Want more timely Centmin Mod News Updates?
Become a Member

Vanilla Vanilla Forums 2.5.1+ vhost Configuration

Discussion in 'Forum software usage' started by Jimmy, Mar 26, 2018.

  1. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Vanilla Forums 2.5.1+ vhost Configuration

    Available on Github: Centmin mod nginx vhost configuration for Vanilla Forums software.

    Code:
    # Vanilla Forums 2.5.1+ working NGINX site conf file for use with Centminmod.
    # Vanilla Forums:  https://vanillaforums.com/en/
    # Vanilla Forums nginx docs:  https://docs.vanillaforums.com/developer/backend/server-nginx/
    # Vanilla Forums github:  https://github.com/vanilla
    # Centmin mod:  https://centminmod.com
    # Centmin mod forum thread: https://community.centminmod.com/threads/vanilla-forums-2-5-1-vhost-configuration.14335/
    
    # This file is for a FORCED SSL site.  Non-SSL requests will be directed to SSL.
    # 10.0.0.123 is a demo IP.  Replace with your domain. Example:  yourdomain.com
    # Thanks to @eva2000 from Centminmod for all your help!
    
    # Redirect to HTTPS from port 80
    # Redirect from www to non-www with forced SSL
    server {
        listen  80;
        # listen []:80 ipv6only=off;
        server_name 10.0.0.123 www.10.0.0.123;
        return 301 https://10.0.0.123$request_uri;
    
        # Error Logs via 80
        access_log /home/nginx/domains/10.0.0.123/log/access_via80_123.log combined buffer=256k flush=5m;
        error_log /home/nginx/domains/10.0.0.123/log/error_via80_123.log;
    }
    
    server {
        listen 10.0.0.123:443 ssl http2;
        # listen []:443 ssl http2 ipv6only=off;
        server_name  10.0.0.123;
    
        # Will re-direct any SSL requests for www to non-www
        # https://centminmod.com/nginx_domain_dns_setup.html#httpsredirect
        if ($host = 'www.10.0.0.123' ) {
            return 301 https://10.0.0.123$request_uri;
        }
    
        ssl_dhparam /usr/local/nginx/conf/ssl/10.0.0.123/dhparam.pem;
        ssl_certificate      /usr/local/nginx/conf/ssl/10.0.0.123/10.0.0.123.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/10.0.0.123/10.0.0.123.key;
        include /usr/local/nginx/conf/ssl_include.conf;
    
        # Cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
        # ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/blockchaintalk.org/origin.crt;
        # ssl_verify_client on;
    
        http2_max_field_size 16k;
        http2_max_header_size 32k;
    
        # Dual Cert Supported SSL Ciphers
        ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
        ssl_prefer_server_ciphers   on;
    
        # add_header Alternate-Protocol  443:npn-spdy/3;
    
        # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
        # You'd want to include subdomains if you're using SSL wildcard certificates
        # include subdomain
        # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400; includeSubDomains';
        # exclude subdomains
        # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400';
    
        # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Xss-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "strict-origin-when-cross-origin";
        # spdy_headers_comp 5;
        ssl_buffer_size 1369;
        ssl_session_tickets on;
    
        # OCSP Stapling
        # resolver 8.8.8.8 8.8.4.4 valid=10m;
        # resolver_timeout 10s;
        # ssl_stapling on;
        # ssl_stapling_verify on;
        # ssl_trusted_certificate /usr/local/nginx/conf/ssl/10.0.0.121/10.0.0.121-trusted.crt;
    
        # ngx_pagespeed & ngx_pagespeed handler
        # include /usr/local/nginx/conf/pagespeed.conf;
        # include /usr/local/nginx/conf/pagespeedhandler.conf;
        # include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
        # Limit Connections Per IP Address
        # Modified from default to allow Admin directory to have more connections
        # Modified in nginx.conf
        # limit_conn_zone $limitconn_map zone=limit_per_ip:16m;
    
        # ssi  on;
    
        # Error Logs via 443
        access_log /home/nginx/domains/10.0.0.123/log/access_via443_123.log combined buffer=256k flush=60m;
        error_log /home/nginx/domains/10.0.0.123/log/error_via443_123.log;
    
        # CMM Autoprotect
        include /usr/local/nginx/conf/autoprotect/10.0.0.123/autoprotect-10.0.0.123.conf;
    
        # Root folder of project
        root /home/nginx/domains/10.0.0.123/public;
    
        # Cloudflare
        # uncomment cloudflare.conf include if using cloudflare for server and/or vhost site
        # include /usr/local/nginx/conf/cloudflare.conf;
    
        # Centmin Mod Maintenance Pages
        include /usr/local/nginx/conf/503include-main.conf;
    
        # location ~ ^/ {
        #     auth_basic "Private";
        #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_site;
        #     include /usr/local/nginx/conf/php.conf;
        #     try_files    $uri $uri/ /index.php;
        # }
    
