Nginx Rewrites for Xenforo Friendly Urls:
For Xenforo to use Friendly Urls via mod_write you'll find official Nginx rewrite rules here. You will need to add additional Nginx rewrite rules within your domain's Nginx vhost configuration file /usr/local/nginx/conf/conf.d/newdomain.com.conf. This file is created when you use Centmin Mod's menu option #2 to 'Add Nginx vhost domain'. Below Nginx rewrite rules are provide as is, without support. If you need further help ask on Nginx forums or Xenforo.com's Server Configuration and Hosting forums.
Xenforo Permissions
If you're using Centmin Mod 123.09beta01+ or higher, it has a tools/autoprotect.sh cronjob to auto protect your non-public web directories which have .htaccess 'deny from all' files. This can falsely block Xenforo setups configured below. So you need to add .autoprotect-bypass
files to Xenforo directories as follows.
If you installed Xenforo at /home/nginx/domains/newdomain.com/public
, you'd use these SSH commands to just create empty .autoprotect-bypass
files to exclude from tools/autoprotect.sh. For Xenforo 2 need one bypass for /src directory too:
touch /home/nginx/domains/newdomain.com/public/library/.autoprotect-bypass touch /home/nginx/domains/newdomain.com/public/internal_data/.autoprotect-bypass touch /home/nginx/domains/newdomain.com/public/install/data/.autoprotect-bypass touch /home/nginx/domains/newdomain.com/public/install/templates/.autoprotect-bypass touch /home/nginx/domains/newdomain.com/public/src/.autoprotect-bypass
You can further secure your already uploaded Xenforo file permissions using the following SSH commands you can run, replacing newdomain.com
with yourdomain.com
name.
First backup your /public
web root file and directory permissions to already created /home/nginx/domains/newdomain.com/backup
directory just in case using below SSH command:
getfacl -R -L --absolute-names /home/nginx/domains/newdomain.com/public > /home/nginx/domains/newdomain.com/backup/backup-permissions-$(date +"%d%m%y-%H%M%S").acl
You can restore then using this SSH command where XXXXXX-XXXXXX is the day-month-year-hr-min-sec timestamp from the above backup command:
setfacl --restore=/home/nginx/domains/newdomain.com/backup/backup-permissions-XXXXXX-XXXXXX.acl
Now to change file and directory permissions on Xenforo installation in web root at /public
, run SSH commands below. If Xenforo is installed off web root in subdirectory like /forum
, then change all instances of /home/nginx/domains/newdomain.com/public/
to /home/nginx/domains/newdomain.com/public/forum/
.
find /home/nginx/domains/newdomain.com/public/ -type f -print0 | xargs -0 chmod 0644 find /home/nginx/domains/newdomain.com/public/ -type d -print0 | xargs -0 chmod 0755 find /home/nginx/domains/newdomain.com/public/internal_data/ -type f -print0 | xargs -0 chmod 0777 find /home/nginx/domains/newdomain.com/public/data/ -type f -print0 | xargs -0 chmod 0777 find /home/nginx/domains/newdomain.com/public/internal_data/ -type d -print0 | xargs -0 chmod 0777 find /home/nginx/domains/newdomain.com/public/data/ -type d -print0 | xargs -0 chmod 0777 chmod 0755 /home/nginx/domains/newdomain.com/public
The commands do the following:
- find all files in
/public
and chmod 0644 them - find all directories in
/public
and chmod 0755 them - find all files in
/public/internal_data
and chmod 0777 them - find all files in
/public/data
and chmod 0777 them - find all directories in
/public/internal_data
and chmod 0777 them - find all directories in
/public/data
and chmod 0777 them - then chmod 0755 the web root
/public
where Xenforo is installed
open_basedir restrictions
If you run Xenforo 1.5 or Xenforo Media Gallery Addon, you may run into the error message open_basedir restriction in effect
which is a form of PHP security that Centmin Mod 1.2.3-eva2000.08+ and higher has enabled by default. FAQ item 26 shows you how to disable open_basedir globally or for just one Nginx vhost site. The relevant line is the 9th line in /usr/local/nginx/conf/php.conf
. This line locks you to each Nginx vhost's document web root
fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;
Setting up MySQL database settings
Xenforo for best performance uses InnoDB MySQL Engine tables. To enable InnoDB MySQL Engine and Table support by ensuring your MySQL config settings for /etc/my.cnf have the following InnoDB related settings set. If not set in /etc/my.cnf change them to the following and restart MySQL server:
innodb=ON default-storage-engine = InnoDB
On a fresh Centmin Mod install, you may also want to enable server wide MySQL global UTF-8 support. Enabling this will apply to every MySQL database and tables you create on your MySQL server instance. To change defaults respectively for character set and collation to utf8 and utf8_general_ci, you need to add under [mysqld] group in /etc/my.cnf the following line character-set-server=utf8:
[mysqld] character-set-server=utf8
Note: Only MySQL databases and tables created after this change will by default be created as utf8 character set and collations. Any databases before this change, will still be latin1.
