Vanilla Vanilla Forums 2.5.1+ vhost Configuration

Jimmy · Mar 26, 2018

Vanilla Forums 2.5.1+ vhost Configuration

Available on Github: Centmin mod nginx vhost configuration for Vanilla Forums software.

Code:

# Vanilla Forums 2.5.1+ working NGINX site conf file for use with Centminmod.
# Vanilla Forums:  https://vanillaforums.com/en/
# Vanilla Forums nginx docs:  https://docs.vanillaforums.com/developer/backend/server-nginx/
# Vanilla Forums github:  https://github.com/vanilla
# Centmin mod:  https://centminmod.com
# Centmin mod forum thread: https://community.centminmod.com/threads/vanilla-forums-2-5-1-vhost-configuration.14335/

# This file is for a FORCED SSL site.  Non-SSL requests will be directed to SSL.
# 10.0.0.123 is a demo IP.  Replace with your domain. Example:  yourdomain.com
# Thanks to @eva2000 from Centminmod for all your help!

# Redirect to HTTPS from port 80
# Redirect from www to non-www with forced SSL
server {
    listen  80;
    # listen []:80 ipv6only=off;
    server_name 10.0.0.123 www.10.0.0.123;
    return 301 https://10.0.0.123$request_uri;

    # Error Logs via 80
    access_log /home/nginx/domains/10.0.0.123/log/access_via80_123.log combined buffer=256k flush=5m;
    error_log /home/nginx/domains/10.0.0.123/log/error_via80_123.log;
}

server {
    listen 10.0.0.123:443 ssl http2;
    # listen []:443 ssl http2 ipv6only=off;
    server_name  10.0.0.123;

    # Will re-direct any SSL requests for www to non-www
    # https://centminmod.com/nginx_domain_dns_setup.html#httpsredirect
    if ($host = 'www.10.0.0.123' ) {
        return 301 https://10.0.0.123$request_uri;
    }

    ssl_dhparam /usr/local/nginx/conf/ssl/10.0.0.123/dhparam.pem;
    ssl_certificate      /usr/local/nginx/conf/ssl/10.0.0.123/10.0.0.123.crt;
    ssl_certificate_key  /usr/local/nginx/conf/ssl/10.0.0.123/10.0.0.123.key;
    include /usr/local/nginx/conf/ssl_include.conf;

    # Cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
    # ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/blockchaintalk.org/origin.crt;
    # ssl_verify_client on;

    http2_max_field_size 16k;
    http2_max_header_size 32k;

    # Dual Cert Supported SSL Ciphers
    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    ssl_prefer_server_ciphers   on;

    # add_header Alternate-Protocol  443:npn-spdy/3;

    # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
    # You'd want to include subdomains if you're using SSL wildcard certificates
    # include subdomain
    # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400; includeSubDomains';
    # exclude subdomains
    # add_header Public-Key-Pins 'pin-sha256="kUtRfCe0JWOz1gw4DOGvf15QCfSLkIrlu+eOpf/PFOg="; pin-sha256="7nF+BczNEgtaZKE9fU80QwigQ+9Ip5S4AhR8CYM/U70="; max-age=86400';

    # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Xss-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin";
    # spdy_headers_comp 5;
    ssl_buffer_size 1369;
    ssl_session_tickets on;

    # OCSP Stapling
    # resolver 8.8.8.8 8.8.4.4 valid=10m;
    # resolver_timeout 10s;
    # ssl_stapling on;
    # ssl_stapling_verify on;
    # ssl_trusted_certificate /usr/local/nginx/conf/ssl/10.0.0.121/10.0.0.121-trusted.crt;

    # ngx_pagespeed & ngx_pagespeed handler
    # include /usr/local/nginx/conf/pagespeed.conf;
    # include /usr/local/nginx/conf/pagespeedhandler.conf;
    # include /usr/local/nginx/conf/pagespeedstatslog.conf;

    # Limit Connections Per IP Address
    # Modified from default to allow Admin directory to have more connections
    # Modified in nginx.conf
    # limit_conn_zone $limitconn_map zone=limit_per_ip:16m;

