joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,233 Commits 3 Branches 0 Tags 6.7 MiB
Commit Graph

1233 Commits

Author SHA1 Message Date
João Pedro Toledo Goncalves b6997959e9 feat: Adiciona snippets well-known (robots, security, humans, ads) 2026-02-04 19:24:03 -03:00
João Pedro Toledo Goncalves ff6e4a339d docs: Cria README para o repositório de sites e configurações 2026-02-04 19:20:43 -03:00
João Pedro Toledo Goncalves aef892572e feat: Estrutura de Snippets, Logs JSON e WAF 2026-02-04 19:18:40 -03:00
João Pedro Toledo Goncalves c4bf1050b7 refactor: usa snippets para acme e cache params 2026-01-30 12:12:34 -03:00
João Pedro Toledo Goncalves 91ee957ba7 remoçao do .gemini 2026-01-29 09:03:06 -03:00
João Pedro Toledo Goncalves 9a855a5e12 site-ferreira-real update 2026-01-29 08:45:22 -03:00
João Pedro Toledo Goncalves f6117c9750 Add conf.d directory with placeholder 2026-01-27 14:32:44 -03:00
João Pedro Toledo Goncalves f9c84c033c Cleanup: Keep only configuration folders (conf.d, snippets) in this branch 2026-01-27 14:24:35 -03:00
João Pedro Toledo Goncalves 4cb6b85f29 Fix: Remove snippets bind-mount to prevent empty directory shadowing 2026-01-27 14:17:52 -03:00
João Pedro Toledo Goncalves fd770b61a2 Fix: Add nano and remove nginx.conf host-mount for Portainer compatibility 2026-01-27 14:14:33 -03:00
João Pedro Toledo Goncalves 975d6ab90b Refactor: Simplify infrastructure to single Nginx container (Legacy Removed) 2026-01-27 14:03:04 -03:00
João Pedro Toledo Goncalves 5a73c9a116 fix(ssl): chmod 644 keys to allow modsec access in shared volume 2026-01-27 09:43:57 -03:00
João Pedro Toledo Goncalves 6ddf679e9c fix(modsec/nginx): disable unicode map and fix http2 warnings 2026-01-27 09:41:27 -03:00
João Pedro Toledo Goncalves 5f6baaf5c2 fix(deploy): bake modsec config into image to fix mount error 2026-01-27 09:38:25 -03:00
João Pedro Toledo Goncalves a19f0766cd feat(modsec): inject explicit frontend config for shared ssl and correct proxying 2026-01-27 09:36:24 -03:00
João Pedro Toledo Goncalves 78d56417c5 fix(nginx/ssl): remove dup location and fix renew script date/empty logic 2026-01-27 09:22:49 -03:00
João Pedro Toledo Goncalves 142ca3c670 feat(ssl): fix bootstrap loop with self-signed generation fallback 2026-01-27 09:20:47 -03:00
João Pedro Toledo Goncalves acabd1a271 chore: isolate Traccar config and fix pre-flight cleanup 2026-01-27 09:18:17 -03:00
João Pedro Toledo Goncalves 598b3e3e9a fix(script): add missing 'fi' closure in pre-flight.sh 2026-01-27 09:14:09 -03:00
João Pedro Toledo Goncalves 35138518b2 feat(script): add auto-heal for corrupt git repo 2026-01-27 09:11:30 -03:00
João Pedro Toledo Goncalves 9c4aee8c86 fix(script): improve regex to avoid matching proxy_ssl_server_name 2026-01-27 09:07:52 -03:00
João Pedro Toledo Goncalves 5a50089d5c chore: remove hardcoded git dns to fix sync 2026-01-27 09:04:13 -03:00
João Pedro Toledo Goncalves d0c14b76b3 fix(nginx): replace missing ssl include with explicit params in vcenter config 2026-01-27 08:56:09 -03:00
João Pedro Toledo Goncalves de93649846 feat: implement Zero-Touch deployment (internal git sync + dynamic config symlinks) 2026-01-26 20:00:22 -03:00
João Pedro 1435401e44 fix(nginx): update traccar upstream port to 8083 (host exposed port) 2026-01-26 17:54:25 -03:00
João Pedro c184dd69ec fix: refactor for Portainer GitOps compatibility (Dockerized configs + named volumes) 2026-01-26 17:46:38 -03:00
João Pedro b7de67ad0f feat: Implement Git Auto-Sync (Cron/Script) 2026-01-26 16:18:06 -03:00
João Pedro fa259fd891 feat: Add Traccar GPS configuration (Oestepan) and pending updates 2026-01-26 16:03:40 -03:00
João Pedro 0ee283eab1 feat(rede): Implementa conectividade com redes Docker internas e IPs externos 
## Tarefa 4 - Conexão Direta na Interface do Host

### Alterações no Docker Compose
- Adicionado host.docker.internal:host-gateway no modsecurity e nginx-proxy
- Permite acesso à rede física do host para alcançar IPs externos (10.10.253.x)
- Adicionados mapeamentos extras para server-254 e gitea-server

### Novos Arquivos
- snippets/docker_resolver.conf: Resolver DNS Docker para containers dinâmicos
- conf.d/test-connectivity.conf: Endpoints temporários para validar conectividade
  (REMOVER após testes no host de deploy)

### Documentação
- README.md: Diagrama de arquitetura atualizado com cores mais legíveis
- README.md: Adicionada tabela de sistemas/servidores (Docker/VM/LXC)
- TODO.md: Status da tarefa 4 atualizado para 'Aguardando Teste'