Restart MySQL server:
service mysql restart
Or restart with Centmin Mod command shortcut:
mysqlrestart
Xenforo Media Gallery Addon & FFMPEG
If you run Xenforo 1.5 or Xenforo Media Gallery Addon, you will require the installation of FFMPEG. However, XMG Addon doesn't require the full package install with FFMPEG php extension. It only requires the FFMPEG binary path location set in admin settings. As such you can download and install the static FFMPEG binary package instead. Just upload and extract the static FFMPEG binary package contents into your site account i.e. at /home/nginx/domains/newdomain.com/staticffmpeg
. Then in Xenforo Media Gallery admin set the path to FFMPEG binary i.e. /home/nginx/domains/newdomain.com/staticffmpeg/ffmpeg
As you have full root access to your server, there is no need to use SFTP/FTP to download and upload. You can do everything from SSH command line. Commands to run in SSH window as root user for Nginx vhost domain newdomain.com
:
change to /home/nginx/domains/newdomain.com
directory
cd /home/nginx/domains/newdomain.com
download and extract the static FFMPEG binary package
if [ "$(uname -m)" = 'x86_64' ]; then wget -cnv https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz; tar xJvf ffmpeg-release-amd64-static.tar.xz; else wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-i686-static.tar.xz; tar xJvf ffmpeg-release-i686-static.tar.xz; fi
rename extracted folder to staticffmpeg
and give files correct permissions
mv ffmpeg-5.0-amd64-static staticffmpeg chown -R nginx:nginx staticffmpeg
FFMPEG binary path would end up at /home/nginx/domains/newdomain.com/staticffmpeg/ffmpeg
. You can see the full contents of this directory using ls -alh DIRPATH
command below.
ls -lah /home/nginx/domains/newdomain.com/staticffmpeg/ total 151M drwxr-xr-x 4 nginx nginx 4.0K Jan 17 15:57 . drwxr-xr-x 27 root root 12K Feb 27 01:24 .. -rwxr-xr-x 1 nginx nginx 75M Jan 17 15:57 ffmpeg -rwxr-xr-x 1 nginx nginx 75M Jan 17 15:57 ffprobe -rw-r--r-- 1 nginx nginx 35K Jan 17 15:57 GPLv3.txt drwxr-xr-x 2 nginx nginx 4.0K Jan 17 15:57 manpages drwxr-xr-x 7 nginx nginx 4.0K Jan 17 15:20 model -rwxr-xr-x 1 nginx nginx 675K Jan 17 15:57 qt-faststart -rw-r--r-- 1 nginx nginx 2.2K Jan 17 15:57 readme.txt
Nginx Rewrites for Xenforo Friendly Urls:
If Xenforo forum is installed in public web root i.e. /home/nginx/domains/newdomain.com/public, then you'll need to add and edit the following Nginx rewrites in /usr/local/nginx/conf/conf.d/newdomain.com.conf paying attention to replace your existing location / {}
context with the one below instead of mistakenly adding a 2nd instance of location / {}
context. For Xenforo 2.x you need to also uncomment and remove hash # from 3 lines to enable /src/ location context.
