nginx-hotwives.conf

# CONFIGURAÇÃO NGINX PARA HOTWIVES
# IMPORTANTE: NÃO ATIVE AINDA! Mentorado.tech está em produção.
# 
# Este arquivo está em /var/www/hotwives/nginx-hotwives.conf
# 
# INSTRUÇÕES PARA ATIVAR (apenas quando estiver pronto):
# 1. Certifique-se que hotwives.com.br está apontando para este servidor
# 2. sudo cp /var/www/hotwives/nginx-hotwives.conf /etc/nginx/sites-available/hotwives
# 3. sudo ln -s /etc/nginx/sites-available/hotwives /etc/nginx/sites-enabled/
# 4. sudo nginx -t
# 5. sudo certbot --nginx -d hotwives.com.br -d www.hotwives.com.br
# 6. sudo systemctl reload nginx

# HTTP - Redireciona para HTTPS
server {
    listen 80;
    server_name hotwives.com.br www.hotwives.com.br;
    
    # Redirecionar para HTTPS (depois de configurar SSL)
    return 301 https://$server_name$request_uri;
}

# HTTPS - Configuração principal
server {
    listen 443 ssl http2;
    server_name hotwives.com.br www.hotwives.com.br;

    # Certificados SSL - O Certbot irá adicionar/atualizar estas linhas automaticamente
    # ssl_certificate /etc/letsencrypt/live/hotwives.com.br/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/hotwives.com.br/privkey.pem;
    # include /etc/letsencrypt/options-ssl-nginx.conf;
    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    # Configurações SSL básicas (até o Certbot configurar)
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Logs separados
    access_log /var/log/nginx/hotwives-access.log;
    error_log /var/log/nginx/hotwives-error.log;

    # Frontend Next.js - Porta 3000
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Timeouts
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }

    # Backend API - Porta 3001
    location /api {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # CORS headers (se necessário)
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
        
        if ($request_method = 'OPTIONS') {
            return 204;
        }
        
        # Timeouts
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }

    # Socket.IO - WebSocket
    location /socket.io {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Timeouts maiores para WebSocket
        proxy_connect_timeout 7d;
        proxy_send_timeout 7d;
        proxy_read_timeout 7d;
    }

    # Uploads - Servir arquivos estáticos
    location /uploads {
        alias /var/www/hotwives/backend/uploads;
        expires 30d;
        add_header Cache-Control "public, immutable";
        
        # Segurança
        location ~ \.(php|phtml|php3|php4|php5|jsp)$ {
            deny all;
        }
    }

    # Tamanho máximo de upload
    client_max_body_size 10M;
    client_body_buffer_size 128k;

    # Compressão Gzip
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript;

    # Headers de segurança
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
}
fix: Separar configuração Nginx do HotWives para não afetar mentorado.tech - Remover configuração ativa do nginx - Criar arquivo nginx-hotwives.conf separado em /var/www/hotwives/ - Adicionar guia completo ATIVAR_NGINX.md com instruções seguras - HotWives usará portas 3000/3001 (mentorado usa 3007) - Configuração só será ativada manualmente quando DNS estiver pronto 2025-11-22 01:09:31 +00:00			`# CONFIGURAÇÃO NGINX PARA HOTWIVES`
			`# IMPORTANTE: NÃO ATIVE AINDA! Mentorado.tech está em produção.`
			`#`
			`# Este arquivo está em /var/www/hotwives/nginx-hotwives.conf`
			`#`
			`# INSTRUÇÕES PARA ATIVAR (apenas quando estiver pronto):`
			`# 1. Certifique-se que hotwives.com.br está apontando para este servidor`
			`# 2. sudo cp /var/www/hotwives/nginx-hotwives.conf /etc/nginx/sites-available/hotwives`
			`# 3. sudo ln -s /etc/nginx/sites-available/hotwives /etc/nginx/sites-enabled/`
			`# 4. sudo nginx -t`
			`# 5. sudo certbot --nginx -d hotwives.com.br -d www.hotwives.com.br`
			`# 6. sudo systemctl reload nginx`

			`# HTTP - Redireciona para HTTPS`
			`server {`
			`listen 80;`
			`server_name hotwives.com.br www.hotwives.com.br;`

			`# Redirecionar para HTTPS (depois de configurar SSL)`
			`return 301 https://$server_name$request_uri;`
			`}`

			`# HTTPS - Configuração principal`
			`server {`
			`listen 443 ssl http2;`
			`server_name hotwives.com.br www.hotwives.com.br;`

			`# Certificados SSL - O Certbot irá adicionar/atualizar estas linhas automaticamente`
			`# ssl_certificate /etc/letsencrypt/live/hotwives.com.br/fullchain.pem;`
			`# ssl_certificate_key /etc/letsencrypt/live/hotwives.com.br/privkey.pem;`
			`# include /etc/letsencrypt/options-ssl-nginx.conf;`
			`# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;`

			`# Configurações SSL básicas (até o Certbot configurar)`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers HIGH:!aNULL:!MD5;`
			`ssl_prefer_server_ciphers on;`

			`# Logs separados`
			`access_log /var/log/nginx/hotwives-access.log;`
			`error_log /var/log/nginx/hotwives-error.log;`

			`# Frontend Next.js - Porta 3000`
			`location / {`
			`proxy_pass http://localhost:3000;`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection 'upgrade';`
			`proxy_set_header Host $host;`
			`proxy_cache_bypass $http_upgrade;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`

			`# Timeouts`
			`proxy_connect_timeout 60s;`
			`proxy_send_timeout 60s;`
			`proxy_read_timeout 60s;`
			`}`

			`# Backend API - Porta 3001`
			`location /api {`
			`proxy_pass http://localhost:3001;`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection 'upgrade';`
			`proxy_set_header Host $host;`
			`proxy_cache_bypass $http_upgrade;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`

			`# CORS headers (se necessário)`
			`add_header 'Access-Control-Allow-Origin' '*' always;`
			`add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;`
			`add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;`

			`if ($request_method = 'OPTIONS') {`
			`return 204;`
			`}`

			`# Timeouts`
			`proxy_connect_timeout 60s;`
			`proxy_send_timeout 60s;`
			`proxy_read_timeout 60s;`
			`}`

			`# Socket.IO - WebSocket`
			`location /socket.io {`
			`proxy_pass http://localhost:3001;`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`

			`# Timeouts maiores para WebSocket`
			`proxy_connect_timeout 7d;`
			`proxy_send_timeout 7d;`
			`proxy_read_timeout 7d;`
			`}`

			`# Uploads - Servir arquivos estáticos`
			`location /uploads {`
			`alias /var/www/hotwives/backend/uploads;`
			`expires 30d;`
			`add_header Cache-Control "public, immutable";`

			`# Segurança`
			`location ~ \.(php\|phtml\|php3\|php4\|php5\|jsp)$ {`
			`deny all;`
			`}`
			`}`

			`# Tamanho máximo de upload`
			`client_max_body_size 10M;`
			`client_body_buffer_size 128k;`

			`# Compressão Gzip`
			`gzip on;`
			`gzip_vary on;`
			`gzip_min_length 1024;`
			`gzip_comp_level 6;`
			`gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript;`

			`# Headers de segurança`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`add_header Referrer-Policy "no-referrer-when-downgrade" always;`
			`}`