xamxam/nginx/README.md

Nginx Configuration - Post-ERG

This directory contains nginx configuration and setup scripts for the Post-ERG thesis website.

📁 Files

• posterg.conf - Complete nginx configuration file
• setup-password.sh - Script to create admin passwords
• SETUP.md - Detailed setup instructions
• QUICK_REFERENCE.md - Command reference and troubleshooting

🚀 Quick Start

1. Deploy nginx configuration (automated)

# From your local machine
just deploy-nginx

# Then on the server:
ssh posterg
sudo bash /tmp/deploy-production.sh

The deployment script will:

• ✅ Fix file permissions (posterg group)
• ✅ Set up admin password (if needed)
• ✅ Install nginx configuration
• ✅ Test and reload nginx
• ✅ Verify PHP-FPM is running

2. SSL/TLS

SSL/TLS is handled by the upstream reverse proxy and is already working. No additional SSL setup is needed on this server.

🔒 Security Features

Admin Panel Protection

• Password required for /formulaire/ (admin panel)
• HTTP Basic Authentication
• Rate limited: 10 requests/minute

File Access Protection

• Database files (.db) - BLOCKED
• Sensitive files (.md, .sql, .env) - BLOCKED
• Shared directory - BLOCKED
• Tests directory - BLOCKED
• Cache directory - BLOCKED
• Hidden files (.git, etc.) - BLOCKED

Rate Limiting

• General requests: 30/minute
• Search endpoint: 30/minute
• Admin panel: 10/minute

Security Headers

• ✅ X-Frame-Options (clickjacking protection)
• ✅ X-Content-Type-Options (MIME sniffing protection)
• ✅ X-XSS-Protection (XSS filter)
• ✅ Strict-Transport-Security (force HTTPS)
• ✅ Referrer-Policy (referrer control)
• ✅ Permissions-Policy (disable browser features)

SSL/TLS

• TLS 1.2 and 1.3 only
• Strong cipher suites
• OCSP stapling
• HSTS enabled

📚 Documentation

• SETUP.md - Complete setup guide

  • Installation steps
  • Configuration details
  • Testing procedures
  • Troubleshooting
  • Performance tuning
  • Security checklist

• QUICK_REFERENCE.md - Command reference

  • Common operations
  • Password management
  • Nginx control
  • Log viewing
  • Testing commands
  • Troubleshooting

🧪 Testing

Test your configuration:

# Test admin authentication
curl -I https://posterg.erg.be/formulaire/

# Test file protection
curl -I https://posterg.erg.be/storage/posterg.db

# Test security headers
curl -I https://posterg.erg.be/ | grep -E "X-|Strict-Transport"

🆘 Quick Help

Admin can't log in

# Reset password
sudo htpasswd /etc/nginx/.htpasswd-posterg admin

502 Bad Gateway

# Check PHP-FPM
sudo systemctl status php8.2-fpm
sudo systemctl restart php8.2-fpm

Configuration errors

# Test and show errors
sudo nginx -t

📊 Monitoring

# Watch access logs
sudo tail -f /var/log/nginx/posterg_access.log

# Watch error logs
sudo tail -f /var/log/nginx/posterg_error.log

# Check nginx status
sudo systemctl status nginx

🔄 Maintenance

Change admin password

sudo htpasswd /etc/nginx/.htpasswd-posterg admin

Reload after config changes

sudo nginx -t && sudo systemctl reload nginx

Renew SSL certificate

sudo certbot renew

📞 Support

For detailed instructions, see:

• SETUP.md - Complete setup guide
• QUICK_REFERENCE.md - Command reference

For issues:

1. Check nginx error logs: sudo tail /var/log/nginx/posterg_error.log
2. Test configuration: sudo nginx -t
3. Check PHP-FPM: sudo systemctl status php8.2-fpm