xamxam/SETUP.md

# Post-ERG Setup Guide

Complete setup guide for development and production deployment.

## Requirements

- PHP 8.4
- SQLite3 (`php8.4-sqlite3`)
- nginx (production)

## Development Setup

### 1. Initial Setup

```bash
just setup
```

### 2. Start Development Server

```bash
just serve
```

Access at: http://localhost:8000

### 3. Run Tests

```bash
just test
```

## Production Deployment

### First-Time Server Setup

```bash
ssh posterg
sudo mkdir -p /var/www/posterg
sudo chown www-data:posterg /var/www/posterg
sudo chmod 775 /var/www/posterg
exit
```

### Deploy Application

```bash
just deploy
just deploy-nginx
```

### Set Admin Password

```bash
just manage-admin-users
ssh posterg "sudo bash /tmp/manage-admin-users.sh"
```

### Verify Deployment

```bash
# Test public site
curl -I https://posterg.erg.be/

# Test admin protection
curl -I https://posterg.erg.be/admin/

# Test file protection
curl -I https://posterg.erg.be/storage/test.db
```

## Nginx Configuration

See `nginx/SETUP.md` and `nginx/docs/PRODUCTION_DEPLOYMENT.md` for detailed nginx setup.

## Admin Panel

The admin panel is protected by:
1. nginx HTTP Basic Authentication (htpasswd)
2. PHP session authentication

Manage users with:
```bash
just manage-admin-users
```

## Database

### Initialize Test Database

```bash
just init-db
```

### Reset Database

```bash
just reset-db
```

### Deploy Test Database to Server

```bash
just deploy-db
```

## Common Operations

### View Logs

```bash
just logs
```

### Stop Development Server

```bash
just stop
```

### Run Migrations

```bash
just migrate
```

## Security

- Admin panel: HTTP Basic Auth + PHP session
- File uploads: Stored outside webroot, served via `media.php`
- Rate limiting: 30 req/min general, 10 req/min admin
- Security headers: X-Frame-Options, CSP, HSTS, etc.

See `nginx/docs/SECURITY_HEADERS.md` for details.