Nginx Vhost & Rewrites for IP.Board

This guide assumes you have already installed Centmin Mod v1.2.3+ and followed the Getting Started Guide.

The below IP.Board 3.x Nginx rules were originally sourced from Kirito's thread and modified for use with Centmin Mod Nginx installs. Not all steps were replicated from Kirito's guide, so feel free to play them as you see fit. If you have any suggestions or improvements on the below configuration, please contact me via the official forums. For IP.Board 4.1 setups, I have included Centmin Mod Nginx rules only below which is based on Jimmy's forum thread for IP.Board 4.1 setup. Setup of IP.Board 4.1.x is not outlined as I do not have access to those files, so follow the official install instructions though it should be similar to IP.Board 3.x in terms of uploading the files in the first place and setting up MySQL database/server.

  1. Setting up MySQL database
  2. Preparing IP.Board 3.x files
  3. Nginx Rewrites for IP.Board 3.x with SEO Friendly Urls
  4. Nginx Rewrites for IP.Board 4.1.x with SEO Friendly Urls
  5. Enabling ngx_pagespeed module

Notes:

  • For IP.Board without SEO URLs out of the box installs, you don't need to make any changes to Nginx vhost configuration file /usr/local/nginx/conf/conf.d/newdomain.com.conf for actual initial install. But may want to setup the SEO URLS later (see next note).
  • For IP.Board SEO URLs, you will need to add additional Nginx rewrite rules within your domain's Nginx vhost configuration file /usr/local/nginx/conf/conf.d/newdomain.com.conf for HTTP or /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf for HTTPS. This file is created when you use Centmin Mod's menu option #2 to 'Add Nginx vhost domain'.
  • Centmin Mod v1.2.3+ automatically installs Nginx, PHP-FPM and MariaDB 5.5 MySQL (for 1.2.3-eva2000.08+ and higher MariaDB 10.0.x is default) meeting all IP.Board system requirements outlined in their FAQ.
  • Installation of IP.Board is basically the same as outlined on their web site's Install and Getting Started guide and rest of the official guides.


Setting up MySQL database

Enable InnoDB MySQL Engine and Table support by ensuring your MySQL config settings for /etc/my.cnf have the following InnoDB related settings set. If not set in /etc/my.cnf change them to the following and restart MySQL server:

innodb=ON
default-storage-engine = InnoDB

On a fresh Centmin Mod install, you may also want to enable server wide MySQL global UTF-8 support. Enabling this will apply to every MySQL database and tables you create on your MySQL server instance. To change defaults respectively for character set and collation to utf8 and utf8_general_ci, you need to add under [mysqld] group in /etc/my.cnf the following line character-set-server=utf8:

[mysqld]
 character-set-server=utf8

Note: Only MySQL databases and tables created after this change will by default be created as utf8 character set and collations. Any databases before this change, will still be latin1.

Restart MySQL server:

service mysql restart

Or restart with Centmin Mod command shortcut:

mysqlrestart

Create MySQL database for IP.Board install. Type following command where database name = ipf345 :

mysqladmin -u root -p create ipf345

Then log into MySQL client command line via command below. When prompted for MySQL root user password, enter the password. If you didn't set a MySQL root user password, just hit enter when prompted for password.

mysql -u root -p

Create MySQL user where mysqlusername = your MySQL username and mysqluserpassword = your MySQL username's password and ipf345 = your MySQL database name.

MariaDB [(none)]> CREATE USER 'mysqlusername'@'localhost' IDENTIFIED BY 'mysqluserpassword';

Grant appropriate MySQL privileges to the MySQL user you created and then assign the MySQL user to your MySQL database name. And issue FLUSH PRIVILEGES; command to make changes take effect.

MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES, CREATE TEMPORARY TABLES ON ipf345.* TO 'mysqlusername'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;

If you need to remove MySQL user later on, use following command when logged into MySQL client command line.

MariaDB [(none)]> DROP USER 'mysqlusername'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;

If you need to change MySQL user's password, use following command when logged into MySQL client command line.

MariaDB [(none)]> SET PASSWORD FOR 'mysqlusername'@'localhost' = PASSWORD('newpassword');
MariaDB [(none)]> FLUSH PRIVILEGES;

Preparing IP.Board 3.x files

I prefer to do everything via SSH telnet as it's much quicker. Just log into your Centmin Mod server via SCP or SFTP protocols which are by default available in new Centmin Mod installs and upload IPB zip file board3_4_5.zip, to a staging directory i.e. /home/nginx/domains/newdomain.com/zipfiles.

