english version update

ospabhost/NGINX_DEPLOY.md

@@ -0,0 +1,154 @@
+# Nginx Deployment Guide for ospab.host
+
+## Prerequisites
+
+- Ubuntu 20.04+ или Debian 11+
+- Nginx 1.18+
+- Node.js 18+
+- PM2 (для управления процессами)
+- Certbot (для SSL)
+
+## Installation
+
+### 1. Install Nginx
+
+```bash
+sudo apt update
+sudo apt install nginx -y
+```
+
+### 2. Install Certbot
+
+```bash
+sudo apt install certbot python3-certbot-nginx -y
+```
+
+### 3. Setup SSL Certificate
+
+```bash
+# Stop nginx temporarily
+sudo systemctl stop nginx
+
+# Get certificate
+sudo certbot certonly --standalone -d ospab.host -d www.ospab.host
+
+# Restart nginx
+sudo systemctl start nginx
+```
+
+### 4. Deploy Nginx Configuration
+
+```bash
+# Copy config
+sudo cp nginx.conf /etc/nginx/sites-available/ospab.host
+
+# Create symlink
+sudo ln -s /etc/nginx/sites-available/ospab.host /etc/nginx/sites-enabled/
+
+# Remove default config
+sudo rm /etc/nginx/sites-enabled/default
+
+# Test configuration
+sudo nginx -t
+
+# Reload nginx
+sudo systemctl reload nginx
+```
+
+### 5. Deploy Application
+
+```bash
+# Create deployment directory
+sudo mkdir -p /var/www/ospab.host
+
+# Clone repository
+cd /var/www/ospab.host
+git clone https://github.com/YOUR_REPO/ospabhost8.1.git .
+
+# Build frontend
+cd frontend
+npm install
+npm run build
+
+# Build backend
+cd ../backend
+npm install
+npm run build
+
+# Start backend with PM2
+pm2 start dist/index.js --name "ospab-backend"
+pm2 save
+pm2 startup
+```
+
+## Directory Structure
+
+```
+/var/www/ospab.host/
+├── frontend/
+│   └── dist/           # React SPA build output
+├── backend/
+│   ├── dist/           # Compiled TypeScript
+│   └── uploads/        # Uploaded files
+└── nginx.conf          # Nginx configuration
+```
+
+## Useful Commands
+
+```bash
+# Check nginx status
+sudo systemctl status nginx
+
+# Reload nginx config
+sudo nginx -t && sudo systemctl reload nginx
+
+# View logs
+sudo tail -f /var/log/nginx/ospab.host.access.log
+sudo tail -f /var/log/nginx/ospab.host.error.log
+
+# PM2 commands
+pm2 status
+pm2 logs ospab-backend
+pm2 restart ospab-backend
+
+# Renew SSL certificate
+sudo certbot renew --dry-run
+```
+
+## Rate Limiting
+
+- API endpoints: 10 requests/second (burst 20)
+- Login/Register: 5 requests/minute (burst 5)
+
+## Security Features
+
+- HSTS enabled
+- XSS Protection
+- Frame Options (SAMEORIGIN)
+- Content-Type sniffing prevention
+- Blocked access to .git, .env, node_modules
+- Blocked sensitive file extensions (.sql, .bak, .log)
+
+## SSL Auto-Renewal
+
+Add to crontab:
+
+```bash
+sudo crontab -e
+# Add line:
+0 12 * * * /usr/bin/certbot renew --quiet
+```
+
+## Troubleshooting
+
+### 502 Bad Gateway
+- Check if backend is running: `pm2 status`
+- Check backend logs: `pm2 logs ospab-backend`
+
+### 504 Gateway Timeout
+- Increase `proxy_read_timeout` in nginx config
+- Check backend performance
+
+### SSL Issues
+- Check certificate: `sudo certbot certificates`
+- Renew if needed: `sudo certbot renew`