xamxam/nginx/SETUP.md

Nginx Setup for Post-ERG

Complete setup guide for nginx with security features and password protection.

Prerequisites

• Ubuntu/Debian server with root access
• Nginx installed
• PHP-FPM installed (PHP 8.4)
• Domain name pointed to your server

Quick Setup (Recommended)

1. Deploy from your local machine

just deploy-nginx

2. Apply on the server

ssh posterg
sudo bash /tmp/deploy-server.sh
sudo systemctl reload nginx

3. Set admin password (first time only)

just manage-admin-users
ssh posterg "sudo bash /tmp/manage-admin-users.sh"

Manual Setup Steps

1. Install Required Packages

sudo apt update
sudo apt install nginx apache2-utils php8.4-fpm

2. Create Admin Password

just manage-admin-users
# Then on the server:
ssh posterg "sudo bash /tmp/manage-admin-users.sh"

3. Copy Nginx Configuration

sudo cp nginx/posterg.conf /etc/nginx/sites-available/posterg
sudo ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default

4. Test and Reload

sudo nginx -t
sudo systemctl reload nginx
sudo systemctl status nginx

Testing

Test Admin Authentication

# Should return 401
curl -I https://posterg.erg.be/admin/

# With credentials
curl -u admin:password https://posterg.erg.be/admin/

Test File Protection

# Should return 403
curl -I https://posterg.erg.be/storage/test.db
curl -I https://posterg.erg.be/src/Database.php

Test Security Headers

curl -I https://posterg.erg.be/ | grep -E "X-|Strict-Transport"

Troubleshooting

403 Forbidden on admin

sudo ls -l /etc/nginx/.htpasswd-posterg
sudo chmod 644 /etc/nginx/.htpasswd-posterg

502 Bad Gateway

sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm

Configuration errors

sudo nginx -t

Maintenance

Change Admin Password

sudo htpasswd /etc/nginx/.htpasswd-posterg admin

Reload Configuration

sudo nginx -t && sudo systemctl reload nginx

See Also

• docs/PRODUCTION_DEPLOYMENT.md - Detailed deployment
• docs/QUICK_REFERENCE.md - Command reference
• docs/ADMIN_USERS.md - User management