Then with SSH telnet type the following commands to prepare and copy IP.Board files to web root directory at /home/nginx/domains/newdomain.com/public if you want your forums at newdomain.com/.

Change to zipfile directory where you uploaded board3_4_5.zip and unzip the files and change to upload directory.

cd /home/nginx/domains/newdomain.com/zipfiles
unzip board3_4_5.zip
cd board/upload

Copy over IP.Board 3.x files to public web root at /home/nginx/domains/newdomain.com/public. Keep back slash on cp command to unalias cp.

\cp -Rf * /home/nginx/domains/newdomain.com/public

Change to public web root /home/nginx/domains/newdomain.com/public

cd /home/nginx/domains/newdomain.com/public

Create conf_global.php file and chmod 0777

cp -a conf_global.dist.php conf_global.php
chmod 0777 conf_global.php

Setting other directories permissions, you can try 0770 and 0660 but I used 0777 and 0666 respectively. Ignore any errors for directories that don't exist.

webroot='/home/nginx/domains/newdomain.com/public'
find $webroot/{uploads,cache,css_files,downloads,hooks,screenshots,blog,public/ipc_blocks,public/style_*} -type d -exec chmod 0777 {} \;
find $webroot/{uploads,cache,css_files,downloads,hooks,screenshots,blog,public/ipc_blocks,public/style_*} -type f -exec chmod 0666 {} \;

Rename /admin directory to new name i.e. /mynewadmin and create a new admin directory.

mv admin mynewadmin
mkdir admin

Create a constants.php at /home/nginx/domains/newdomain.com/public/constants.php and add the following line defining new /mynewadmin directory name.

<?php
    define( 'CP_DIRECTORY', 'mynewadmin' );
?>

Then give user and group permissions to all files as nginx.

chown -R nginx:nginx /home/nginx/domains/newdomain.com/public/*

Then open browser at your newdomain.com to proceed with installation. Yes installation doesn't require any of the below outlined rewrite rules for IP.Board to install.

IP.Board Install

Nginx Rewrites for IP.Board 3.x with SEO Friendly Urls:

If IP.Board forum is installed in public web root i.e. /home/nginx/domains/newdomain.com/public, then you'll need to add and edit the following Nginx rewrites in /usr/local/nginx/conf/conf.d/newdomain.com.conf:

server {
  server_name newdomain.com www.newdomain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/newdomain.com/log/error.log;

  root /home/nginx/domains/newdomain.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

        try_files  $uri $uri/ /index.php;

  }

    location ~^(/page/).*(\.php)$ {
        try_files  $uri $uri/ /index.php;
    }

    # Mask fake admin directory
    #location ~^/admin/(.*)$ {
    #    deny     all;
    #}

    # Secure real admin directory
    #location ~^(/mynewadmin/).*(\.php) {
    #    allow         127.0.0.1;
    #    deny          all;
    #    auth_basic    "Restricted Area";
    #    auth_basic_user_file $document_root/mynewadmin/.htpasswd;
    # include /usr/local/nginx/conf/php.conf;
    #}

    # IP.Board PHP/CGI Protection
    location ~^(/uploads/).*(\.php)$ {
        deny     all;
    }
    location ~^(/hooks/).*(\.php)$ {
        deny     all;
    }
    location ~^(/cache/).*(\.php)$ {
        deny     all;
    }
    location ~^(/screenshots/).*(\.php)$ {
        deny     all;
    }
    location ~^(/downloads/).*(\.php)$ {
        deny     all;
    }
    location ~^(/blog/).*(\.php)$ {
        deny     all;
    }
    location ~^(/public/style_).*(\.php)$ {
        deny     all;
    }

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/drop.conf;
    # include /usr/local/nginx/conf/errorpage.conf;
    include /usr/local/nginx/conf/vts_server.conf;
}

The restart Nginx server for it to take effect:

service nginx restart

or command shortcut

ngxrestart

If IP.Board forum is installed off public web root in it's own directory i.e. /forums at /home/nginx/domains/newdomain.com/public/forums, then you'll need to add and edit the following Nginx rewrites in /usr/local/nginx/conf/conf.d/newdomain.com.conf:

server {
  server_name newdomain.com www.newdomain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/newdomain.com/log/error.log;

  root /home/nginx/domains/newdomain.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  }

    location /forums {
        try_files  $uri $uri/ /forums/index.php;
   }

    location ~^(/forums/page/).*(\.php)$ {
        try_files  $uri $uri/ /index.php;
    }

