Nginx and vBulletin Connect 5 Vhost

vBulletin 5.0.4 was released with Nginx support. Versions prior to <5.0.4 will need to upgrade to at least vBulletin 5.0.4 for Nginx to work properly.

General Notes:
  • Within the vB 5.0.4 zip download's do_not_upload folder there is an nginx.vhost file that contains an example Nginx vhost you can use with vBulletin 5.0.4. The vBulletin online manual also lists the sample nginx.vhost file. But I would always check the downloaded zip file's version first as updates or changes may occur with new vB5 version releases. You'll have to configure and setup the Nginx vhost yourself if you are using Nginx which is not installed and setup by Centmin Mod installer. The below information is only for Centmin Mod installed Nginx web server's vhost format.
  • The nginx.vhost file included in download zip file was created by a vB5 developer who tested on Ubuntu based Nginx servers and due to the nature of Nginx, there isn't one correct way to configure Nginx vhosts for a specific web application or script, especially if you are running other web applications or scripts on the same server/domain. You or the web host or system admin who setup your Nginx server would be responsible for dealing with any conflicts with various web applications or scripts own respective Nginx rewrite rules within the domain's Nginx vhost file.
  • For Centmin Mod installed Nginx server, the Nginx vhost configuration for vBulletin 5.0.4+ is different. Again, you or the web host or system admin who setup your Nginx server would be responsible for dealing with any conflicts with various web applications or scripts own respective Nginx rewrite rules within the domain's Nginx vhost file. Below are illustrated examples of how vBulletin 5.0.4 Nginx vhost is configured for Centmin Mod installed Nginx.
  • Your domain's Nginx vhost configuration file would be at a location like /usr/local/nginx/conf/conf.d/yourdomainname.com.conf. This file is created when you use Centmin Mod's menu option #2 to 'Add Nginx vhost domain'.
  • Centmin Mod v1.2.3-eva2000.03 made a change in /usr/local/lib/php.ini for security reasons to disable some PHP functions:

      disable_functions = exec,passthru,shell_exec,system,proc_open,popen
    

    For vB to work with ImageMagicK instead of the default GD for image resizing, do following:

    1. Edit php.ini (shortcut command phpedit) and remove all listed functions exec,passthru,shell_exec,system,proc_open,popen as they are all used for vB5
    2. Set ImageMagicK path to /usr/bin and save and select ImageMagicK
    3. Restart php-fpm service (shortcut command fpmrestart)

vBulletin 5.0.4+ Nginx vhost & configuration Examples:
  1. vBulletin 5.0.4+ subdirectory installs
  2. vBulletin 5.0.4+ web root installs
  3. Password Protecting Admincp instructions

vBulletin 5.0.4+ subdirectory installs

Centmin Mod Nginx vhost template for vBulletin 5.0.4+ installed within a subdirectory yourdomainname.com/504 as follows (replace all instances of /504 with your chosen vB5 install subdirectory name):

Domain name, yourdomainname.com's Nginx vhost i.e. /usr/local/nginx/conf/conf.d/yourdomainname.com.conf

:

  server {
            listen   80;
            server_name yourdomainname.com www.yourdomainname.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/yourdomainname.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/yourdomainname.com/log/error.log;

  root /home/nginx/domains/yourdomainname.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  }

  include /home/nginx/domains/yourdomainname.com/includes/vb504.conf;
  include /home/nginx/domains/yourdomainname.com/includes/vb505.conf;

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/phpvb5.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Contents of /home/nginx/domains/yourdomainname.com/includes/vb504.conf. vb505.conf is same just with /505 directories specified instead. You'll need to create the /includes directory and these file yourself.

