xamxam/nginx/SETUP.md

Nginx Setup for Post-ERG

Complete setup guide for nginx with security features and password protection.

Prerequisites

• Ubuntu/Debian server with root access
• Nginx installed
• PHP-FPM installed (PHP 8.4)
• Domain name pointed to your server

Quick Setup (Recommended)

1. Deploy from your local machine

just deploy-nginx

2. Apply on the server

ssh xamxam
sudo bash /tmp/deploy-server.sh

3. Set admin password (first time only)

Visit /admin/parametres → Account tab and set the admin password there.

Manual Setup Steps

1. Install Required Packages

sudo apt update
sudo apt install nginx php8.4-fpm php8.4-curl php8.4-sqlite3

2. Set admin password

Visit /admin/parametres → Account tab in the admin panel to set the password.

Or generate a hash and insert it directly:

php -r "echo password_hash('your-secret-password', PASSWORD_BCRYPT);"

3. Copy Nginx Configuration

sudo cp nginx/xamxam.conf /etc/nginx/sites-available/xamxam
sudo ln -s /etc/nginx/sites-available/xamxam /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default

4. Test and Reload

sudo nginx -t
sudo systemctl reload nginx
sudo systemctl status nginx

Testing

Test Admin Authentication

# Should redirect to login page (302)
curl -I https://xamxam.erg.be/admin/

Test File Protection

# Should return 403
curl -I https://xamxam.erg.be/storage/test.db
curl -I https://xamxam.erg.be/src/Database.php

Test Security Headers

curl -I https://xamxam.erg.be/ | grep -E "X-|Strict-Transport"

Troubleshooting

502 Bad Gateway

sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm

Configuration errors

sudo nginx -t

Maintenance

Change Admin Password

Visit /admin/parametres → Account tab or generate a new hash:

php -r "echo password_hash('new-password', PASSWORD_BCRYPT);"

Reload Configuration

sudo nginx -t && sudo systemctl reload nginx

See Also

• docs/PRODUCTION_DEPLOYMENT.md - Detailed deployment
• docs/QUICK_REFERENCE.md - Command reference
• docs/PHP_AUTH_LAYER.md - Auth layer documentation