diff --git a/README.md b/README.md index 67ccc65..b092d75 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,6 @@ posterg/ │ └── manage-admin-users.sh # Run on server with sudo to manage htpasswd └── nginx/ # nginx config and reference files ├── posterg.conf - ├── scripts/ # Server setup scripts (password, PHP SQLite) └── docs/ # Documentation ``` @@ -95,4 +94,4 @@ ssh posterg "sudo bash /tmp/manage-admin-users.sh" - Admin panel protected by nginx `auth_basic` + PHP session (`AdminAuth`) - Uploads stored outside webroot, served via controlled `media.php` - Rate limiting on public search (`src/RateLimit.php`) -- See `docs/TODO.SECURITY.md` for outstanding items +- See `nginx/docs/SECURITY_HEADERS.md` for security headers reference diff --git a/TODO.md b/TODO.md index 4eae5ff..692871c 100644 --- a/TODO.md +++ b/TODO.md @@ -7,3 +7,8 @@ - [x] Create nginx/SETUP.md - [x] Create top-level SETUP.md - [x] Update documentation paths (/var/www/html/ → /var/www/posterg/, /formulaire/ → /admin/) +- [x] Remove nginx/scripts/ entirely (install-php-sqlite.sh was duplicate, fix-paths.sh was stale, setup-password.sh superseded by manage-admin-users.sh) +- [x] Fix typo HTACCESS_TO_ NGINX.md → HTACCESS_TO_NGINX.md in nginx/README.md +- [x] Fix nginx/SETUP.md manual step to use just manage-admin-users instead of raw htpasswd +- [x] Fix root README.md dead reference to docs/TODO.SECURITY.md +- [x] Update root README.md project structure (remove nginx/scripts/ entry) diff --git a/nginx/README.md b/nginx/README.md index 2711afa..fe0bf2b 100644 --- a/nginx/README.md +++ b/nginx/README.md @@ -5,17 +5,13 @@ This directory contains nginx configuration and documentation for the Post-ERG t ## 📁 Files - **`posterg.conf`** - Complete nginx configuration file -- **`scripts/`** - Server setup scripts - - `setup-password.sh` - Create admin passwords - - `install-php-sqlite.sh` - Install PHP SQLite extension - - `fix-paths.sh` - Fix PHP include paths - **`docs/`** - Documentation - `PRODUCTION_DEPLOYMENT.md` - Deployment guide - `QUICK_REFERENCE.md` - Command reference - `ADMIN_USERS.md` - User management - `SECURITY_HEADERS.md` - Security headers reference - `PHP_AUTH_LAYER.md` - Authentication layer documentation - - `HTACCESS_TO_ NGINX.md` - Apache to nginx migration notes + - `HTACCESS_TO_NGINX.md` - Apache to nginx migration notes - `TEST_DATABASE_SETUP.md` - Test database deployment ## 🚀 Quick Start diff --git a/nginx/SETUP.md b/nginx/SETUP.md index 32b783a..35ef3b6 100644 --- a/nginx/SETUP.md +++ b/nginx/SETUP.md @@ -44,7 +44,9 @@ sudo apt install nginx apache2-utils php8.4-fpm ### 2. Create Admin Password ```bash -sudo htpasswd -c /etc/nginx/.htpasswd-posterg admin +just manage-admin-users +# Then on the server: +ssh posterg "sudo bash /tmp/manage-admin-users.sh" ``` ### 3. Copy Nginx Configuration diff --git a/nginx/scripts/fix-paths.sh b/nginx/scripts/fix-paths.sh deleted file mode 100644 index ada9baf..0000000 --- a/nginx/scripts/fix-paths.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Fix shared library paths for production deployment - -echo "🔧 Fixing shared library paths for production..." - -cd /var/www/html - -# Fix paths in PHP files -find . -maxdepth 1 -name "*.php" -type f -exec sed -i "s|__DIR__ \. '/\.\./\.\./shared/|__DIR__ . '/shared/|g" {} \; - -echo "✓ Updated paths in:" -echo " - index.php" -echo " - memoire.php" -echo " - search.php" -echo " - test_db.php" - -# Test if it works -echo "" -echo "🧪 Testing..." -php -r "require_once '/var/www/html/shared/Database.php'; echo 'Database.php loads successfully\n';" - -echo "" -echo "✅ Path fix complete!" -echo "Try: curl http://localhost/" diff --git a/nginx/scripts/install-php-sqlite.sh b/nginx/scripts/install-php-sqlite.sh deleted file mode 100755 index 9fd75af..0000000 --- a/nginx/scripts/install-php-sqlite.