PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 08:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d588ae004d459fc73a308ace36ca1aae9d5c002c
xamxam/nginx/README.md
Pontoporeia d588ae004d Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
2026-06-15 15:56:52 +02:00

2.8 KiB
Raw Blame History

Nginx Configuration - Post-ERG

This directory contains nginx configuration and documentation for the Post-ERG thesis website.

📁 Files

  • xamxam.conf - Complete nginx configuration file
  • docs/ - Documentation
    • PRODUCTION_DEPLOYMENT.md - Deployment guide
    • QUICK_REFERENCE.md - Command reference
    • SECURITY_HEADERS.md - Security headers reference
    • PHP_AUTH_LAYER.md - Authentication layer documentation
    • HTACCESS_TO_NGINX.md - Apache to nginx migration notes
    • TEST_DATABASE_SETUP.md - Test database deployment

🚀 Quick Start

Deploy nginx configuration

# From your local machine
just deploy-nginx

# Then on the server:
ssh xamxam
sudo bash /tmp/deploy-server.sh

The deployment script will:

  • Fix file permissions (www-data:xamxam)
  • Install nginx configuration
  • Test and reload nginx
  • Verify PHP-FPM is running

Manage admin password

The admin password is managed via the admin panel at /admin/parametres → Account tab.

🔒 Security Features

Admin Panel Protection

  • Password required for /admin/ (password-only, no username)
  • PHP session-based authentication (AdminAuth)
  • Rate limited: 300 req/min, burst=30

File Access Protection

  • Database files (.db) - BLOCKED
  • Sensitive files (.md, .sql, .env) - BLOCKED
  • /src directory - BLOCKED
  • /templates directory - BLOCKED
  • /config directory - BLOCKED
  • /storage directory - BLOCKED
  • Hidden files (.git, etc.) - BLOCKED

Rate Limiting

  • General requests: 30/minute
  • Search endpoint: 30/minute
  • Admin panel: 300 req/min (burst=30)

Security Headers

  • X-Frame-Options (clickjacking protection)
  • X-Content-Type-Options (MIME sniffing protection)
  • Strict-Transport-Security (force HTTPS)
  • Referrer-Policy (referrer control)
  • Permissions-Policy (disable browser features)

📚 Documentation

🧪 Testing

# Test admin authentication
curl -I https://xamxam.erg.be/admin/

# Test file protection
curl -I https://xamxam.erg.be/storage/test.db

# Test security headers
curl -I https://xamxam.erg.be/ | grep -E "X-|Strict-Transport"

🆘 Quick Help

502 Bad Gateway

sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm

Configuration errors

sudo nginx -t

📊 Monitoring

# Watch logs
sudo tail -f /var/log/nginx/xamxam_access.log
sudo tail -f /var/log/nginx/xamxam_error.log

# Check nginx status
sudo systemctl status nginx
Reference in New Issue View Git Blame Copy Permalink