location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$uri&$args; } location /install/data/ { internal; } location /install/templates/ { internal; } location /internal_data/ { internal; } location /library/ { internal; } # xenforo 2 uncomment / remove hash from next 3 lines #location /src/ { #internal; #}
The restart Nginx server for it to take effect:
service nginx restart
or command shortcut
ngxrestart
If Xenforo forum is installed off public web root in it's own directory i.e. /forums at /home/nginx/domains/newdomain.com/public/forums, then you'll need to add and edit the following Nginx rewrites in /usr/local/nginx/conf/conf.d/newdomain.com.conf paying attention to not touch your existing location / {}
context. For Xenforo 2.x you need to also uncomment and remove hash # from 3 lines to enable /forums/src/ location context.
location /forums/ { index index.php index.html index.htm; try_files $uri $uri/ /forums/index.php?$uri&$args; } location /forums/install/data/ { internal; } location /forums/install/templates/ { internal; } location /forums/internal_data/ { internal; } location /forums/library/ { internal; } # xenforo 2 uncomment / remove hash from next 3 lines #location /forums/src/ { #internal; #}
Protected Xenforo Directories
To secure and protect your Xenforo admin.php and sensistive directories you can also password protect and/or IP address restrict them. Add to your domain's Nginx vhost conf file the following - replacing YOURIPADDRESS with your static IP address:
location /admin.php { auth_basic "Private"; auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php; include /usr/local/nginx/conf/php.conf; allow 127.0.0.1; allow YOURIPADDRESS; deny all; }
Create auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php and set your own USERNAME and PASSWORD for htaccess password protection.
/usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd_admin_php USERNAME PASSWORD
Full Centmin Mod .08 and higher Nginx vhost example Xenforo Configuration for newdomain.com in Nginx vhost file at /usr/local/nginx/conf/conf.d/newdomain.com.conf is below. For include file /usr/local/nginx/conf/vts_server.conf it would be either commented out with a hash # or not depending on if you have NGINX_VHOSTSTATS=y enabled in centmin.sh. Default out of box Centmin Mod .08 and higher installs have it enabled by default.
The default redirect for non-www to www is commented out by default. To enable remove the comment hash # for these 5 lines.
#server { # listen 80; # server_name newdomain.com; # return 301 $scheme://www.newdomain.com$request_uri; # }
If you want to force redirect from www to non-www change those 5 lines to the following.
#server { # listen 80; # server_name www.newdomain.com; # return 301 $scheme://newdomain.com$request_uri; # }
Full /usr/local/nginx/conf/conf.d/newdomain.com.conf file
# Centmin Mod Getting Started Guide # must read http://centmin.com/getstarted.html # redirect from non-www to www # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 #server { # listen 80; # server_name newdomain.com; # return 301 $scheme://www.newdomain.com$request_uri; # } server { server_name newdomain.com www.newdomain.com; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/newdomain.com/log/access.log combined buffer=256k flush=5m; error_log /home/nginx/domains/newdomain.com/log/error.log; root /home/nginx/domains/newdomain.com/public; location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$uri&$args; } location /admin.php { auth_basic "Private"; auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php; include /usr/local/nginx/conf/php.conf; allow 127.0.0.1; allow YOURIPADDRESS; deny all; } location /install/data/ { internal; } location /install/templates/ { internal; } location /internal_data/ { internal; } location /library/ { internal; } # xenforo 2 uncomment / remove hash from next 3 lines #location /src/ { # internal; #} include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; }
The restart Nginx server for it to take effect:
service nginx restart
or command shortcut
ngxrestart
Xenforo HTTPS SPDY SSL Setup
For Xenforo HTTPS SPDY SSL setup, following the Centmin Mod Nginx SPDY SSL setup guide here.
Source: Official Xenforo.com site, mlx 'Setup SEO Full Friendly URLs on nginx' thread