    # Mask fake admin directory
    #location ~^/forums/admin/(.*)$ {
    #    deny     all;
    #}

    # Secure real admin directory
    #location ~^(/forums/mynewadmin/).*(\.php) {
    #    allow         127.0.0.1;
    #    deny          all;
    #    auth_basic    "Restricted Area";
    #    auth_basic_user_file $document_root/mynewadmin/.htpasswd;
    # include /usr/local/nginx/conf/php.conf;
    #}

    # IP.Board PHP/CGI Protection
    location ~^(/forums/uploads/).*(\.php)$ {
        deny     all;
    }
    location ~^(/forums/hooks/).*(\.php)$ {
        deny     all;
    }
    location ~^(/forums/cache/).*(\.php)$ {
        deny     all;
    }
    location ~^(/forums/screenshots/).*(\.php)$ {
        deny     all;
    }
    location ~^(/forums/downloads/).*(\.php)$ {
        deny     all;
    }
    location ~^(/forums/blog/).*(\.php)$ {
        deny     all;
    }
    location ~^(/forums/public/style_).*(\.php)$ {
        deny     all;
    }

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/drop.conf;
    # include /usr/local/nginx/conf/errorpage.conf;
    include /usr/local/nginx/conf/vts_server.conf;
}

The restart Nginx server for it to take effect:

service nginx restart

or command shortcut

ngxrestart

Source:


Nginx Rewrites for IP.Board 4.1.x with SEO Friendly Urls:

If IP.Board forum is installed in public web root i.e. /home/nginx/domains/newdomain.com/public, then you'll need to add and edit the following Nginx rewrites in /usr/local/nginx/conf/conf.d/newdomain.com.conf:

server {
  server_name newdomain.com www.newdomain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/newdomain.com/log/error.log;

  root /home/nginx/domains/newdomain.com/public;

    location / {

        # block common exploits, sql injections etc
        # include /usr/local/nginx/conf/block.conf;

        # Enables directory listings when index file not found
        # autoindex  on;

        # Shows file listing times as local time
        # autoindex_localtime on;

        try_files    $uri $uri/ /index.php;

    }

    location ~^(/page/).*(\.php)$ {
        try_files  $uri $uri/ /index.php;
    }

    # Mask fake admin directory
    # Must comment this during install.  Uncomment after you change the name of the admin directory.
    # location ~^/admin/(.*)$ {
    #    deny all;
    # }

    # Secure real Admin Directory
    # Replace /your_admin_renamed_directory/ with your renamed directory.
    # location ~ ^/admin/.+\.php$ {
    #    allow 127.0.0.1;
    #    deny all;
    #    auth_basic "Restricted Area";
    #    auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
    #    include /usr/local/nginx/conf/php.conf;
    #    allow YOURIPADDRESS;
    #}

    # IP.Board PHP/CGI Protection

    # Allow Access to Interface Files
    # Add Your Specific Application to the List if you Add New Applications
    location ~ ^/applications/(blog|calendar|chat|cms|core|downloads|forums|gallery|nexus|pastebin|companydirectory|rules|videos|notes|iawards|links|pmviewer|readthattopic|rules)/interface/.*\.(?:php\d*|phtml)$ {
        allow all;
        include /usr/local/nginx/conf/php.conf;
    }

    # Block Access to PHP / PHTML Files
    location ~ ^/(uploads|datastore|system|plugins)/.*\.(?:php\d*|phtml)$ {
        allow 127.0.0.1;
        deny all;
    }

    # Block Access to Application PHP / PHTML Files
    # Add Your Specific Application to the List if you Add New Applications
    location ~ ^/applications/(blog|calendar|chat|cms|core|downloads|forums|gallery|nexus|pastebin|companydirectory|rules|videos|notes|iawards|links|pmviewer|readthattopic|rules)/.*\.(?:php\d*|phtml)$ {
        allow 127.0.0.1;
        deny all;
    }

    # Centmin Mod include files
    # Note:  If you uncomment the error pages include you won't see the IPB errors via the site.

