PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor: update nginx config for new structure

Browse Source 
- Updated posterg.conf with new directory structure
- Document root: /var/www/posterg/public
- Explicitly deny access to: /src, /templates, /config, /storage, /tests, /scripts, /docs
- Added structure diagram in comments
- Updated deploy scripts security checks
- Replaced outdated posterg.conf.reference

All non-public directories outside webroot for security.
Defense-in-depth: explicit deny rules even though paths outside /public.
This commit is contained in:
Théophile Gervreau-Mercier
2026-02-12 12:20:31 +01:00
parent 87971f9c23
commit 942a93a3ad
7 changed files with 469 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nginx/deploy-production.sh
View File

@@ -176,5 +176,7 @@ echo ""
echo "🔒 Security Checks:"
echo " • Database blocked: curl -I http://localhost/storage/posterg.db"
echo " • MD files blocked: curl -I http://localhost/README.md"
echo " • Shared blocked: curl -I http://localhost/shared/Database.php"
echo " • Source blocked: curl -I http://localhost/src/Database.php"
echo " • Templates blocked: curl -I http://localhost/templates/header.php"
echo " • Config blocked: curl -I http://localhost/config/bootstrap.php"
echo ""