Nginx rewrites for vBulletin vBSEO

Notes:

    1. Centmin Mod v1.2.3-eva2000.03 made a change in /usr/local/lib/php.ini for security reasons to disable some PHP functions:

        disable_functions = exec,passthru,shell_exec,system,proc_open,popen
      

      For vB 4.2.x to work need to edit php.ini (shortcut command phpedit) and remove following listed functions exec,passthru,shell_exec,system leaving just proc_open,popen as most are needed for vB 4.2.x.

    2. Restart php-fpm service (shortcut command fpmrestart)
    3. Note: For vBulletin 4.2 you may encounter delays sending emails. In vB AdminCP -> Options -> Email set:

      • Enable -f paramater = yes
      • Use Cron Based Sending = no

      Cron based email sending was introduced in vB 4.2. I wrote an article on my blog at http://vbtechsupport.com/2003/ where for very busy vB 4.2 based forums this can cause very long delays for email to be sent as by default cron based emails will only send 10-50 emails every cron run and cron runs every 10mins by default so only 60-300 emails are sent per hour !

Where vBulletin 4.2.1 is installed at /vb421.

location /vb421/ {
rewrite ^/vb421/((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ /vb421/vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 last;

try_files $uri $uri/ /vb421/vbseo.php?$args;
}

        location /vb421/includes {
        allow 127.0.0.1;
        deny all;
        }

        location /vb421/packages {
        allow 127.0.0.1;
        deny all;
        }

        location /vb421/vb {
        allow 127.0.0.1;
        deny all;
        }

        location /vb421/admincp {
        include /usr/local/nginx/conf/php.conf;
        #auth_basic "Private";
        #auth_basic_user_file /usr/local/nginx/conf/htpasswd;
        }

location /vb421/vbseo/(includes|resources/html|resources/xml)/ {
        allow      127.0.0.1;
        deny      all;
}

location ~ /vb421/(.*\.php)$ {
rewrite ^/vb421/(.*)$ /vb421/vbseo.php last;
}

so the full Nginx vhost looks like the following:

server {
#         listen   80;
            listen   80 default_server;
            server_name localhost;
            root   html;

        access_log              /var/log/nginx/localhost.access.log     main buffer=32k;
        error_log               /var/log/nginx/localhost.error.log      error;

# limit_conn limit_per_ip 16;
# ssi  on;

            location / {

#               Enables directory listings when index file not found
                autoindex  on;

#               Shows file listing times as local time
#               autoindex_localtime on;

#               Enable for vBulletin usage WITHOUT vbSEO installed
#               try_files               $uri $uri/ /index.php;

            }

include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;

location /vb421/ {
rewrite ^/vb421/((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ /vb421/vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 last;

try_files $uri $uri/ /vb421/vbseo.php?$args;
}

        location /vb421/includes {
        allow 127.0.0.1;
        deny all;
        }

        location /vb421/packages {
        allow 127.0.0.1;
        deny all;
        }

        location /vb421/vb {
        allow 127.0.0.1;
        deny all;
        }

        location /vb421/admincp {
        include /usr/local/nginx/conf/php.conf;
        #auth_basic "Private";
        #auth_basic_user_file /usr/local/nginx/conf/htpasswd;
        }

location /vb421/vbseo/(includes|resources/html|resources/xml)/ {
        allow      127.0.0.1;
        deny      all;
}

location ~ /vb421/(.*\.php)$ {
rewrite ^/vb421/(.*)$ /vb421/vbseo.php last;
}

        }

The restart Nginx server for it to take effect:

  service nginx restart

or command shortcut

  ngxrestart

Password Protecting Admincp

Notice that admincp directory can be password protected but Nginx doesn't support .htaccess like Apache does. For Nginx you need to use HttpAuthBasicModule. For Centmin Mod Nginx installs, you can use the included python based tool, htpasswd.py to set up password protection files.

  1. You need to use to either create a password file or append to an existing file (i.e. /usr/local/nginx/conf/htpasswd).
  2. The password file can be named anything you like and created anywhere you like. Just do not place the file anywhere publicaly accessible i.e. not below /public web root. For this example chose /usr/local/nginx/conf/htpasswd.

To create a new /usr/local/nginx/conf/htpasswd with username and password use the following command like in SSH where you change username and password fields to one of your own choosing:

  python /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpasswd username password

To append to existing /usr/local/nginx/conf/htpasswd file, remove the -c option

  python /usr/local/nginx/conf/htpasswd.py -b /usr/local/nginx/conf/htpasswd username password

Then within admincp location of Nginx vhost uncomment (remove hash # in front of the 2 relevant lines):

        #auth_basic "Private";
        #auth_basic_user_file /usr/local/nginx/conf/htpasswd;

The restart Nginx server for it to take effect:

  service nginx restart

or command shortcut

  ngxrestart

Notes

Centmin Mod v1.2.3-eva2000.03 made a change in /usr/local/lib/php.ini for security reasons to disable some PHP functions:

  disable_functions = exec,passthru,shell_exec,system,proc_open,popen

For vB to work with ImageMagicK instead of the default GD for image resizing, do following:

  1. Edit php.ini (shortcut command phpedit) and remove exec from the list of disabled_functions
  2. Set ImageMagicK path to /usr/bin and save and select ImageMagicK
  3. Restart php-fpm service (shortcut command fpmrestart)