xamxam/docs/SETUP.md

Post-ERG Setup Guide

Complete setup guide for development and production deployment.

Requirements

• PHP 8.4
• SQLite3 (php8.4-sqlite3)
• nginx (production)

Development Setup

1. Initial Setup

just setup

2. Start Development Server

just serve

Access at: http://localhost:8000

3. Run Tests

just test

Production Deployment

First-Time Server Setup

ssh posterg
sudo mkdir -p /var/www/posterg
sudo chown www-data:posterg /var/www/posterg
sudo chmod 775 /var/www/posterg
exit

Deploy Application

just deploy
just deploy-nginx

Set Admin Password

just manage-admin-users
ssh posterg "sudo bash /tmp/manage-admin-users.sh"

Verify Deployment

# Test public site
curl -I https://posterg.erg.be/

# Test admin protection
curl -I https://posterg.erg.be/admin/

# Test file protection
curl -I https://posterg.erg.be/storage/test.db

Nginx Configuration

See nginx/SETUP.md and nginx/docs/PRODUCTION_DEPLOYMENT.md for detailed nginx setup.

Admin Panel

The admin panel is protected by:

1. nginx HTTP Basic Authentication (htpasswd)
2. PHP session authentication

Manage users with:

just manage-admin-users

Database

Initialize Test Database

just init-db

Reset Database

just reset-db

Deploy Test Database to Server

just deploy-db

Common Operations

View Logs

just logs

Stop Development Server

just stop

Run Migrations

just migrate

Security

• Admin panel: HTTP Basic Auth + PHP session
• File uploads: Stored outside webroot, served via media.php
• Rate limiting: 30 req/min general, 10 req/min admin
• Security headers: X-Frame-Options, CSP, HSTS, etc.

See nginx/docs/SECURITY_HEADERS.md for details.