PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cca3d08f058f984a948c8637b3411c2060dcedb3
xamxam/nginx/SETUP.md
Pontoporeia d588ae004d Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
2026-06-15 15:56:52 +02:00

120 lines
2.3 KiB
Markdown
Raw Blame History

# Nginx Setup for Post-ERG
Complete setup guide for nginx with security features and password protection.
## Prerequisites
- Ubuntu/Debian server with root access
- Nginx installed
- PHP-FPM installed (PHP 8.4)
- Domain name pointed to your server
## Quick Setup (Recommended)
### 1. Deploy from your local machine
```bash
just deploy-nginx
```
### 2. Apply on the server
```bash
ssh xamxam
sudo bash /tmp/deploy-server.sh
```
### 3. Set admin password (first time only)
Visit `/admin/parametres` → Account tab and set the admin password there.
## Manual Setup Steps
### 1. Install Required Packages
```bash
sudo apt update
sudo apt install nginx php8.4-fpm php8.4-curl php8.4-sqlite3
```
### 2. Set admin password
Visit `/admin/parametres` → Account tab in the admin panel to set the password.
Or generate a hash and insert it directly:
```bash
php -r "echo password_hash('your-secret-password', PASSWORD_BCRYPT);"
```
### 3. Copy Nginx Configuration
```bash
sudo cp nginx/xamxam.conf /etc/nginx/sites-available/xamxam
sudo ln -s /etc/nginx/sites-available/xamxam /etc/nginx/sites-enabled/
sudo rm -f /etc/nginx/sites-enabled/default
```
### 4. Test and Reload
```bash
sudo nginx -t
sudo systemctl reload nginx
sudo systemctl status nginx
```
## Testing
### Test Admin Authentication
```bash
# Should redirect to login page (302)
curl -I https://xamxam.erg.be/admin/
```
### Test File Protection
```bash
# Should return 403
curl -I https://xamxam.erg.be/storage/test.db
curl -I https://xamxam.erg.be/src/Database.php
```
### Test Security Headers
```bash
curl -I https://xamxam.erg.be/ | grep -E "X-|Strict-Transport"
```
## Troubleshooting
### 502 Bad Gateway
```bash
sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm
```
### Configuration errors
```bash
sudo nginx -t
```
## Maintenance
### Change Admin Password
Visit `/admin/parametres` → Account tab or generate a new hash:
```bash
php -r "echo password_hash('new-password', PASSWORD_BCRYPT);"
```
### Reload Configuration
```bash
sudo nginx -t && sudo systemctl reload nginx
```
## See Also
- **[docs/PRODUCTION_DEPLOYMENT.md](docs/PRODUCTION_DEPLOYMENT.md)** - Detailed deployment
- **[docs/QUICK_REFERENCE.md](docs/QUICK_REFERENCE.md)** - Command reference
- **[docs/PHP_AUTH_LAYER.md](docs/PHP_AUTH_LAYER.md)** - Auth layer documentation
Reference in New Issue View Git Blame Copy Permalink