Discover Centmin Mod today
Register Now

IP.Board IPB v4.1.x Files

Discussion in 'Forum software usage' started by Jimmy, Nov 9, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    54,535
    12,219
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,788
    Local Time:
    9:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    maybe autoprotect related
    https://community.centminmod.com/th...ccess-check-migration-to-nginx-deny-all.7308/ ? can the generated autoprotect includes files content to see if it picked up new .htaccess with deny from all and bypass them or comment out the include.

     
  2. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    Nope. Autoprotect is one of the first things I checked. Not a whole lot of htaccess files in the new version. I removed all of them from the software.
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,535
    12,219
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,788
    Local Time:
    9:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    maybe post the nginx vhost contents as it stands now
     
  4. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    For the 08 stable test I used the default vhost that CMM created. IPB installed fine and the site worked great.

    Concerning the 09 beta dev server which I'm having the site issue with, I already tried multiple vhost configurations including the default CMM vhost file.

    I'm going to grab some food and when I come back I'll do the base test of 09 beta the same as 08 stable. Once I do that I can figure out if I need to look at the difference between 08 and 09 or my mods to 09. I think that would be the best route at this point.
     
  5. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    09 Beta stock test install works. Now I'll look at the items I did to CMM and see what is the issue.
     
    Last edited: Feb 24, 2017
  6. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    Well, I installed everything I would normally install back on top of the beta 09 install from above. Site is still working correctly.

    I'm thinking of two possible things.
    1. I'm using PHPStorm to manage the server files. I wonder if the file encoding is messing with some of the files I uploaded? PHPStorm files are UTF-8 encoding.
    2. I'm going to re-install fresh 09 beta and install server software first then IPB. Maybe something just got corrupted along the way.

    BTW, I'm not getting the browser issue any longer. I'm really thinking that maybe using PHP Storm for some of the server files might have messed things up. All tests I've done were without PHPStorm.
     
    Last edited: Feb 24, 2017
  7. eva2000

    eva2000 Administrator Staff Member

    54,535
    12,219
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,788
    Local Time:
    9:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    never used PHPStorm myself, just pure sftp uploads as my SSH client, SecureCRT has built in SFTP client so can upload files in same SecureCRT tabbed window :)
     
  8. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    I was just using PHPStorm as an easy way to modify the files. I like the version control ability. Obviously, PHPStorm was made for PHP development, not really for server management.
     
  9. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    11:28 AM
    1.9.x
    10.1.x
    @Jimmy do you use pagespeed in your IPS site?
     
  10. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    At this point, I don't have a working v4 system right now (Dev or Live) still on v3. Hopefully, upgrading this week. I wasn't going to use Pagespeed when I set it up... though I was kinda on the fence. Are you running it? Issues?
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    4,084
    428
    83
    May 31, 2014
    Ratings:
    +834
    Local Time:
    1:28 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    I am looking also for a working config for IPB 4 :)
     
  12. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    11:28 AM
    1.9.x
    10.1.x
    Im not running and i never used pagespeed. If you used, i was gonna ask the rules you use ;)
     
  13. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
  14. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    Looking at the CMM php.conf file (not active):
    Code:
    # comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
    # cgi.fix_pathinfo=0
    # as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1
    Looking at the /usr/local/lib/php.ini file, seems to be inactive:
    Code:
    ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
    ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
    ; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
    ; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
    ; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
    ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
    ; http://php.net/cgi.fix-pathinfo
    ;cgi.fix_pathinfo=1
    @eva2000 does the above default to inactive / disabled? Do I have to add cgi.fix_pathinfo=0 to the b_customphp.ini to disable? The php.conf file seems to say if it's commented out it's disabled, but it then says that the default post v1.2.3-eva2000.01 is enabled.

    As for security.limit_extensions, it's locked down:
    Code:
    /usr/local/etc/php-fpm.conf
    Code:
    ; Limits the extensions of the main script FPM will allow to parse. This can
    ; prevent configuration mistakes on the web server side. You should only limit
    ; FPM to .php extensions to prevent malicious users to use other extensions to
    ; exectute php code.
    ; Note: set an empty value to allow all extensions.
    ; Default Value: .php
    security.limit_extensions = .php .php3 .php4 .php5
     
    Last edited: May 2, 2017
  15. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
  16. eva2000

    eva2000 Administrator Staff Member

    54,535
    12,219
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,788
    Local Time:
    9:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no you will break php for alot of web apps if you set it to = 0

    see Is the PHP option 'cgi.fix_pathinfo' really dangerous with Nginx + PHP-FPM?

    Centmin Mod PHP-FPM is properly secured as per official Nginx wiki documentation PHP FastCGI Example | NGINX and doesn't require cgi.fix_pathinfo disabled

    each vhost include file for /usr/local/nginx/conf/php.conf top portion
    Code (Text):
    location ~ [^/]\.php(/|$) {
      include /usr/local/nginx/conf/503include-only.conf;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
        fastcgi_pass   127.0.0.1:9000;
     
  17. externalflaw

    externalflaw New Member

    11
    1
    3
    May 5, 2017
    Ratings:
    +3
    Local Time:
    12:28 PM
    Hi there,

    I am using IPB v4.x on a subdomain (forum.project.com) with SSL enabled. So far, everything works good, except I am getting 404 on every link I click.

    I have already tried this config: Invision Power Board v4 Nginx configuration file for use with Centminmod. ยท GitHub but this gives me full 404 even on the main page of the forum.


    This config works for the main page, but not for the links, as I assume it is an redirect issue only.

    Since I never worked with IPB, I would appreciate any help. Thanks

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name forum.project.com www.forum.project.com;
        return 302 https://forum.project.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name forum.project.com www.forum.project.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/forum.project.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/forum.project.com/forum.project.com-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/forum.project.com/forum.project.com-acme.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/forum.project.com/forum.project.com-acme.cer;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/forum.project.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/forum.project.com/log/error.log;
    
      root /home/nginx/domains/forum.project.com/public;
    
      location / {
    
        # block common exploits, sql injections etc
        #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
    nvm, I am an idiot..working now.
     
    Last edited: May 8, 2017
  18. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    I have a v3.x up right now on a sub-domain and I have the same things happening. I don't have a v4 up at all at the moment. But several people have used this without issue on the main domain. Might have something to do with the sub-domain, though not sure why a sub-domain would be an issue.
     
  19. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    You might want to check out your autoprotect folder. If you left any of those .htaccess files when you uploaded IPB, centmin mod autoprotect will generate locations automagically.

    They're located: /usr/local/nginx/conf/autoprotect/forum.domain.com/autoptotect-forum.domain.com.conf
     
  20. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    6:28 AM
    Also, remember you can always submit a support ticket to IPB and they can take a look at it. If they do and there is an issue with something, post it back here. Otherwise, I will be installing a v4 probably tomorrow and I can check it out.