PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-07 03:29:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8d115dc96504e89f91f3c8400f7e1368bf23270a
xamxam/nginx/README.md

2.9 KiB
Raw Blame History

Nginx Configuration - Post-ERG

This directory contains nginx configuration and documentation for the Post-ERG thesis website.

📁 Files

  • xamxam.conf - Complete nginx configuration file
  • docs/ - Documentation
    • PRODUCTION_DEPLOYMENT.md - Deployment guide
    • QUICK_REFERENCE.md - Command reference
    • ADMIN_USERS.md - User management
    • SECURITY_HEADERS.md - Security headers reference
    • PHP_AUTH_LAYER.md - Authentication layer documentation
    • HTACCESS_TO_NGINX.md - Apache to nginx migration notes
    • TEST_DATABASE_SETUP.md - Test database deployment

🚀 Quick Start

Deploy nginx configuration

# From your local machine
just deploy-nginx

# Then on the server:
ssh xamxam
sudo bash /tmp/deploy-server.sh

The deployment script will:

  • Fix file permissions (www-data:xamxam)
  • Install nginx configuration
  • Test and reload nginx
  • Verify PHP-FPM is running

Manage admin users

just manage-admin-users
ssh xamxam "sudo bash /tmp/manage-admin-users.sh"

🔒 Security Features

Admin Panel Protection

  • Password required for /admin/
  • HTTP Basic Authentication
  • Rate limited: 10 requests/minute

File Access Protection

  • Database files (.db) - BLOCKED
  • Sensitive files (.md, .sql, .env) - BLOCKED
  • /src directory - BLOCKED
  • /templates directory - BLOCKED
  • /config directory - BLOCKED
  • /storage directory - BLOCKED
  • Hidden files (.git, etc.) - BLOCKED

Rate Limiting

  • General requests: 30/minute
  • Search endpoint: 30/minute
  • Admin panel: 10/minute

Security Headers

  • X-Frame-Options (clickjacking protection)
  • X-Content-Type-Options (MIME sniffing protection)
  • Strict-Transport-Security (force HTTPS)
  • Referrer-Policy (referrer control)
  • Permissions-Policy (disable browser features)

📚 Documentation

🧪 Testing

# Test admin authentication
curl -I https://xamxam.erg.be/admin/

# Test file protection
curl -I https://xamxam.erg.be/storage/test.db

# Test security headers
curl -I https://xamxam.erg.be/ | grep -E "X-|Strict-Transport"

🆘 Quick Help

Admin can't log in

sudo htpasswd /etc/nginx/.htpasswd-xamxam admin

502 Bad Gateway

sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm

Configuration errors

sudo nginx -t

📊 Monitoring

# Watch logs
sudo tail -f /var/log/nginx/xamxam_access.log
sudo tail -f /var/log/nginx/xamxam_error.log

# Check nginx status
sudo systemctl status nginx
Reference in New Issue View Git Blame Copy Permalink