Added support for Nginx and Apache2 in manual install

docs/apache2/cp.conf

@@ -0,0 +1,49 @@
+<VirtualHost *:443>
+    ServerName cp.example.com
+
+    DocumentRoot /var/www/cp/public
+    
+    <Directory "/var/www/cp/public">
+        Options -Indexes +FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        # Enable rewrite engine
+        RewriteEngine On
+
+        # Forward all requests not pointing directly to files or directories to index.php
+        # and append the query string
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteCond %{REQUEST_FILENAME} !-d
+        RewriteRule ^ index.php [QSA,L]
+    </Directory>
+
+    # PHP via FastCGI for main site
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+
+    # PHP via FastCGI specifically for Adminer
+    Alias /adminer /usr/share/adminer
+    <Directory /usr/share/adminer>
+        <Files adminer.php>
+            SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
+        </Files>
+    </Directory>
+
+    # Gzip Encoding
+    AddOutputFilterByType DEFLATE text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
+
+    # Security Headers
+    Header always unset Server
+    Header always set Referrer-Policy "same-origin"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "DENY"
+    Header always set X-XSS-Protection "1; mode=block"
+    #Header always set Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; worker-src 'none'; frame-src 'none';"
+
+    # Log configuration
+    CustomLog /var/log/apache2/cp_access.log combined
+    ErrorLog /var/log/apache2/cp_error.log
+</VirtualHost>

docs/apache2/rdap.conf

@@ -0,0 +1,23 @@
+<VirtualHost *:443>
+    ServerName rdap.example.com
+
+    # Reverse Proxy to localhost:7500
+    ProxyPass / http://localhost:7500/
+    ProxyPassReverse / http://localhost:7500/
+
+    # Gzip Encoding
+    AddOutputFilterByType DEFLATE text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
+
+    # Security Headers
+    Header always set Referrer-Policy "no-referrer"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "DENY"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';"
+    Header unset Server
+
+    # Log configuration
+    CustomLog /var/log/apache2/rdap_access.log combined
+    ErrorLog /var/log/apache2/rdap_error.log
+</VirtualHost>

docs/apache2/whois.conf

@@ -0,0 +1,26 @@
+<VirtualHost *:443>
+    ServerName whois.example.com
+
+    DocumentRoot /var/www/whois
+
+    # PHP via FastCGI
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+
+    # Gzip Encoding
+    AddOutputFilterByType DEFLATE text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
+
+    # Security Headers
+    Header always unset Server
+    Header always set Referrer-Policy "no-referrer"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "DENY"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Content-Security-Policy "default-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; form-action 'self'; worker-src 'none'; frame-src 'none';"
+
+    # Log configuration
+    CustomLog /var/log/apache2/whois_access.log combined
+    ErrorLog /var/log/apache2/whois_error.log
+</VirtualHost>

docs/install.md

@@ -12,11 +12,36 @@ Once you have completed the installation process, we encourage you to proceed to
 apt install -y curl software-properties-common ufw
 add-apt-repository ppa:ondrej/php
 apt install -y debian-keyring debian-archive-keyring apt-transport-https
+apt update
+apt install -y bzip2 composer gettext git gnupg2 net-tools php8.2 php8.2-cli php8.2-common php8.2-curl php8.2-ds php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-igbinary php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-redis php8.2-soap php8.2-swoole php8.2-uuid php8.2-xml pv redis unzip wget whois
+```
+
+Then install the webserver you prefer:
+
+### 1a. Install Caddy webserver:
+
+```bash
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stable.gpg.key
 gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
-apt update && apt upgrade
+apt update
-apt install -y bzip2 caddy composer gettext git gnupg2 net-tools php8.2 php8.2-cli php8.2-common php8.2-curl php8.2-ds php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-igbinary php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-redis php8.2-soap php8.2-swoole php8.2-uuid php8.2-xml pv redis unzip wget whois
+apt install -y caddy
+```
+
+### 1b. Install Nginx webserver:
+
+```bash
+add-apt-repository ppa:ondrej/nginx-mainline
+apt update
+apt install -y nginx python3-certbot-nginx
+```
+
+### 1c. Install Apache2 webserver:
+
+```bash
+add-apt-repository ppa:ondrej/apache2
+apt update
+apt install -y apache2 python3-certbot-apache
 ```
 
 ### Configure time:
@@ -187,7 +212,9 @@ ufw allow 53/tcp
 ufw allow 53/udp
 ```
 
-## 6. Configure Caddy webserver:
+## 6. Configure webserver:
+
+### 6a. Caddy:
 
 Edit ```/etc/caddy/Caddyfile``` and place the following content:
 