        # Prevent access to ./directories and files
        location ~ (?:^|/)\. {
            deny all;
        }
       
        # Vanilla Forums Deny Locations
        location ~* "^/build/" {
            access_log off;
            log_not_found off;
            deny all;
        }
        location ~* "^/cache/" {
            access_log off;
            log_not_found off;
            deny all;
        }
        location ~* "^/cgi-bin/" {
            access_log off;
            log_not_found off;
            deny all;
        }
        location ~* "^/uploads/import/" {
            access_log off;
            log_not_found off;
            deny all;
        }
        location ~* "^/conf/" {
            access_log off;
            log_not_found off;
            deny all;
        }
        location ~* "^/tests/" {
            access_log off;
            log_not_found off;
            deny all;
        }
        location ~* "^/vendor/" {
            access_log off;
            log_not_found off;
            deny all;
        }
    
        location / {
    
            include /usr/local/nginx/conf/503include-only.conf;
    
            # block common exploits, sql injections etc
            include /usr/local/nginx/conf/block.conf;
    
            # Enables directory listings when index file not found
            # autoindex  on;
    
            # Shows file listing times as local time
            autoindex_localtime on;
    
            try_files $uri $uri/ @vanilla;
    
        }
    
        location @vanilla {
            rewrite ^ /index.php$uri last;
        }
    
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
        include /usr/local/nginx/conf/errorpage.conf;
        include /usr/local/nginx/conf/vts_server.conf;
    }
    Add the below line to your php.conf file:
    Code:
    fastcgi_param X_REWRITE 1;


     
    Last edited: Mar 27, 2018
  2. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Nice thanks for sharing. Coincidentally, i just had a play with Vanilla 2.5.1 forums too and mine is close but more basic
    Code (Text):
        location ~* "/\.git" { deny all; return 403; }
        location ~* "^/build/" { deny all; return 403; }
        location ~* "^/cache/" { deny all; return 403; }
        location ~* "^/cgi-bin/" { deny all; return 403; }
        location ~* "^/uploads/import/" { deny all; return 403; }
        location ~* "^/conf/" { deny all; return 403; }
        location ~* "^/tests/" { deny all; return 403; }
        location ~* "^/vendor/" { deny all; return 403; }
     
        location / {
                 try_files $uri @site;
        }
        location @site {
                 rewrite ^ /index.php?p=$uri&$args last;
        }
    

    make copy of php.conf for vanilla usage
    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_vanilla.conf
    

    using /usr/local/nginx/conf/php_vanilla.conf include in place of /usr/local/nginx/conf/php.conf
    Code (Text):
      #include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/php_vanilla.conf;
    


    With
    • Centmin Mod 123.09beta01
    • Nginx 1.13.10
    • PHP 7.1.15
    • MariaDB 10.1.31
    • CentOS 7.4
    • HostUS 2GB OpenVZ
    • 2 Cpu E5-1650v3 3.50Ghz
    default no caching

    Code (Text):
    ab -n 5000 -k -H "Accept-Encoding: gzip,deflate" -c 25 http://vanilla.domain.com/
    This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
    Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
    Licensed to The Apache Software Foundation, http://www.apache.org/
    
    Server Software:        nginx
    Server Hostname:        vanilla.domain.com
    Server Port:            80
    
    Document Path:          /
    Document Length:        2511 bytes
    
    Concurrency Level:      25
    Time taken for tests:   38.394 seconds
    Complete requests:      5000
    Failed requests:        0
    Write errors:           0
    Keep-Alive requests:    0
    Total transferred:      14050000 bytes
    HTML transferred:       12555000 bytes
    Requests per second:    130.23 [#/sec] (mean)
    Time per request:       191.972 [ms] (mean)
    Time per request:       7.679 [ms] (mean, across all concurrent requests)
    Transfer rate:          357.36 [Kbytes/sec] received
    
    Connection Times (ms)
                  min  mean[+/-sd] median   max
    Connect:        0    0   0.2      0      11
    Processing:    16  191  44.6    189     461
    Waiting:       16  191  44.6    189     461
    Total:         17  192  44.6    189     462
    
    Percentage of the requests served within a certain time (ms)
      50%    189
      66%    204
      75%    214
      80%    221
      90%    243
      95%    268
      98%    303
      99%    332
     100%    462 (longest request)


    with PHP-FPM fastcgi_cache + memcached backend

    Code (Text):
    ab -n 5000 -k -H "Accept-Encoding: gzip,deflate" -c 25 http://vanilla.domain.com/
    This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
    Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
    Licensed to The Apache Software Foundation, http://www.apache.org/
    
    Server Software:        nginx
    Server Hostname:        vanilla.domain.com
    Server Port:            80
    
    Document Path:          /
    Document Length:        2617 bytes
    
    Concurrency Level:      25
    Time taken for tests:   0.912 seconds
    Complete requests:      5000
    Failed requests:        0
    Write errors:           0
    Keep-Alive requests:    0
    Total transferred:      14785000 bytes
    HTML transferred:       13085000 bytes
    Requests per second:    5482.35 [#/sec] (mean)
    Time per request:       4.560 [ms] (mean)
    Time per request:       0.182 [ms] (mean, across all concurrent requests)
    Transfer rate:          15831.35 [Kbytes/sec] received
    
