# Nginx Deployment Guide for ospab.host

## Prerequisites

- Ubuntu 20.04+ или Debian 11+
- Nginx 1.18+
- Node.js 18+
- PM2 (для управления процессами)
- Certbot (для SSL)

## Installation

### 1. Install Nginx

```bash
sudo apt update
sudo apt install nginx -y
```

### 2. Install Certbot

```bash
sudo apt install certbot python3-certbot-nginx -y
```

### 3. Setup SSL Certificate

```bash
# Stop nginx temporarily
sudo systemctl stop nginx

# Get certificate
sudo certbot certonly --standalone -d ospab.host -d www.ospab.host

# Restart nginx
sudo systemctl start nginx
```

### 4. Deploy Nginx Configuration

```bash
# Copy config
sudo cp nginx.conf /etc/nginx/sites-available/ospab.host

# Create symlink
sudo ln -s /etc/nginx/sites-available/ospab.host /etc/nginx/sites-enabled/

# Remove default config
sudo rm /etc/nginx/sites-enabled/default

# Test configuration
sudo nginx -t

# Reload nginx
sudo systemctl reload nginx
```

### 5. Deploy Application

```bash
# Create deployment directory
sudo mkdir -p /var/www/ospab.host

# Clone repository
cd /var/www/ospab.host
git clone https://github.com/YOUR_REPO/ospabhost8.1.git .

# Build frontend
cd frontend
npm install
npm run build

# Build backend
cd ../backend
npm install
npm run build

# Start backend with PM2
pm2 start dist/index.js --name "ospab-backend"
pm2 save
pm2 startup
```

## Directory Structure

```
/var/www/ospab.host/
├── frontend/
│   └── dist/           # React SPA build output
├── backend/
│   ├── dist/           # Compiled TypeScript
│   └── uploads/        # Uploaded files
└── nginx.conf          # Nginx configuration
```

## Useful Commands

```bash
# Check nginx status
sudo systemctl status nginx

# Reload nginx config
sudo nginx -t && sudo systemctl reload nginx

# View logs
sudo tail -f /var/log/nginx/ospab.host.access.log
sudo tail -f /var/log/nginx/ospab.host.error.log

# PM2 commands
pm2 status
pm2 logs ospab-backend
pm2 restart ospab-backend

# Renew SSL certificate
sudo certbot renew --dry-run
```

## Rate Limiting

- API endpoints: 10 requests/second (burst 20)
- Login/Register: 5 requests/minute (burst 5)

## Security Features

- HSTS enabled
- XSS Protection
- Frame Options (SAMEORIGIN)
- Content-Type sniffing prevention
- Blocked access to .git, .env, node_modules
- Blocked sensitive file extensions (.sql, .bak, .log)

## SSL Auto-Renewal

Add to crontab:

```bash
sudo crontab -e
# Add line:
0 12 * * * /usr/bin/certbot renew --quiet
```

## Troubleshooting

### 502 Bad Gateway
- Check if backend is running: `pm2 status`
- Check backend logs: `pm2 logs ospab-backend`

### 504 Gateway Timeout
- Increase `proxy_read_timeout` in nginx config
- Check backend performance

### SSL Issues
- Check certificate: `sudo certbot certificates`
- Renew if needed: `sudo certbot renew`