### Próximos Passos (no host de deploy)
1. docker compose build --no-cache nginx-proxy
2. docker compose down && docker compose up -d
3. Testar ping para 10.10.253.254 e 10.10.253.128
4. Remover test-connectivity.conf após validação
 2026-01-22 18:18:44 -03:00
João Pedro 3a5d73a485 feat(proxy): Implement Zero-Downtime Reload Strategy 
- Added scripts/reload.sh and reload.ps1 for safe configuration updates
- Implemented 'nginx -t' validation before reload to prevent crashes
- Leveraged 'nginx -s reload' for process-level Blue-Green updates
- Updated documentation (README.md, GEMINI.md) with new usage instructions
- Fixed nginx.conf to properly scope snippet includes
- Restored missing SSL components (options-ssl-nginx.conf, dhparams) to enable local validation
 2026-01-22 16:39:02 -03:00
João Pedro d9a0b14d6f docs: Atualização da documentação sobre ModSecurity (Arquitetura, TODO e README) 2026-01-22 16:20:40 -03:00
João Pedro 822dde3d06 refactor(modsec): Reorganização detalhada de regras e correções do WAF 
- docker-compose.yml: Ativação dos volumes do ModSecurity e montagem de template customizado para contornar erros de permissão.
- modsec.conf.template: Novo template base para injeção correta das configurações.
- modsec_includes.conf: Ajuste do caminho de include para /etc/nginx/custom_rules.
- modsec_rules/gitea-rule-exceptions.conf: Correção de sintaxe (BodyAccess=Off) e liberação de uploads grandes e hooks do Git.
- modsec_rules/nextcloud-rule-exceptions.conf: Whitelist abrangente para APIs (/ocs, /apps) e Office Online.
- modsec_rules/zabbix-rule-exceptions.conf: Remoção de whitelist da interface web (zabbix.php) para maior segurança.
- modsec_rules/exchange-rule-exceptions.conf: Adição de endpoints críticos (OWA, ECP, ActiveSync).
- modsec_rules/global-exceptions.conf: Limpeza de regras legadas, mantendo apenas whitelist de rede interna.
 2026-01-22 16:15:35 -03:00
João Pedro e5ae4649b3 chore: Remove obsolete proxy-sinc scripts and system configs 2026-01-22 13:44:40 -03:00
João Pedro f917ad6f43 chore: Remove obsolete legacy infrastructure files 2026-01-22 13:43:00 -03:00
João Pedro b25114eea7 chore: Cleanup logs and migrated legacy files 2026-01-22 13:41:01 -03:00
João Pedro 6b2f1a1af1 chore: Migrate legacy configs and add TODO list 2026-01-22 13:38:17 -03:00
João Pedro 058d1a22dd docs: Update README.md (pt-BR) and Tech Specs 2026-01-22 13:22:58 -03:00
João Pedro cd1a164114 feat(infra): Full migration to containerized NGINX with WAF and Auto-SSL 
Major infrastructure upgrade implementing:
1. Architecture
   - Containerized NGINX with custom Alpine build (Brotli + Headers More)
   - ModSecurity WAF (OWASP CRS) as a sidecar/frontend service
   - Fail2ban service monitoring logs for bot/attack mitigation

2. SSL Automation
   - Integrated Certbot with custom daily validation scripts
   - Automatic 3-day expiry detection and renewal
   - Smart ACME challenge injection for all sites

3. Configuration
   - Migrated 28 site configs to modular structure (conf.d/)
   - Created reusable snippets (Rate Limiting, Security Maps, Caching)
   - Fixed deprecated HTTP/2 syntax and ModSecurity directives

4. Documentation
   - Added GEMINI.md with full architectural overview
   - Cleanup of legacy files
 2026-01-22 13:14:18 -03:00
daivid.alves 064983364c Atualizar nginx/sites-available/solucionei.itguys.com.br.conf 2025-12-12 16:38:51 +00:00
srvproxy001.itguys.com.br 1116272cda [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-12 08:59:45 2025-12-12 08:59:45 -03:00
srvproxy001.itguys.com.br df40efec55 [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-12 08:58:25 2025-12-12 08:58:25 -03:00
srvproxy001.itguys.com.br 793524060d [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-11 17:44:44 2025-12-11 17:44:44 -03:00
srvproxy001.itguys.com.br cee0c17e8f [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-11 17:43:26 2025-12-11 17:43:26 -03:00
srvproxy001.itguys.com.br fd0da6ce62 [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-08 17:27:53 2025-12-08 17:27:53 -03:00
srvproxy001.itguys.com.br c33f7db565 [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-08 17:25:55 2025-12-08 17:25:55 -03:00
srvproxy001.itguys.com.br 2e53dd6e92 [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-07 17:24:11 2025-12-07 17:24:11 -03:00
srvproxy001.itguys.com.br 487a19d44b [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-07 17:22:54 2025-12-07 17:22:54 -03:00
srvproxy001.itguys.com.br 6894d644e1 [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-07 07:20:02 2025-12-07 07:20:02 -03:00
srvproxy001.itguys.com.br 1d78711428 [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-07 07:04:53 2025-12-07 07:04:53 -03:00
srvproxy001.itguys.com.br bffdaf8b69 [Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-12-07 07:02:01 2025-12-07 07:02:01 -03:00