PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor: update nginx config for new structure

Browse Source 
- Updated posterg.conf with new directory structure
- Document root: /var/www/posterg/public
- Explicitly deny access to: /src, /templates, /config, /storage, /tests, /scripts, /docs
- Added structure diagram in comments
- Updated deploy scripts security checks
- Replaced outdated posterg.conf.reference

All non-public directories outside webroot for security.
Defense-in-depth: explicit deny rules even though paths outside /public.
This commit is contained in:
Théophile Gervreau-Mercier
2026-02-12 12:20:31 +01:00
parent 87971f9c23
commit 942a93a3ad
7 changed files with 469 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nginx/README.md
View File

@@ -44,9 +44,13 @@ No additional SSL setup is needed on this server.
### File Access Protection
- Database files (`.db`) - **BLOCKED**
- Sensitive files (`.md`, `.sql`, `.env`) - **BLOCKED**
- Shared directory - **BLOCKED**
- Tests directory - **BLOCKED**
- Cache directory - **BLOCKED**
- `/src` directory (PHP source) - **BLOCKED**
- `/templates` directory (PHP templates) - **BLOCKED**
- `/config` directory (configuration) - **BLOCKED**
- `/storage` directory (databases) - **BLOCKED**
- `/tests` directory - **BLOCKED**
- `/scripts` directory - **BLOCKED**
- `/docs` directory - **BLOCKED**
- Hidden files (`.git`, etc.) - **BLOCKED**
### Rate Limiting