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/drop.conf;
    # include /usr/local/nginx/conf/errorpage.conf;
    include /usr/local/nginx/conf/vts_server.conf;
}

The restart Nginx server for it to take effect:

service nginx restart

or command shortcut

ngxrestart

If IP.Board 4.1.x forum is installed off public web root in it's own directory i.e. /forums at /home/nginx/domains/newdomain.com/public/forums, then you'll need to add and edit the following Nginx rewrites in /usr/local/nginx/conf/conf.d/newdomain.com.conf:

server {
  server_name newdomain.com www.newdomain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/newdomain.com/log/error.log;

  root /home/nginx/domains/newdomain.com/public;

    location /forums {

        # block common exploits, sql injections etc
        include /usr/local/nginx/conf/block.conf;

        # Enables directory listings when index file not found
        # autoindex  on;

        # Shows file listing times as local time
        # autoindex_localtime on;

        try_files    $uri $uri/ /forums/index.php;

    }

    location ~^(/forums/page/).*(\.php)$ {
        try_files  $uri $uri/ /forums/index.php;
    }

    # Mask fake admin directory
    # Must comment this during install.  Uncomment after you change the name of the admin directory.
    # location ~^/forums/admin/(.*)$ {
    #    deny all;
    # }

    # Secure real Admin Directory
    # Replace /your_admin_renamed_directory/ with your renamed directory.
    # location ~ ^/forums/admin/.+\.php$ {
    #    allow 127.0.0.1;
    #    deny all;
    #    auth_basic "Restricted Area";
    #    auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
    #    include /usr/local/nginx/conf/php.conf;
    #    allow YOURIPADDRESS;
    #}

    # IP.Board PHP/CGI Protection

    # Allow Access to Interface Files
    # Add Your Specific Application to the List if you Add New Applications
    location ~ ^/forums/applications/(blog|calendar|chat|cms|core|downloads|forums|gallery|nexus|pastebin|companydirectory|rules|videos|notes|iawards|links|pmviewer|readthattopic|rules)/interface/.*\.(?:php\d*|phtml)$ {
        allow all;
        include /usr/local/nginx/conf/php.conf;
    }

    # Block Access to PHP / PHTML Files
    location ~ ^/forums/(uploads|datastore|system|plugins)/.*\.(?:php\d*|phtml)$ {
        allow 127.0.0.1;
        deny all;
    }

    # Block Access to Application PHP / PHTML Files
    # Add Your Specific Application to the List if you Add New Applications
    location ~ ^/forums/applications/(blog|calendar|chat|cms|core|downloads|forums|gallery|nexus|pastebin|companydirectory|rules|videos|notes|iawards|links|pmviewer|readthattopic|rules)/.*\.(?:php\d*|phtml)$ {
        allow 127.0.0.1;
        deny all;
    }

    # Centmin Mod include files
    # Note:  If you uncomment the error pages include you won't see the IPB errors via the site.

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/drop.conf;
    # include /usr/local/nginx/conf/errorpage.conf;
    include /usr/local/nginx/conf/vts_server.conf;
}

The restart Nginx server for it to take effect:

service nginx restart

or command shortcut

ngxrestart

Source:


Enabling ngx_pagespeed module

For IP.Board out of the box ngx_pagespeed enabled forums only improves Google PageSpeed score slightly from 79 to 81. Recommended to read Kirito's run down of ngx_pagespeed specific filters for IP.Board usage. You'd probably need to tweak the PageSpeed configuration and filters for more improvements. For full install guide and info for ngx_pagespeed module read info here.

Quick guide, to enable ngx_pagespeed module, in Nginx VHOST uncomment these 3 lines by removing hash # in front of them:

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

changing to

# ngx_pagespeed & ngx_pagespeed handler
include /usr/local/nginx/conf/pagespeed.conf;
include /usr/local/nginx/conf/pagespeedhandler.conf;
include /usr/local/nginx/conf/pagespeedstatslog.conf;

Then enabling ngx_pagespeed via pscontrol file by typing within SSH telnet window:

pscontrol on

Check if Nginx ngx_pagespeed module is enabled by looking for X-Page-Speed header via curl command:

curl -I http://yourdomain.com/wp/
HTTP/1.1 200 OK
Server: nginx centminmod
Date: Fri, 19 Jul 2013 09:46:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Pingback: http://yourdomain.com/wp/xmlrpc.php
Cache-Control: max-age=0, no-cache
X-Page-Speed: 1.6.29.3-3270

Then if you want, you can enable PageSpeed console following the steps outlined here.

Example PageSpeed Console statistics. Click on image for full statistics screenshots.