    # ssi  on;

    # Error Logs via 443
    access_log /home/nginx/domains/10.0.0.123/log/access_via443_123.log combined buffer=256k flush=60m;
    error_log /home/nginx/domains/10.0.0.123/log/error_via443_123.log;

    # CMM Autoprotect
    include /usr/local/nginx/conf/autoprotect/10.0.0.123/autoprotect-10.0.0.123.conf;

    # Root folder of project
    root /home/nginx/domains/10.0.0.123/public;

    # Cloudflare
    # uncomment cloudflare.conf include if using cloudflare for server and/or vhost site
    # include /usr/local/nginx/conf/cloudflare.conf;

    # Centmin Mod Maintenance Pages
    include /usr/local/nginx/conf/503include-main.conf;

    # location ~ ^/ {
    #     auth_basic "Private";
    #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_site;
    #     include /usr/local/nginx/conf/php.conf;
    #     try_files    $uri $uri/ /index.php;
    # }

    # Prevent access to ./directories and files
    location ~ (?:^|/)\. {
        deny all;
    }
   
    # Vanilla Forums Deny Locations
    location ~* "^/build/" {
        access_log off;
        log_not_found off;
        deny all;
    }
    location ~* "^/cache/" {
        access_log off;
        log_not_found off;
        deny all;
    }
    location ~* "^/cgi-bin/" {
        access_log off;
        log_not_found off;
        deny all;
    }
    location ~* "^/uploads/import/" {
        access_log off;
        log_not_found off;
        deny all;
    }
    location ~* "^/conf/" {
        access_log off;
        log_not_found off;
        deny all;
    }
    location ~* "^/tests/" {
        access_log off;
        log_not_found off;
        deny all;
    }
    location ~* "^/vendor/" {
        access_log off;
        log_not_found off;
        deny all;
    }

    location / {

        include /usr/local/nginx/conf/503include-only.conf;

        # block common exploits, sql injections etc
        include /usr/local/nginx/conf/block.conf;

        # Enables directory listings when index file not found
        # autoindex  on;

        # Shows file listing times as local time
        autoindex_localtime on;

        try_files $uri $uri/ @vanilla;

    }

    location @vanilla {
        rewrite ^ /index.php$uri last;
    }

    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/drop.conf;
    include /usr/local/nginx/conf/errorpage.conf;
    include /usr/local/nginx/conf/vts_server.conf;
}

Add the below line to your php.conf file:

Code:

fastcgi_param X_REWRITE 1;

eva2000 · Mar 26, 2018

Nice thanks for sharing. Coincidentally, i just had a play with Vanilla 2.5.1 forums too and mine is close but more basic

Code (Text):

    location ~* "/\.git" { deny all; return 403; }
    location ~* "^/build/" { deny all; return 403; }
    location ~* "^/cache/" { deny all; return 403; }
    location ~* "^/cgi-bin/" { deny all; return 403; }
    location ~* "^/uploads/import/" { deny all; return 403; }
    location ~* "^/conf/" { deny all; return 403; }
    location ~* "^/tests/" { deny all; return 403; }
    location ~* "^/vendor/" { deny all; return 403; }
 
    location / {
             try_files $uri @site;
    }
    location @site {
             rewrite ^ /index.php?p=$uri&$args last;
    }

make copy of php.conf for vanilla usage

Code (Text):

cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_vanilla.conf

using /usr/local/nginx/conf/php_vanilla.conf include in place of /usr/local/nginx/conf/php.conf

Code (Text):

  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/php_vanilla.conf;

With

Centmin Mod 123.09beta01
Nginx 1.13.10
PHP 7.1.15
MariaDB 10.1.31
CentOS 7.4
HostUS 2GB OpenVZ
2 Cpu E5-1650v3 3.50Ghz

default no caching

Code (Text):

ab -n 5000 -k -H "Accept-Encoding: gzip,deflate" -c 25 http://vanilla.domain.com/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Server Software:        nginx
Server Hostname:        vanilla.domain.com
Server Port:            80

