# Nginx Configuration - Post-ERG This directory contains nginx configuration and setup scripts for the Post-ERG thesis website. ## ๐Ÿ“ Files - **`posterg.conf`** - Complete nginx configuration file - **`setup-password.sh`** - Script to create admin passwords - **`SETUP.md`** - Detailed setup instructions - **`QUICK_REFERENCE.md`** - Command reference and troubleshooting ## ๐Ÿš€ Quick Start ### 1. Deploy nginx configuration (automated) ```bash # From your local machine just deploy-nginx # Then on the server: ssh posterg sudo bash /tmp/deploy-production.sh ``` The deployment script will: - โœ… Fix file permissions (posterg group) - โœ… Set up admin password (if needed) - โœ… Install nginx configuration - โœ… Test and reload nginx - โœ… Verify PHP-FPM is running ### 2. SSL/TLS SSL/TLS is handled by the upstream reverse proxy and is already working. No additional SSL setup is needed on this server. ## ๐Ÿ”’ Security Features ### Admin Panel Protection - **Password required** for `/formulaire/` (admin panel) - HTTP Basic Authentication - Rate limited: 10 requests/minute ### File Access Protection - Database files (`.db`) - **BLOCKED** - Sensitive files (`.md`, `.sql`, `.env`) - **BLOCKED** - Shared directory - **BLOCKED** - Tests directory - **BLOCKED** - Cache directory - **BLOCKED** - Hidden files (`.git`, etc.) - **BLOCKED** ### Rate Limiting - General requests: 30/minute - Search endpoint: 30/minute - Admin panel: 10/minute ### Security Headers - โœ… X-Frame-Options (clickjacking protection) - โœ… X-Content-Type-Options (MIME sniffing protection) - โœ… X-XSS-Protection (XSS filter) - โœ… Strict-Transport-Security (force HTTPS) - โœ… Referrer-Policy (referrer control) - โœ… Permissions-Policy (disable browser features) ### SSL/TLS - TLS 1.2 and 1.3 only - Strong cipher suites - OCSP stapling - HSTS enabled ## ๐Ÿ“š Documentation - **[SETUP.md](SETUP.md)** - Complete setup guide - Installation steps - Configuration details - Testing procedures - Troubleshooting - Performance tuning - Security checklist - **[QUICK_REFERENCE.md](QUICK_REFERENCE.md)** - Command reference - Common operations - Password management - Nginx control - Log viewing - Testing commands - Troubleshooting ## ๐Ÿงช Testing Test your configuration: ```bash # Test admin authentication curl -I https://posterg.erg.be/formulaire/ # Test file protection curl -I https://posterg.erg.be/storage/posterg.db # Test security headers curl -I https://posterg.erg.be/ | grep -E "X-|Strict-Transport" ``` ## ๐Ÿ†˜ Quick Help ### Admin can't log in ```bash # Reset password sudo htpasswd /etc/nginx/.htpasswd-posterg admin ``` ### 502 Bad Gateway ```bash # Check PHP-FPM sudo systemctl status php8.2-fpm sudo systemctl restart php8.2-fpm ``` ### Configuration errors ```bash # Test and show errors sudo nginx -t ``` ## ๐Ÿ“Š Monitoring ```bash # Watch access logs sudo tail -f /var/log/nginx/posterg_access.log # Watch error logs sudo tail -f /var/log/nginx/posterg_error.log # Check nginx status sudo systemctl status nginx ``` ## ๐Ÿ”„ Maintenance ### Change admin password ```bash sudo htpasswd /etc/nginx/.htpasswd-posterg admin ``` ### Reload after config changes ```bash sudo nginx -t && sudo systemctl reload nginx ``` ### Renew SSL certificate ```bash sudo certbot renew ``` ## ๐Ÿ“ž Support For detailed instructions, see: - **SETUP.md** - Complete setup guide - **QUICK_REFERENCE.md** - Command reference For issues: 1. Check nginx error logs: `sudo tail /var/log/nginx/posterg_error.log` 2. Test configuration: `sudo nginx -t` 3. Check PHP-FPM: `sudo systemctl status php8.2-fpm`