    Connection Times (ms)
                 min  mean[+/-sd] median   max
    Connect:        0    2   0.7      2       6
    Processing:     0    2   0.7      2       7
    Waiting:        0    2   0.7      2       6
    Total:          1    5   1.0      4       9
    
    Percentage of the requests served within a certain time (ms)
      50%      4
      66%      5
      75%      5
      80%      5
      90%      6
      95%      6
      98%      8
      99%      8
     100%      9 (longest request)
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    strangely i tried with and without below and pretty urls still work ? i did on installer, check do not need .htaccess though
    Code (Text):
    fastcgi_param X_REWRITE 1; # Needed for pretty URLs
    

    Not surprised as official documented nginx rules didn't exactly work for me either at Vanilla Forums Documentation. Using my above Vanilla nginx rules worked.

    All i had to do is add to conf/config.php
    Code (Text):
    $Configuration['Garden']['RewriteUrls'] = true;
    


    edit: also found this nginx rules in their github code vanilla/vanilla
     
  4. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    I can confirm that adding the rewrite to the conf file works. Didn't see docs on that.

    I guess I should put those deny blocks above the try_files.

    With the right theme, vanilla forums will allow me to deploy a large number of forums and move the forums which gain traction to IPB.

    The theme choices for vanilla forums really stink. Most of them look like they're from 2000 and other others don't work.
     
  5. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Oh, VF recommended using @ so the index.php file isn't called directly.

    I actually modified the IPB vhost file with the @ locations too.
     
  6. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    It seems like a nice forums package. I like that it's open source.

    I first went through all the plugins and themes to see what was offered above the basic forum stuff.
     
  8. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Looks like I'm going to need X_REWRITE 1; after all. nprestarted my server and none of the links worked.
     
  9. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    using my rules ?
     
  10. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Not with your exact rules. But our rules are pretty much the same.

    1. Without the line in the php.conf or VF conf = ugly urls. Pretty urls basically off.

    2. Line only in the VF conf = site works but only page that shows is the home page, no matter what link you click on.

    3. Line only in the php.conf = pretty urls.

    4. Line in the php.conf && VF conf = pretty urls.
     
    Last edited: Mar 26, 2018
  11. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I got that same issue using official vanilla doc's nginx rules. But using my own listed nginx rules above fixed the issue and didn't require X_REWRITE as long as $Configuration['Garden']['RewriteUrls'] = true; was set in conf/config.php ;)
     
  12. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Why would VF specifically request to put in the X_REWRITE if putting the line in the VF config = pretty urls? It would be a lot easier to tell people to put X line in the VF config.

    Why would VF request adding that and what does CMM do that results in not having to use the X_REWRITE?

    I'll test what you listed, but I think overall, I'll add the X_ because maybe in bleeding edge situations it's needed IDK???
     
  13. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Not sure it might be something left over from Apache and .htaccess rewrite setups. I did on installer check box that says do not require .htaccess when initially setting up Vanilla. Similar confusion from their instructions to use realpath_root which actually isn't needed unless you use symlinks for your paths. Otherwise document_root which is usual Nginx default is fine Refactor bootstraping and constants declaration by DaazKu · Pull Request #5492 · vanilla/vanilla

     
  14. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah the config.php option is legacy for compatibility and X_REWRITE should be used it seems from search github code https://github.com/vanilla/vanilla/search?utf8=✓&q=X_REWRITE&type=

    in vanilla/vanilla
    PHP:
            if ($rewrite === null) {
                
    // Garden.RewriteUrls is maintained for compatibility but X_REWRITE is what really need to be used.
                
    $rewrite val('X_REWRITE'$_SERVERc('Garden.RewriteUrls'true));
            }
     
  15. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    I did a search for X_ in CMM but didn't think to do a search of VF, good call.

    So, we use the X_ and not the line in the config. Glad we cleared this up.

    Looks like VF might be the next forum software in line for assimilation.
     
  16. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Maybe you should start a dedicated thread for VF?
     
  17. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Would there be any reason why X_ couldn't be included in the default php.conf file? Would having that hurt anything (Xenforo, IPB, WP, etc)?
     
  18. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    3:40 AM
    Where did you get the below from?
    Code:
    location @site {
         rewrite ^ /index.php?p=$uri&$args last;
    }

    VF install docs: Vanilla Forums Documentation
    Code:
    location @vanilla {
         rewrite ^ /index.php$uri last;
    }
     
  19. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Well i am not spending too much time on Vanilla as not much spare time to begin with. Was just a curiosity.
    It's something specific to Vanilla so not going to add it by default.
    IIRC it was somewhere on their forums posted by nginx user Open Source Community Forum Software
     
  20. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+