Document Path:          /
Document Length:        2511 bytes

Concurrency Level:      25
Time taken for tests:   38.394 seconds
Complete requests:      5000
Failed requests:        0
Write errors:           0
Keep-Alive requests:    0
Total transferred:      14050000 bytes
HTML transferred:       12555000 bytes
Requests per second:    130.23 [#/sec] (mean)
Time per request:       191.972 [ms] (mean)
Time per request:       7.679 [ms] (mean, across all concurrent requests)
Transfer rate:          357.36 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.2      0      11
Processing:    16  191  44.6    189     461
Waiting:       16  191  44.6    189     461
Total:         17  192  44.6    189     462

Percentage of the requests served within a certain time (ms)
  50%    189
  66%    204
  75%    214
  80%    221
  90%    243
  95%    268
  98%    303
  99%    332
 100%    462 (longest request)

with PHP-FPM fastcgi_cache + memcached backend

Code (Text):

ab -n 5000 -k -H "Accept-Encoding: gzip,deflate" -c 25 http://vanilla.domain.com/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Server Software:        nginx
Server Hostname:        vanilla.domain.com
Server Port:            80

Document Path:          /
Document Length:        2617 bytes

Concurrency Level:      25
Time taken for tests:   0.912 seconds
Complete requests:      5000
Failed requests:        0
Write errors:           0
Keep-Alive requests:    0
Total transferred:      14785000 bytes
HTML transferred:       13085000 bytes
Requests per second:    5482.35 [#/sec] (mean)
Time per request:       4.560 [ms] (mean)
Time per request:       0.182 [ms] (mean, across all concurrent requests)
Transfer rate:          15831.35 [Kbytes/sec] received

Connection Times (ms)
             min  mean[+/-sd] median   max
Connect:        0    2   0.7      2       6
Processing:     0    2   0.7      2       7
Waiting:        0    2   0.7      2       6
Total:          1    5   1.0      4       9

Percentage of the requests served within a certain time (ms)
  50%      4
  66%      5
  75%      5
  80%      5
  90%      6
  95%      6
  98%      8
  99%      8
 100%      9 (longest request)

eva2000 · Mar 26, 2018

strangely i tried with and without below and pretty urls still work ? i did on installer, check do not need .htaccess though
Code (Text):
fastcgi_param X_REWRITE 1; # Needed for pretty URLs
Not surprised as official documented nginx rules didn't exactly work for me either at Vanilla Forums Documentation. Using my above Vanilla nginx rules worked.

All i had to do is add to conf/config.php
Code (Text):
$Configuration['Garden']['RewriteUrls'] = true;
edit: also found this nginx rules in their github code vanilla/vanilla

Jimmy · Mar 26, 2018

I can confirm that adding the rewrite to the conf file works. Didn't see docs on that.

I guess I should put those deny blocks above the try_files.

With the right theme, vanilla forums will allow me to deploy a large number of forums and move the forums which gain traction to IPB.

The theme choices for vanilla forums really stink. Most of them look like they're from 2000 and other others don't work.

Jimmy · Mar 26, 2018

Oh, VF recommended using @ so the index.php file isn't called directly.

I actually modified the IPB vhost file with the @ locations too.

eva2000 · Mar 26, 2018

yeah deny blocks need to be first

no idea on themes, literally spent my first hour reading vanilla docs for first time

Vanilla Forums Documentation

Open Source Community Forum Software

Vanilla Forums Documentation

Vanilla Forums Documentation

Vanilla Forums Documentation

Jimmy · Mar 26, 2018

It seems like a nice forums package. I like that it's open source.

I first went through all the plugins and themes to see what was offered above the basic forum stuff.

Jimmy · Mar 26, 2018

Looks like I'm going to need X_REWRITE 1; after all. nprestarted my server and none of the links worked.

eva2000 · Mar 26, 2018

Jimmy said: ↑

Looks like I'm going to need X_REWRITE 1; after all. nprestarted my server and none of the links worked.
Click to expand...

using my rules ?

Jimmy · Mar 26, 2018

Not with your exact rules. But our rules are pretty much the same.

1. Without the line in the php.conf or VF conf = ugly urls. Pretty urls basically off.

2. Line only in the VF conf = site works but only page that shows is the home page, no matter what link you click on.

3. Line only in the php.conf = pretty urls.

4. Line in the php.conf && VF conf = pretty urls.

eva2000 · Mar 27, 2018

Jimmy said: ↑

2. Line only in the VF conf = site works but only page that shows is the home page, no matter what link you click on.
Click to expand...

