# Server Setup ## One-time setup (before first deploy) Run the setup script on the server. It creates `/var/www/posterg`, sets the correct ownership/permissions, and adds the deploy user to the `posterg` group: ```bash just setup-server ``` What the script does: - Creates the `posterg` group if it doesn't exist - Adds both the SSH user (read from `~/.ssh/config` via `ssh -G posterg`) and `www-data` to `posterg` - Creates `/var/www/posterg` owned by `www-data:posterg` - Sets all directories to **2775** (`rwxrws r-x`) — the setgid bit ensures new files/dirs inherit the `posterg` group, which is required for `rsync --chown=www-data:posterg` to succeed - Sets files to **664** - Sets `storage/` to **2775**, database files to **660** > **Important:** After running `setup-server`, log out and back in on the server > (or run `newgrp posterg`) so the new group membership is active before deploying. ### Why setgid (2775) on directories? rsync uses `--chown=www-data:posterg` to set ownership on transferred files. For this to work, the receiving process (running as `padlock`) must have write permission on every target directory. Without the setgid bit: - Newly created subdirectories inherit `padlock`'s primary group - `www-data` (nginx/php-fpm) can't write to them → 403 errors - `padlock` can't write to dirs owned by `www-data` → rsync Permission denied With `2775 + group=posterg`: - Both `padlock` and `www-data` are in `posterg` → both can write - New subdirs automatically get `posterg` as their group - rsync can create files and directories without errors ## Deploying the application ```bash # Push all app files just deploy # Push initial database (aborts if remote DB already exists) just deploy-db ``` ## Applying the nginx config ```bash just deploy-nginx ``` Uploads `nginx/posterg.conf` to the server, runs `scripts/deploy-server.sh` (which installs it into `/etc/nginx/sites-available/posterg`), then reloads nginx. ## Managing admin users ```bash ssh posterg "sudo bash /var/www/posterg/scripts/manage-admin-users.sh" ``` Interactive menu for adding, changing, and deleting htpasswd entries at `/etc/nginx/.htpasswd-posterg`. ## Troubleshooting ### rsync: Permission denied on mkdir or mkstemp The remote directory permissions are wrong. Run: ```bash just setup-server ``` Then log out/in on the server and retry `just deploy`. If you need to fix it manually (replace `youruser` with your remote username): ```bash ssh posterg sudo DEPLOY_USER=youruser bash /tmp/setup-server.sh ``` Or directly: ```bash ssh posterg sudo chown -R www-data:posterg /var/www/posterg sudo find /var/www/posterg -type d -exec chmod 2775 {} \; sudo find /var/www/posterg -type f -exec chmod 664 {} \; sudo usermod -aG posterg youruser ``` ### Nginx 403 Forbidden ```bash ssh posterg sudo find /var/www/posterg -type d -exec chmod 2775 {} \; sudo find /var/www/posterg -type f -exec chmod 664 {} \; sudo chmod 660 /var/www/posterg/storage/*.db ``` ### Database permission error ```bash ssh posterg sudo chown www-data:posterg /var/www/posterg/storage/posterg.db sudo chmod 660 /var/www/posterg/storage/posterg.db ```