mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
rename posterg → xamxam throughout: nginx conf, scripts, PHP source, docs
This commit is contained in:
Pontoporeia
@@ -4,8 +4,8 @@
|
||||
|
||||
```bash
|
||||
# Copy nginx config
|
||||
sudo cp nginx/posterg.conf /etc/nginx/sites-available/posterg
|
||||
sudo ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/
|
||||
sudo cp nginx/xamxam.conf /etc/nginx/sites-available/xamxam
|
||||
sudo ln -s /etc/nginx/sites-available/xamxam /etc/nginx/sites-enabled/
|
||||
sudo rm -f /etc/nginx/sites-enabled/default
|
||||
|
||||
# Test and reload
|
||||
@@ -23,16 +23,16 @@ sudo bash /tmp/manage-admin-users.sh
|
||||
|
||||
# Or manual commands:
|
||||
# Add new user
|
||||
sudo htpasswd /etc/nginx/.htpasswd-posterg username
|
||||
sudo htpasswd /etc/nginx/.htpasswd-xamxam username
|
||||
|
||||
# Change password for existing user
|
||||
sudo htpasswd /etc/nginx/.htpasswd-posterg username
|
||||
sudo htpasswd /etc/nginx/.htpasswd-xamxam username
|
||||
|
||||
# Remove user
|
||||
sudo htpasswd -D /etc/nginx/.htpasswd-posterg username
|
||||
sudo htpasswd -D /etc/nginx/.htpasswd-xamxam username
|
||||
|
||||
# List all users
|
||||
sudo cut -d: -f1 /etc/nginx/.htpasswd-posterg
|
||||
sudo cut -d: -f1 /etc/nginx/.htpasswd-xamxam
|
||||
```
|
||||
|
||||
### Nginx Control
|
||||
@@ -61,26 +61,26 @@ sudo systemctl status nginx
|
||||
|
||||
```bash
|
||||
# Public site access log
|
||||
sudo tail -f /var/log/nginx/posterg_access.log
|
||||
sudo tail -f /var/log/nginx/xamxam_access.log
|
||||
|
||||
# Public site errors
|
||||
sudo tail -f /var/log/nginx/posterg_error.log
|
||||
sudo tail -f /var/log/nginx/xamxam_error.log
|
||||
|
||||
# SSL access log
|
||||
sudo tail -f /var/log/nginx/posterg_ssl_access.log
|
||||
sudo tail -f /var/log/nginx/xamxam_ssl_access.log
|
||||
|
||||
# Search for specific pattern
|
||||
sudo grep "404" /var/log/nginx/posterg_access.log
|
||||
sudo grep "404" /var/log/nginx/xamxam_access.log
|
||||
|
||||
# Count requests by IP
|
||||
sudo awk '{print $1}' /var/log/nginx/posterg_access.log | sort | uniq -c | sort -nr | head
|
||||
sudo awk '{print $1}' /var/log/nginx/xamxam_access.log | sort | uniq -c | sort -nr | head
|
||||
```
|
||||
|
||||
### SSL/HTTPS
|
||||
|
||||
```bash
|
||||
# Get SSL certificate (Let's Encrypt)
|
||||
sudo certbot --nginx -d posterg.erg.be -d www.posterg.erg.be
|
||||
sudo certbot --nginx -d xamxam.erg.be -d www.xamxam.erg.be
|
||||
|
||||
# Renew certificates
|
||||
sudo certbot renew
|
||||
@@ -98,10 +98,10 @@ sudo certbot renew --dry-run
|
||||
|
||||
```bash
|
||||
# Should require password (returns 401)
|
||||
curl -I https://posterg.erg.be/admin/
|
||||
curl -I https://xamxam.erg.be/admin/
|
||||
|
||||
# With authentication
|
||||
curl -u admin:password https://posterg.erg.be/admin/
|
||||
curl -u admin:password https://xamxam.erg.be/admin/
|
||||
```
|
||||
|
||||
### Test Rate Limiting
|
||||
@@ -109,7 +109,7 @@ curl -u admin:password https://posterg.erg.be/admin/
|
||||
```bash
|
||||
# Should show increasing 429 responses after limit
|
||||
for i in {1..50}; do
|
||||
curl -s -o /dev/null -w "%{http_code}\n" https://posterg.erg.be/
|
||||
curl -s -o /dev/null -w "%{http_code}\n" https://xamxam.erg.be/
|
||||
done
|
||||
```
|
||||
|
||||
@@ -117,16 +117,16 @@ done
|
||||
|
||||
```bash
|
||||
# Should return 403
|
||||
curl -I https://posterg.erg.be/storage/posterg.db
|
||||
curl -I https://posterg.erg.be/shared/Database.php
|
||||
curl -I https://posterg.erg.be/.env
|
||||
curl -I https://xamxam.erg.be/storage/xamxam.db
|
||||
curl -I https://xamxam.erg.be/shared/Database.php
|
||||
curl -I https://xamxam.erg.be/.env
|
||||
```
|
||||
|
||||
### Test Security Headers
|
||||
|
||||
```bash
|
||||
# Check all security headers
|
||||
curl -I https://posterg.erg.be/ 2>&1 | grep -E "X-|Strict-Transport|Referrer|Permissions"
|
||||