I got that same issue using official vanilla doc's nginx rules. But using my own listed nginx rules above fixed the issue and didn't require X_REWRITE as long as $Configuration['Garden']['RewriteUrls'] = true; was set in conf/config.php

Jimmy · Mar 27, 2018

Why would VF specifically request to put in the X_REWRITE if putting the line in the VF config = pretty urls? It would be a lot easier to tell people to put X line in the VF config.

Why would VF request adding that and what does CMM do that results in not having to use the X_REWRITE?

I'll test what you listed, but I think overall, I'll add the X_ because maybe in bleeding edge situations it's needed IDK???

eva2000 · Mar 27, 2018

Jimmy said: ↑

Why would VF specifically request to put in the X_REWRITE if putting the line in the VF config = pretty urls? It would be a lot easier to tell people to put X line in the VF config.

Why would VF request adding that and what does CMM do that results in not having to use the X_REWRITE.
Click to expand...

Not sure it might be something left over from Apache and .htaccess rewrite setups. I did on installer check box that says do not require .htaccess when initially setting up Vanilla. Similar confusion from their instructions to use realpath_root which actually isn't needed unless you use symlinks for your paths. Otherwise document_root which is usual Nginx default is fine Refactor bootstraping and constants declaration by DaazKu · Pull Request #5492 · vanilla/vanilla

From a php perspective this doesn't change anything.

For your webserver, you should use realpath_root instead of document_root if you use symlinks.
Click to expand...

eva2000 · Mar 27, 2018

ah the config.php option is legacy for compatibility and X_REWRITE should be used it seems from search github code https://github.com/vanilla/vanilla/search?utf8=✓&q=X_REWRITE&type=

in vanilla/vanilla

PHP:

if ($rewrite === null) { // Garden.RewriteUrls is maintained for compatibility but X_REWRITE is what really need to be used. $rewrite = val('X_REWRITE', $_SERVER, c('Garden.RewriteUrls', true)); }

Jimmy · Mar 27, 2018

I did a search for X_ in CMM but didn't think to do a search of VF, good call.

So, we use the X_ and not the line in the config. Glad we cleared this up.

Looks like VF might be the next forum software in line for assimilation.

Jimmy · Mar 27, 2018

Maybe you should start a dedicated thread for VF?

Jimmy · Mar 27, 2018

Would there be any reason why X_ couldn't be included in the default php.conf file? Would having that hurt anything (Xenforo, IPB, WP, etc)?

Jimmy · Mar 27, 2018

Where did you get the below from?
Code:
location @site {
     rewrite ^ /index.php?p=$uri&$args last;
}
VF install docs: Vanilla Forums Documentation
Code:
location @vanilla {
     rewrite ^ /index.php$uri last;
}

eva2000 · Mar 27, 2018

Well i am not spending too much time on Vanilla as not much spare time to begin with. Was just a curiosity.

Jimmy said: ↑

Would there be any reason why X_ couldn't be included in the default php.conf file? Would having that hurt anything (Xenforo, IPB, WP, etc)?
Click to expand...

It's something specific to Vanilla so not going to add it by default.

Jimmy said: ↑

Where did you get the below from?
Click to expand...

IIRC it was somewhere on their forums posted by nginx user Open Source Community Forum Software

eva2000 · Mar 27, 2018

Garden.RewriteUrls seems to still be a valid way of doing it too

Can't update from version 2.1 to 2.5 without major breakage

looking for a plugin to make vanilla url's friendly

for PHP coders, they maybe able to understand how vanilla is processing requests i think from this file vanilla/vanilla

Log in / Register

Forums

Want more timely Centmin Mod News Updates?

Vanilla Vanilla Forums 2.5.1+ vhost Configuration

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Jimmy Well-Known Member

Jimmy Well-Known Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want more timely Centmin Mod News Updates?

Vanilla Vanilla Forums 2.5.1+ vhost Configuration

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Jimmy Well-Known Member

Jimmy Well-Known Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.