# โœ… Production Deployment Complete - Post-ERG **Date:** February 5, 2026 **Status:** โœ… Successfully Deployed --- ## ๐ŸŽ‰ Deployment Summary The Post-ERG website is now successfully deployed with production-ready nginx configuration and security hardening. ### โœ… What's Working | Feature | Status | Test Result | |---------|--------|-------------| | **Public Site** | โœ… Working | https://posterg.erg.be/ โ†’ 200 OK | | **SSL/TLS** | โœ… Working | HTTPS with valid certificate | | **Admin Panel** | โœ… Protected | /formulaire/ โ†’ 401 (requires password) | | **Database Protection** | โœ… Blocked | /database/ โ†’ 403 Forbidden | | **Sensitive Files** | โœ… Blocked | .md, .sql files โ†’ 403 Forbidden | | **Shared Directory** | โœ… Blocked | /shared/ โ†’ 403 Forbidden | | **Security Headers** | โœ… Present | X-Frame-Options, CSP, etc. | | **PHP 8.4** | โœ… Running | php8.4-fpm active | | **File Permissions** | โœ… Fixed | posterg group, readable by www-data | --- ## ๐Ÿ”ง What Was Fixed ### 1. File Permissions **Problem:** Files owned by `theophile:theophile` with 640 permissions, nginx couldn't read them. **Solution:** ```bash # Changed group to posterg (www-data is member) chown -R theophile:posterg /var/www/html/ # Set proper permissions find /var/www/html -type d -exec chmod 755 {} \; find /var/www/html -type f -exec chmod 640 {} \; ``` ### 2. PHP Include Paths **Problem:** Public files used `../../shared/` which doesn't work in production structure. **Solution:** - Public files: Changed `../../shared/` โ†’ `/shared/` - Admin files: Changed `../../shared/` โ†’ `/../shared/` - Automated in deployment script ### 3. Nginx Configuration **Problem:** Using basic default config with no security. **Solution:** Deployed production config with: - โœ… Rate limiting (30/min general, 10/min admin) - โœ… File protection (database, configs, hidden files) - โœ… Admin password protection - โœ… Security headers - โœ… Proper PHP-FPM configuration - โœ… Upload size limits (100MB) --- ## ๐Ÿ“‹ Production Configuration ### Server Details - **Server:** posterg.erg.be - **Internal IP:** 192.168.6.125 - **PHP Version:** 8.4.16 - **Nginx:** Latest stable - **SSL/TLS:** Handled by upstream reverse proxy ### File Structure ``` /var/www/html/ โ”œโ”€โ”€ index.php, memoire.php, search.php (public files) โ”œโ”€โ”€ assets/ (CSS, JS) โ”œโ”€โ”€ shared/ (PHP libraries - blocked from web) โ”‚ โ”œโ”€โ”€ Database.php โ”‚ โ”œโ”€โ”€ RateLimit.php โ”‚ โ””โ”€โ”€ config.php โ”œโ”€โ”€ database/ (SQLite database - blocked from web) โ”‚ โ””โ”€โ”€ posterg.db โ””โ”€โ”€ formulaire/ (admin panel - password protected) โ”œโ”€โ”€ index.php, list.php, edit.php โ””โ”€โ”€ data/ โ”œโ”€โ”€ theses/ (uploaded PDF files) โ””โ”€โ”€ covers/ (uploaded cover images) ``` ### Security Configuration **Rate Limits:** - General requests: 30 requests/minute (burst: 20) - Search endpoint: 30 requests/minute (burst: 10) - Admin panel: 10 requests/minute (burst: 5) **Protected Paths:** - `/database/` - Database files (403) - `/shared/` - PHP libraries (403) - `/data/` - Upload directories (403) - `*.db` files - Database files (403) - `*.md, *.sql, *.sh, *.json` - Sensitive files (403) - Hidden files (`.git`, `.env`, etc.) - (403) **Admin Access:** - Path: `/formulaire/` - Authentication: HTTP Basic Auth - Password file: `/etc/nginx/.htpasswd-posterg` - User: `test_posterg_22@` **Security Headers:** ``` X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: geolocation=(), microphone=(), camera=() ``` --- ## ๐Ÿš€ Deployment Process (For Future Updates) The deployment process has been automated and updated: ### Deploy Code Changes ```bash # Deploy public site just deploy-public # Automatically fixes paths: ../../shared/ โ†’ /shared/ # Deploy admin panel just deploy-admin # Automatically fixes paths: ../../shared/ โ†’ /../shared/ # Deploy both just deploy ``` ### Deploy Nginx Config ```bash # Deploy production nginx configuration just deploy-nginx-production # On server, run deployment script ssh posterg sudo bash /tmp/deploy-production.sh ``` The deployment scripts now automatically: 1. โœ… Copy files to server 2. โœ… Fix PHP include paths 3. โœ… Set correct permissions 4. โœ… Test nginx configuration 