joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,253 Commits 3 Branches 0 Tags 6.7 MiB
Commit Graph

24 Commits

Author SHA1 Message Date
João Pedro Toledo Goncalves 948fefdec9 feat: Adiciona stack de compactação moderna (Brotli + Gzip) 2026-02-04 20:41:37 -03:00
João Pedro Toledo Goncalves 0e2581dd18 refactor: Consolida lógica de cache e remove cache de documentos (PDF) 2026-02-04 20:37:51 -03:00
João Pedro Toledo Goncalves e2c8f954ad feat: Adiciona fontes populares (Montserrat, Poppins, etc) à Pseudo-CDN 2026-02-04 20:34:23 -03:00
João Pedro Toledo Goncalves 4b39a1a13f feat: Expande Pseudo-CDN com Tailwind CSS, Shadcn/UI e Modern Front-end Pack 2026-02-04 20:33:53 -03:00
João Pedro Toledo Goncalves 3878c1d9ed feat: Implementa Pseudo-CDN Engine para compartilhamento de cache global 2026-02-04 20:31:12 -03:00
João Pedro Toledo Goncalves 859d0851e5 feat: Implementa Cache Inteligente com SWR e Invalidação dinâmica de Assets 2026-02-04 20:19:47 -03:00
João Pedro Toledo Goncalves 5d1936e63e feat: Moderniza Cache Assets (Modern Web) e Rate-Limit Penalizado 2026-02-04 20:15:11 -03:00
João Pedro Toledo Goncalves b6116b975b style: Regionaliza e torna os níveis de risco mais verbosos (PT-BR) 2026-02-04 20:12:53 -03:00
João Pedro Toledo Goncalves 975f4915f0 feat: Implementa Pathfinder Security Scoring System (PSDE) e Risk Level Logs 2026-02-04 20:12:03 -03:00
João Pedro Toledo Goncalves 4058de3486 feat: Expande URIs suspeitas com padrões modernos de Cloud, Docker e Frameworks 2026-02-04 20:08:09 -03:00
João Pedro Toledo Goncalves 8635b05de8 refactor: Otimiza URIs suspeitas para Fast-Fail antes do WAF 2026-02-04 20:04:34 -03:00
João Pedro Toledo Goncalves 2a27e07359 feat: Bloqueio massivo de Scraping Libraries e Headless Browsers 2026-02-04 20:02:17 -03:00
João Pedro Toledo Goncalves 0634f09113 feat: Bloqueio agressivo de IA Crawlers, RECON scanners e SEO Scrapers 2026-02-04 19:58:01 -03:00
João Pedro Toledo Goncalves da539fa86d feat: Expande lista de bad bots e ferramentas de scanner (Inteligência Pathfinder) 2026-02-04 19:54:32 -03:00
João Pedro Toledo Goncalves 07bea3b949 feat: Adiciona security_actions e ativa bloqueio no vHost 2026-02-04 19:52:22 -03:00
João Pedro Toledo Goncalves af1ff377d3 refactor: Remove log_format legado e unifica auditoria em JSON 2026-02-04 19:50:20 -03:00
João Pedro Toledo Goncalves a32e781a97 refactor: Transição para o modelo de Zona de Cache Universal 2026-02-04 19:34:15 -03:00
João Pedro Toledo Goncalves 396bda5977 refactor: Especializa snippets well-known (robots, ads, security) 2026-02-04 19:29:12 -03:00
João Pedro Toledo Goncalves b6997959e9 feat: Adiciona snippets well-known (robots, security, humans, ads) 2026-02-04 19:24:03 -03:00
João Pedro Toledo Goncalves aef892572e feat: Estrutura de Snippets, Logs JSON e WAF 2026-02-04 19:18:40 -03:00
João Pedro Toledo Goncalves c4bf1050b7 refactor: usa snippets para acme e cache params 2026-01-30 12:12:34 -03:00
João Pedro Toledo Goncalves 975d6ab90b Refactor: Simplify infrastructure to single Nginx container (Legacy Removed) 2026-01-27 14:03:04 -03:00
João Pedro 0ee283eab1 feat(rede): Implementa conectividade com redes Docker internas e IPs externos 
## Tarefa 4 - Conexão Direta na Interface do Host

### Alterações no Docker Compose
- Adicionado host.docker.internal:host-gateway no modsecurity e nginx-proxy
- Permite acesso à rede física do host para alcançar IPs externos (10.10.253.x)
- Adicionados mapeamentos extras para server-254 e gitea-server

### Novos Arquivos
- snippets/docker_resolver.conf: Resolver DNS Docker para containers dinâmicos
- conf.d/test-connectivity.conf: Endpoints temporários para validar conectividade
  (REMOVER após testes no host de deploy)

### Documentação
- README.md: Diagrama de arquitetura atualizado com cores mais legíveis
- README.md: Adicionada tabela de sistemas/servidores (Docker/VM/LXC)
- TODO.md: Status da tarefa 4 atualizado para 'Aguardando Teste'

### Próximos Passos (no host de deploy)
1. docker compose build --no-cache nginx-proxy
2. docker compose down && docker compose up -d
3. Testar ping para 10.10.253.254 e 10.10.253.128
4. Remover test-connectivity.conf após validação
 2026-01-22 18:18:44 -03:00
João Pedro cd1a164114 feat(infra): Full migration to containerized NGINX with WAF and Auto-SSL 
Major infrastructure upgrade implementing:
1. Architecture
   - Containerized NGINX with custom Alpine build (Brotli + Headers More)
   - ModSecurity WAF (OWASP CRS) as a sidecar/frontend service
   - Fail2ban service monitoring logs for bot/attack mitigation

2. SSL Automation
   - Integrated Certbot with custom daily validation scripts
   - Automatic 3-day expiry detection and renewal
   - Smart ACME challenge injection for all sites

3. Configuration
   - Migrated 28 site configs to modular structure (conf.d/)
   - Created reusable snippets (Rate Limiting, Security Maps, Caching)
   - Fixed deprecated HTTP/2 syntax and ModSecurity directives

4. Documentation
   - Added GEMINI.md with full architectural overview
   - Cleanup of legacy files
 2026-01-22 13:14:18 -03:00