curl -I https://xamxam.erg.be/ 2>&1 | grep -E "X-|Strict-Transport|Referrer|Permissions"
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
@@ -136,10 +136,10 @@ curl -I https://posterg.erg.be/ 2>&1 | grep -E "X-|Strict-Transport|Referrer|Per
|
||||
**403 Forbidden on admin**
|
||||
```bash
|
||||
# Check htpasswd file exists
|
||||
sudo ls -l /etc/nginx/.htpasswd-posterg
|
||||
sudo ls -l /etc/nginx/.htpasswd-xamxam
|
||||
|
||||
# Check permissions
|
||||
sudo chmod 644 /etc/nginx/.htpasswd-posterg
|
||||
sudo chmod 644 /etc/nginx/.htpasswd-xamxam
|
||||
```
|
||||
|
||||
**502 Bad Gateway**
|
||||
@@ -167,10 +167,10 @@ sudo tail -50 /var/log/nginx/error.log
|
||||
|
||||
```bash
|
||||
# Disable password protection temporarily
|
||||
sudo nano /etc/nginx/sites-available/posterg
|
||||
sudo nano /etc/nginx/sites-available/xamxam
|
||||
# Comment out these lines in /admin/ location:
|
||||
# auth_basic "Admin Access - Post-ERG";
|
||||
# auth_basic_user_file /etc/nginx/.htpasswd-posterg;
|
||||
# auth_basic_user_file /etc/nginx/.htpasswd-xamxam;
|
||||
|
||||
# Reload nginx
|
||||
sudo nginx -t && sudo systemctl reload nginx
|
||||
@@ -186,7 +186,7 @@ sudo ss -tulpn | grep nginx
|
||||
watch -n 1 'ps aux | grep nginx'
|
||||
|
||||
# Check request rate
|
||||
sudo tail -f /var/log/nginx/posterg_access.log | pv -l -r > /dev/null
|
||||
sudo tail -f /var/log/nginx/xamxam_access.log | pv -l -r > /dev/null
|
||||
|
||||
# Disk usage of logs
|
||||
sudo du -sh /var/log/nginx/*
|
||||
@@ -202,29 +202,29 @@ sudo nginx -s reopen
|
||||
sudo find /var/log/nginx -name "*.log" -mtime +7 -delete
|
||||
|
||||
# Backup configuration
|
||||
sudo cp /etc/nginx/sites-available/posterg /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d)
|
||||
sudo cp /etc/nginx/sites-available/xamxam /etc/nginx/sites-available/xamxam.backup.$(date +%Y%m%d)
|
||||
|
||||
# Backup password file
|
||||
sudo cp /etc/nginx/.htpasswd-posterg /etc/nginx/.htpasswd-posterg.backup.$(date +%Y%m%d)
|
||||
sudo cp /etc/nginx/.htpasswd-xamxam /etc/nginx/.htpasswd-xamxam.backup.$(date +%Y%m%d)
|
||||
```
|
||||
|
||||
## Security Checklist
|
||||
|
||||
- [ ] Admin password set: `sudo ls -l /etc/nginx/.htpasswd-posterg`
|
||||
- [ ] SSL enabled: `curl -I https://posterg.erg.be/`
|
||||
- [ ] Database blocked: `curl -I https://posterg.erg.be/storage/posterg.db`
|
||||
- [ ] Shared directory blocked: `curl -I https://posterg.erg.be/shared/Database.php`
|
||||
- [ ] Admin password set: `sudo ls -l /etc/nginx/.htpasswd-xamxam`
|
||||
- [ ] SSL enabled: `curl -I https://xamxam.erg.be/`
|
||||
- [ ] Database blocked: `curl -I https://xamxam.erg.be/storage/xamxam.db`
|
||||
- [ ] Shared directory blocked: `curl -I https://xamxam.erg.be/shared/Database.php`
|
||||
- [ ] Rate limiting working: Test with curl loop
|
||||
- [ ] Security headers present: `curl -I https://posterg.erg.be/ | grep X-`
|
||||
- [ ] Logs accessible: `sudo tail /var/log/nginx/posterg_access.log`
|
||||
- [ ] Security headers present: `curl -I https://xamxam.erg.be/ | grep X-`
|
||||
- [ ] Logs accessible: `sudo tail /var/log/nginx/xamxam_access.log`
|
||||
|
||||
## Configuration Paths
|
||||
|
||||
- **Nginx config**: `/etc/nginx/sites-available/posterg`
|
||||
- **Password file**: `/etc/nginx/.htpasswd-posterg`
|
||||
- **SSL certificates**: `/etc/letsencrypt/live/posterg.erg.be/`
|
||||
- **Access logs**: `/var/log/nginx/posterg_access.log`
|
||||
- **Error logs**: `/var/log/nginx/posterg_error.log`
|
||||
- **Nginx config**: `/etc/nginx/sites-available/xamxam`
|
||||
- **Password file**: `/etc/nginx/.htpasswd-xamxam`
|
||||
- **SSL certificates**: `/etc/letsencrypt/live/xamxam.erg.be/`
|
||||
- **Access logs**: `/var/log/nginx/xamxam_access.log`
|
||||
- **Error logs**: `/var/log/nginx/xamxam_error.log`
|
||||
- **PHP-FPM config**: `/etc/php/8.2/fpm/pool.d/www.conf`
|
||||
- **PHP-FPM socket**: `/var/run/php/php8.2-fpm.sock`
|
||||
|
||||
|
||||
Reference in New Issue
Block a user