5. โœ… Reload services --- ## ๐Ÿงช Testing & Verification ### Automated Tests ```bash # On server cd /var/www/html # Test public site curl -I http://localhost/ # Should: 200 OK # Test admin protection curl -I http://localhost/formulaire/ # Should: 401 Unauthorized # Test security curl -I http://localhost/database/posterg.db # Should: 403 Forbidden curl -I http://localhost/README.md # Should: 403 Forbidden curl -I http://localhost/shared/Database.php # Should: 403 Forbidden ``` ### External Tests ```bash # From your local machine curl -I https://posterg.erg.be/ # Should: 200 OK curl -I https://posterg.erg.be/formulaire/ # Should: 401 ``` ### Browser Tests 1. โœ… Visit https://posterg.erg.be/ - Homepage loads 2. โœ… Search functionality works 3. โœ… Individual thesis pages work 4. โœ… Admin requires password: https://posterg.erg.be/formulaire/ 5. โœ… Can upload files in admin (after login) --- ## ๐Ÿ“Š Monitoring ### Log Files ```bash # Nginx access log tail -f /var/log/nginx/posterg_access.log # Nginx error log tail -f /var/log/nginx/posterg_error.log # PHP error log tail -f /var/www/html/error.log ``` ### Service Status ```bash # Check nginx sudo systemctl status nginx # Check PHP-FPM sudo systemctl status php8.4-fpm # Test nginx config sudo nginx -t ``` --- ## ๐Ÿ” Admin Access ### Login Credentials - **URL:** https://posterg.erg.be/formulaire/ - **Username:** `test_posterg_22@` - **Password:** Set during deployment (stored securely) ### Change Password ```bash ssh posterg sudo htpasswd /etc/nginx/.htpasswd-posterg test_posterg_22@ ``` ### Add Additional Admin Users ```bash ssh posterg sudo htpasswd /etc/nginx/.htpasswd-posterg newusername ``` --- ## ๐Ÿ”„ Maintenance ### Update Website Content ```bash # From local machine just deploy # Content is automatically updated on server ``` ### Reload Nginx (after config changes) ```bash ssh posterg sudo nginx -t # Test configuration sudo systemctl reload nginx # Reload if test passes ``` ### Restart PHP-FPM (if needed) ```bash ssh posterg sudo systemctl restart php8.4-fpm ``` ### Update SSL Certificate SSL/TLS is handled by the upstream reverse proxy. Contact the infrastructure team if certificate renewal is needed. --- ## ๐Ÿ†˜ Troubleshooting ### Site Returns 403 Forbidden **Check file permissions:** ```bash ls -la /var/www/html/index.php # Should show: -rw-r----- theophile posterg ``` **Check nginx user:** ```bash groups www-data # Should show: www-data posterg ``` ### Site Returns 500 Internal Server Error **Check PHP errors:** ```bash tail -f /var/log/nginx/posterg_error.log tail -f /var/www/html/error.log ``` **Check PHP-FPM:** ```bash sudo systemctl status php8.4-fpm sudo systemctl restart php8.4-fpm ``` ### Admin Panel Not Working **Check password file:** ```bash ls -la /etc/nginx/.htpasswd-posterg ``` **Reset password:** ```bash sudo htpasswd /etc/nginx/.htpasswd-posterg test_posterg_22@ ``` ### After Deploying, Site Broken **Check if paths were fixed:** ```bash grep "require_once" /var/www/html/index.php # Should show: __DIR__ . '/shared/Database.php' # NOT: __DIR__ . '/../../shared/Database.php' ``` **Manually fix if needed:** ```bash ssh posterg "cd /var/www/html && sed -i \"s|__DIR__ . '/../../shared/|__DIR__ . '/shared/|g\" *.php" ``` --- ## ๐Ÿ“ž Support Contacts - **Deployment Issues:** Check logs first - **Nginx Config:** `/etc/nginx/sites-available/posterg` - **PHP Config:** `/etc/php/8.4/fpm/pool.d/www.conf` - **Database:** `/var/www/html/database/posterg.db` --- ## โœ… Success Checklist After any deployment, verify: - [ ] Public site loads: https://posterg.erg.be/ - [ ] Search works - [ ] Individual thesis pages work - [ ] Admin requires password - [ ] Admin can log in - [ ] File uploads work (in admin) - [ ] Database is protected (403) - [ ] Sensitive files blocked (403) - [ ] No errors in logs - [ ] Security headers present --- ## ๐Ÿ“š Documentation Files - `posterg-production.conf` - Production nginx configuration - `deploy-production.sh` - Automated deployment script - `PRODUCTION_DEPLOYMENT.md` - Detailed deployment guide - `DEPLOY_NOW.md` - Quick deployment instructions - `DEPLOYMENT_COMPLETE.md` - This file --- **Deployment completed successfully on February 5, 2026** ๐ŸŽ‰