pedro	cd1a164114	feat(infra): Full migration to containerized NGINX with WAF and Auto-SSL Major infrastructure upgrade implementing: 1. Architecture - Containerized NGINX with custom Alpine build (Brotli + Headers More) - ModSecurity WAF (OWASP CRS) as a sidecar/frontend service - Fail2ban service monitoring logs for bot/attack mitigation 2. SSL Automation - Integrated Certbot with custom daily validation scripts - Automatic 3-day expiry detection and renewal - Smart ACME challenge injection for all sites 3. Configuration - Migrated 28 site configs to modular structure (conf.d/) - Created reusable snippets (Rate Limiting, Security Maps, Caching) - Fixed deprecated HTTP/2 syntax and ModSecurity directives 4. Documentation - Added GEMINI.md with full architectural overview - Cleanup of legacy files	2026-01-22 13:14:18 -03:00

Author

SHA1

Message

Date

João Pedro

0ee283eab1

feat(rede): Implementa conectividade com redes Docker internas e IPs externos

## Tarefa 4 - Conexão Direta na Interface do Host

### Alterações no Docker Compose
- Adicionado host.docker.internal:host-gateway no modsecurity e nginx-proxy
- Permite acesso à rede física do host para alcançar IPs externos (10.10.253.x)
- Adicionados mapeamentos extras para server-254 e gitea-server

### Novos Arquivos
- snippets/docker_resolver.conf: Resolver DNS Docker para containers dinâmicos
- conf.d/test-connectivity.conf: Endpoints temporários para validar conectividade
  (REMOVER após testes no host de deploy)

### Documentação
- README.md: Diagrama de arquitetura atualizado com cores mais legíveis
- README.md: Adicionada tabela de sistemas/servidores (Docker/VM/LXC)
- TODO.md: Status da tarefa 4 atualizado para 'Aguardando Teste'

### Próximos Passos (no host de deploy)
1. docker compose build --no-cache nginx-proxy
2. docker compose down && docker compose up -d
3. Testar ping para 10.10.253.254 e 10.10.253.128
4. Remover test-connectivity.conf após validação

2026-01-22 18:18:44 -03:00

João Pedro

cd1a164114

feat(infra): Full migration to containerized NGINX with WAF and Auto-SSL

Major infrastructure upgrade implementing:
1. Architecture
   - Containerized NGINX with custom Alpine build (Brotli + Headers More)
   - ModSecurity WAF (OWASP CRS) as a sidecar/frontend service
   - Fail2ban service monitoring logs for bot/attack mitigation

2. SSL Automation
   - Integrated Certbot with custom daily validation scripts
   - Automatic 3-day expiry detection and renewal
   - Smart ACME challenge injection for all sites

3. Configuration
   - Migrated 28 site configs to modular structure (conf.d/)
   - Created reusable snippets (Rate Limiting, Security Maps, Caching)
   - Fixed deprecated HTTP/2 syntax and ModSecurity directives

4. Documentation
   - Added GEMINI.md with full architectural overview
   - Cleanup of legacy files

2026-01-22 13:14:18 -03:00

2 Commits