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Install PHP SQLite extension - -echo "🔧 Installing PHP SQLite extension..." - -# Check if running as root -if [ "$EUID" -ne 0 ]; then - echo "Error: This script must be run as root (use sudo)" - exit 1 -fi - -# Detect PHP version -PHP_VERSION=$(php -r "echo PHP_MAJOR_VERSION.'.'.PHP_MINOR_VERSION;") -echo "Detected PHP version: $PHP_VERSION" - -# Install SQLite extension -echo "Installing php${PHP_VERSION}-sqlite3..." -apt-get update -qq -apt-get install -y php${PHP_VERSION}-sqlite3 - -# Restart PHP-FPM -echo "Restarting PHP-FPM..." -systemctl restart php${PHP_VERSION}-fpm - -# Verify installation -if php -m | grep -q sqlite3; then - echo "✅ SQLite extension installed successfully" - echo "" - echo "Installed extensions:" - php -m | grep -i sqlite -else - echo "❌ Failed to install SQLite extension" - exit 1 -fi diff --git a/nginx/scripts/setup-password.sh b/nginx/scripts/setup-password.sh deleted file mode 100755 index 99793c2..0000000 --- a/nginx/scripts/setup-password.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash -# -# Setup script for Post-ERG admin password -# Creates htpasswd file for nginx basic authentication -# - -set -e - -echo "=================================================" -echo "Post-ERG Admin Password Setup" -echo "=================================================" -echo "" - -# Check if running as root -if [ "$EUID" -ne 0 ]; then - echo "⚠️ This script must be run as root (use sudo)" - exit 1 -fi - -# Check if apache2-utils is installed -if ! command -v htpasswd &> /dev/null; then - echo "📦 Installing apache2-utils..." - apt-get update - apt-get install -y apache2-utils -fi - -# Configuration -HTPASSWD_FILE="/etc/nginx/.htpasswd-posterg" -BACKUP_FILE="/etc/nginx/.htpasswd-posterg.backup" - -# Backup existing file if it exists -if [ -f "$HTPASSWD_FILE" ]; then - echo "📋 Backing up existing password file..." - cp "$HTPASSWD_FILE" "$BACKUP_FILE" - echo " Backup saved to: $BACKUP_FILE" - echo "" -fi - -# Prompt for username -echo "Enter admin username (default: admin):" -read -r USERNAME -USERNAME=${USERNAME:-admin} - -# Create or update password file -if [ -f "$HTPASSWD_FILE" ]; then - # File exists, update/add user - echo "" - echo "Creating/updating user: $USERNAME" - htpasswd "$HTPASSWD_FILE" "$USERNAME" -else - # Create new file - echo "" - echo "Creating new password file for user: $USERNAME" - htpasswd -c "$HTPASSWD_FILE" "$USERNAME" -fi - -# Set correct permissions -chmod 644 "$HTPASSWD_FILE" -chown root:root "$HTPASSWD_FILE" - -echo "" -echo "✅ Password file created/updated successfully!" -echo "" -echo "Details:" -echo " File: $HTPASSWD_FILE" -echo " User: $USERNAME" -echo " Permissions: 644 (readable by nginx)" -echo "" - -# Ask if user wants to add more users -echo "Do you want to add another user? (y/n)" -read -r ADD_MORE - -while [ "$ADD_MORE" = "y" ] || [ "$ADD_MORE" = "Y" ]; do - echo "" - echo "Enter username for additional user:" - read -r USERNAME - - if [ -z "$USERNAME" ]; then - echo "❌ Username cannot be empty" - continue - fi - - echo "Adding user: $USERNAME" - htpasswd "$HTPASSWD_FILE" "$USERNAME" - - echo "" - echo "Add another user? (y/n)" - read -r ADD_MORE -done - -echo "" -echo "=================================================" -echo "Setup Complete!" -echo "=================================================" -echo "" -echo "Current users in $HTPASSWD_FILE:" -cut -d: -f1 "$HTPASSWD_FILE" | while read -r user; do - echo " - $user" -done -echo "" -echo "Next steps:" -echo " 1. Copy nginx config: cp nginx/posterg.conf /etc/nginx/sites-available/posterg" -echo " 2. Enable site: ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/" -echo " 3. Test config: nginx -t" -echo " 4. Reload nginx: systemctl reload nginx" -echo "" -echo "The admin panel at /formulaire/ will now require authentication." -echo "" -echo "⚠️ IMPORTANT: Save these credentials securely!" -echo ""