PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 08:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d588ae004d459fc73a308ace36ca1aae9d5c002c
xamxam/nginx/README.md
Pontoporeia d588ae004d Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
2026-06-15 15:56:52 +02:00

109 lines
2.8 KiB
Markdown
Raw Blame History

# Nginx Configuration - Post-ERG
This directory contains nginx configuration and documentation for the Post-ERG thesis website.
## 📁 Files
- **`xamxam.conf`** - Complete nginx configuration file
- **`docs/`** - Documentation
- `PRODUCTION_DEPLOYMENT.md` - Deployment guide
- `QUICK_REFERENCE.md` - Command reference
- `SECURITY_HEADERS.md` - Security headers reference
- `PHP_AUTH_LAYER.md` - Authentication layer documentation
- `HTACCESS_TO_NGINX.md` - Apache to nginx migration notes
- `TEST_DATABASE_SETUP.md` - Test database deployment
## 🚀 Quick Start
### Deploy nginx configuration
```bash
# From your local machine
just deploy-nginx
# Then on the server:
ssh xamxam
sudo bash /tmp/deploy-server.sh
```
The deployment script will:
- ✅ Fix file permissions (www-data:xamxam)
- ✅ Install nginx configuration
- ✅ Test and reload nginx
- ✅ Verify PHP-FPM is running
### Manage admin password
The admin password is managed via the admin panel at `/admin/parametres` → Account tab.
## 🔒 Security Features
### Admin Panel Protection
- **Password required** for `/admin/` (password-only, no username)
- PHP session-based authentication (`AdminAuth`)
- Rate limited: 300 req/min, burst=30
### File Access Protection
- Database files (`.db`) - **BLOCKED**
- Sensitive files (`.md`, `.sql`, `.env`) - **BLOCKED**
- `/src` directory - **BLOCKED**
- `/templates` directory - **BLOCKED**
- `/config` directory - **BLOCKED**
- `/storage` directory - **BLOCKED**
- Hidden files (`.git`, etc.) - **BLOCKED**
### Rate Limiting
- General requests: 30/minute
- Search endpoint: 30/minute
- Admin panel: 300 req/min (burst=30)
### Security Headers
- ✅ X-Frame-Options (clickjacking protection)
- ✅ X-Content-Type-Options (MIME sniffing protection)
- ✅ Strict-Transport-Security (force HTTPS)
- ✅ Referrer-Policy (referrer control)
- ✅ Permissions-Policy (disable browser features)
## 📚 Documentation
- **[docs/PRODUCTION_DEPLOYMENT.md](docs/PRODUCTION_DEPLOYMENT.md)** - Complete deployment guide
- **[docs/QUICK_REFERENCE.md](docs/QUICK_REFERENCE.md)** - Command reference and troubleshooting
- **[docs/SECURITY_HEADERS.md](docs/SECURITY_HEADERS.md)** - Security headers reference
## 🧪 Testing
```bash
# Test admin authentication
curl -I https://xamxam.erg.be/admin/
# Test file protection
curl -I https://xamxam.erg.be/storage/test.db
# Test security headers
curl -I https://xamxam.erg.be/ | grep -E "X-|Strict-Transport"
```
## 🆘 Quick Help
### 502 Bad Gateway
```bash
sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm
```
### Configuration errors
```bash
sudo nginx -t
```
## 📊 Monitoring
```bash
# Watch logs
sudo tail -f /var/log/nginx/xamxam_access.log
sudo tail -f /var/log/nginx/xamxam_error.log
# Check nginx status
sudo systemctl status nginx
```
Reference in New Issue View Git Blame Copy Permalink