PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
507f3eb704547e7c75d16ec5c4966c3205dc5f74
xamxam/nginx/README.md
Pontoporeia 507f3eb704 Consolidate nginx docs and scripts, update paths
2026-04-15 14:24:44 +02:00

124 lines
3.1 KiB
Markdown
Raw Blame History

# Nginx Configuration - Post-ERG
This directory contains nginx configuration and documentation for the Post-ERG thesis website.
## 📁 Files
- **`posterg.conf`** - Complete nginx configuration file
- **`scripts/`** - Server setup scripts
- `setup-password.sh` - Create admin passwords
- `install-php-sqlite.sh` - Install PHP SQLite extension
- `fix-paths.sh` - Fix PHP include paths
- **`docs/`** - Documentation
- `PRODUCTION_DEPLOYMENT.md` - Deployment guide
- `QUICK_REFERENCE.md` - Command reference
- `ADMIN_USERS.md` - User management
- `SECURITY_HEADERS.md` - Security headers reference
- `PHP_AUTH_LAYER.md` - Authentication layer documentation
- `HTACCESS_TO_ NGINX.md` - Apache to nginx migration notes
- `TEST_DATABASE_SETUP.md` - Test database deployment
## 🚀 Quick Start
### Deploy nginx configuration
```bash
# From your local machine
just deploy-nginx
# Then on the server:
ssh posterg
sudo bash /tmp/deploy-server.sh
sudo systemctl reload nginx
```
The deployment script will:
- ✅ Fix file permissions (www-data:posterg)
- ✅ Install nginx configuration
- ✅ Test and reload nginx
- ✅ Verify PHP-FPM is running
### Manage admin users
```bash
just manage-admin-users
ssh posterg "sudo bash /tmp/manage-admin-users.sh"
```
## 🔒 Security Features
### Admin Panel Protection
- **Password required** for `/admin/`
- HTTP Basic Authentication
- Rate limited: 10 requests/minute
### File Access Protection
- Database files (`.db`) - **BLOCKED**
- Sensitive files (`.md`, `.sql`, `.env`) - **BLOCKED**
- `/src` directory - **BLOCKED**
- `/templates` directory - **BLOCKED**
- `/config` directory - **BLOCKED**
- `/storage` directory - **BLOCKED**
- Hidden files (`.git`, etc.) - **BLOCKED**
### Rate Limiting
- General requests: 30/minute
- Search endpoint: 30/minute
- Admin panel: 10/minute
### Security Headers
- ✅ X-Frame-Options (clickjacking protection)
- ✅ X-Content-Type-Options (MIME sniffing protection)
- ✅ Strict-Transport-Security (force HTTPS)
- ✅ Referrer-Policy (referrer control)
- ✅ Permissions-Policy (disable browser features)
## 📚 Documentation
- **[docs/PRODUCTION_DEPLOYMENT.md](docs/PRODUCTION_DEPLOYMENT.md)** - Complete deployment guide
- **[docs/QUICK_REFERENCE.md](docs/QUICK_REFERENCE.md)** - Command reference and troubleshooting
- **[docs/ADMIN_USERS.md](docs/ADMIN_USERS.md)** - Admin user management
- **[docs/SECURITY_HEADERS.md](docs/SECURITY_HEADERS.md)** - Security headers reference
## 🧪 Testing
```bash
# Test admin authentication
curl -I https://posterg.erg.be/admin/
# Test file protection
curl -I https://posterg.erg.be/storage/test.db
# Test security headers
curl -I https://posterg.erg.be/ | grep -E "X-|Strict-Transport"
```
## 🆘 Quick Help
### Admin can't log in
```bash
sudo htpasswd /etc/nginx/.htpasswd-posterg admin
```
### 502 Bad Gateway
```bash
sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm
```
### Configuration errors
```bash
sudo nginx -t
```
## 📊 Monitoring
```bash
# Watch logs
sudo tail -f /var/log/nginx/posterg_access.log
sudo tail -f /var/log/nginx/posterg_error.log
# Check nginx status
sudo systemctl status nginx
```
Reference in New Issue View Git Blame Copy Permalink