PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration

Browse Source 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
This commit is contained in:
Pontoporeia
2026-06-11 13:05:37 +02:00
parent 00fed5f0e3
commit d588ae004d
81 changed files with 1061 additions and 840 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
nginx/README.md
View File

@@ -8,7 +8,6 @@ This directory contains nginx configuration and documentation for the Post-ERG t
- **`docs/`** - Documentation
- `PRODUCTION_DEPLOYMENT.md` - Deployment guide
- `QUICK_REFERENCE.md` - Command reference
- `ADMIN_USERS.md` - User management
- `SECURITY_HEADERS.md` - Security headers reference
- `PHP_AUTH_LAYER.md` - Authentication layer documentation
- `HTACCESS_TO_NGINX.md` - Apache to nginx migration notes
@@ -33,19 +32,16 @@ The deployment script will:
- ✅ Test and reload nginx
- ✅ Verify PHP-FPM is running
### Manage admin users
### Manage admin password
```bash
just manage-admin-users
ssh xamxam "sudo bash /tmp/manage-admin-users.sh"
```
The admin password is managed via the admin panel at `/admin/parametres` → Account tab.
## 🔒 Security Features
### Admin Panel Protection
- **Password required** for `/admin/`
- HTTP Basic Authentication
- Rate limited: 10 requests/minute
- **Password required** for `/admin/` (password-only, no username)
- PHP session-based authentication (`AdminAuth`)
- Rate limited: 300 req/min, burst=30
### File Access Protection
- Database files (`.db`) - **BLOCKED**
@@ -59,7 +55,7 @@ ssh xamxam "sudo bash /tmp/manage-admin-users.sh"
### Rate Limiting
- General requests: 30/minute
- Search endpoint: 30/minute
- Admin panel: 10/minute
- Admin panel: 300 req/min (burst=30)
### Security Headers
- ✅ X-Frame-Options (clickjacking protection)
@@ -72,7 +68,6 @@ ssh xamxam "sudo bash /tmp/manage-admin-users.sh"
- **[docs/PRODUCTION_DEPLOYMENT.md](docs/PRODUCTION_DEPLOYMENT.md)** - Complete deployment guide
- **[docs/QUICK_REFERENCE.md](docs/QUICK_REFERENCE.md)** - Command reference and troubleshooting
- **[docs/ADMIN_USERS.md](docs/ADMIN_USERS.md)** - Admin user management
- **[docs/SECURITY_HEADERS.md](docs/SECURITY_HEADERS.md)** - Security headers reference
## 🧪 Testing
@@ -90,11 +85,6 @@ curl -I https://xamxam.erg.be/ | grep -E "X-|Strict-Transport"
## 🆘 Quick Help
### Admin can't log in
```bash
sudo htpasswd /etc/nginx/.htpasswd-xamxam admin
```
### 502 Bad Gateway
```bash
sudo systemctl status php8.4-fpm