@@ -272,6 +299,76 @@ systemctl enable caddy
 systemctl restart caddy
 ```
 
+### 6b. Nginx:
+
+Move configuration files and create symbolic links:
+
+```bash
+mv /opt/registry/docs/nginx/cp.conf /etc/nginx/sites-available/
+ln -s /etc/nginx/sites-available/cp.conf /etc/nginx/sites-enabled/
+
+mv /opt/registry/docs/nginx/whois.conf /etc/nginx/sites-available/
+ln -s /etc/nginx/sites-available/whois.conf /etc/nginx/sites-enabled/
+
+mv /opt/registry/docs/nginx/rdap.conf /etc/nginx/sites-available/
+ln -s /etc/nginx/sites-available/rdap.conf /etc/nginx/sites-enabled/
+
+rm /etc/nginx/sites-enabled/default
+```
+
+Edit all 3 files that you just moved in `/etc/nginx/sites-available`, and replace `server_name` with the correct hostname for the service; also replace `YOUR_IPV4_ADDRESS` and/or `YOUR_IPV6_ADDRESS` accordingly.
+
+Generate the required SSL certificates:
+
+```bash
+systemctl stop nginx
+certbot --nginx -d whois.example.com -d rdap.example.com -d cp.example.com
+```
+
+Activate and reload Nginx:
+
+```bash
+systemctl enable nginx
+systemctl restart nginx
+```
+
+### 6c. Apache2:
+
+Move configuration files and create symbolic links:
+
+```bash
+mv /opt/registry/docs/apache2/cp.conf /etc/apache2/sites-available/
+ln -s /etc/apache2/sites-available/cp.conf /etc/apache2/sites-enabled/
+
+mv /opt/registry/docs/apache2/whois.conf /etc/apache2/sites-available/
+ln -s /etc/apache2/sites-available/whois.conf /etc/apache2/sites-enabled/
+
+mv /opt/registry/docs/apache2/rdap.conf /etc/apache2/sites-available/
+ln -s /etc/apache2/sites-available/rdap.conf /etc/apache2/sites-enabled/
+
+rm /etc/apache2/sites-enabled/000-default.conf
+```
+
+Edit all 3 files that you just moved in `/etc/apache2/sites-available`, and replace `server_name` with the correct hostname for the service.
+
+Generate the required SSL certificates:
+
+```bash
+a2enmod headers proxy proxy_http proxy_fcgi setenvif rewrite
+systemctl restart apache2
+systemctl stop apache2
+certbot --apache -d whois.example.com -d rdap.example.com -d cp.example.com
+```
+
+Activate and reload Apache2:
+
+```bash
+systemctl enable apache2
+systemctl restart apache2
+```
+
+_________________
+
 **And now is the right time to import the provided database file(s) for your database type using Adminer.**
 
 ## 7. Control Panel Setup:

docs/nginx/cp.conf

@@ -0,0 +1,41 @@
+server {
+    listen YOUR_IPV4_ADDRESS:443 ssl;
+    listen [YOUR_IPV6_ADDRESS]:443 ssl;
+    http2 on;
+    server_name cp.example.com;
+
+    root /var/www/cp/public;
+
+    index index.php;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+    }
+
+    location ~ /adminer.php$ {
+        root /usr/share/adminer;
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+    }
+
+    gzip on;
+
+    # Security headers
+    add_header Referrer-Policy "no-referrer" always;
+    add_header Strict-Transport-Security "max-age=31536000;" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    #add_header Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline' https://rsms.me; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/; form-action 'self'; worker-src 'none'; frame-src 'none';";
+    add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';" always;
+    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();" always;
+
+    access_log /var/log/nginx/cp_access.log;
+    error_log /var/log/nginx/cp_error.log error;
+
+}

docs/nginx/rdap.conf

@@ -0,0 +1,27 @@
+server {
+    listen YOUR_IPV4_ADDRESS:443 ssl;
+    listen [YOUR_IPV6_ADDRESS]:443 ssl;
+    http2 on;
+    server_name rdap.example.com;
+
+    location / {
+        proxy_pass http://localhost:7500;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    gzip on;
+
+    # Security headers
+    add_header Referrer-Policy "no-referrer" always;
+    add_header Strict-Transport-Security "max-age=31536000;" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';" always;
+    add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';" always;
+    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();" always;
+
+}

docs/nginx/whois.conf

@@ -0,0 +1,32 @@
+server {
+    listen YOUR_IPV4_ADDRESS:443 ssl;
+    listen [YOUR_IPV6_ADDRESS]:443 ssl;
+    http2 on;
+    server_name whois.example.com;
+
+    root /var/www/whois;
+
+    index index.php;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+    }
+
+    gzip on;
+
+    # Security headers
+    add_header Referrer-Policy "no-referrer" always;
+    add_header Strict-Transport-Security "max-age=31536000;" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Content-Security-Policy "default-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'unsafe-inline'; form-action 'self'; worker-src 'none'; frame-src 'none';";
+    add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';" always;
+    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();" always;
+
+}