          # legacy css being handled separate for performance
        location ^~ /504/css.php {
        include /usr/local/nginx/conf/phpvb5.conf;
        rewrite ^ /504/core/css.php break;

        }

        # make install available from root
        location ~ /504/install/ {
                rewrite ^ /504/core/install/ break;
        }

        # configuration rules
        # any request to not existing item gets redirected through routestring
        location ^~ /504/ {
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/phpvb5.conf;

                if (!-f $request_filename) {
                        rewrite ^/504/(.*)$ /504/index.php?routestring=$1 last;
                }
        }

        location /504/core/(includes|vb|cache|libraries|vb5)/ {
        allow 127.0.0.1;
        deny all;
        }

        # make admincp available from root
        location ^~ /504/admincp {
        #auth_basic "Private";
        #auth_basic_user_file /usr/local/nginx/conf/htpasswd;

                if (!-f $request_filename) {
                        rewrite /504/admincp/(.*)$ /504/index.php?routestring=admincp/$1 last;
                }
        }

Contents of /usr/local/nginx/conf/phpvb5.conf. You'll need to create this file yourself.

  location ~ /504/.*\.php$ {

        if (!-f $request_filename) {
        rewrite ^/504/(.*)$ /504/index.php?routestring=$1 break;
        }
    
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass   127.0.0.1:9000;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;
    #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_FILENAME    $request_filename;

fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
#fastcgi_param HTTPS on;

fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

The restart Nginx server and PHP-FPM service for it to take effect:

  service nginx restart
  service php-fpm restart

or command shortcut

  nprestart


vBulletin 5.0.4+ web root installs

Centmin Mod Nginx vhost template for vBulletin 5.0.4+ installed from web root i.e. yourdomainname.com/ as follows:

Domain name, yourdomainname.com's Nginx vhost i.e. /usr/local/nginx/conf/conf.d/yourdomainname.com.conf

:

  server {
            listen   80;
            server_name yourdomainname.com www.yourdomainname.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/yourdomainname.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/yourdomainname.com/log/error.log;

  root /home/nginx/domains/yourdomainname.com/public;

        # legacy css being handled separate for performance
        location ^~ /css.php {
        include /usr/local/nginx/conf/phpvb5.conf;
        rewrite ^ /core/css.php break;

        }

        # make install available from root
        location ~ /install/ {
                rewrite ^ /core/install/ break;
        }

        # configuration rules
        # any request to not existing item gets redirected through routestring
        location ^~ / {
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/phpvb5.conf;

                if (!-f $request_filename) {
                        rewrite ^/(.*)$ /index.php?routestring=$1 last;
                }
        }

        location /core/(includes|vb|cache|libraries|vb5)/ {
        allow 127.0.0.1;
        deny all;
        }

        # make admincp available from root
        location ^~ /admincp {
        #auth_basic "Private";
        #auth_basic_user_file /usr/local/nginx/conf/htpasswd;

                if (!-f $request_filename) {
                        rewrite /admincp/(.*)$ /index.php?routestring=admincp/$1 last;
                }
        }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/phpvb5.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Contents of /usr/local/nginx/conf/phpvb5.conf. You'll need to create this file yourself.

  location ~ \.php$ {

        if (!-f $request_filename) {
        rewrite ^/(.*)$ /index.php?routestring=$1 break;
        }
    
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass   127.0.0.1:9000;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;
    #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_FILENAME    $request_filename;

fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
#fastcgi_param HTTPS on;

fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

The restart Nginx server and PHP-FPM service for it to take effect:

  service nginx restart
  service php-fpm restart

or command shortcut

  nprestart


Password Protecting Admincp

Notice that admincp directory can be password protected but Nginx doesn't support .htaccess like Apache does. For Nginx you need to use HttpAuthBasicModule. For Centmin Mod Nginx installs, you can use the included python based tool, htpasswd.py to set up password protection files.

  1. You need to use to either create a password file or append to an existing file (i.e. /usr/local/nginx/conf/htpasswd).
  2. The password file can be named anything you like and created anywhere you like. Just do not place the file anywhere publicaly accessible i.e. not below /public web root. For this example chose /usr/local/nginx/conf/htpasswd.

To create a new /usr/local/nginx/conf/htpasswd with username and password use the following command like in SSH where you change username and password fields to one of your own choosing:

  /usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd username password

To append to existing /usr/local/nginx/conf/htpasswd file, remove the -c option

  /usr/local/nginx/conf/htpasswd.sh append /usr/local/nginx/conf/htpasswd username password

Then within admincp location of Nginx vhost uncomment (remove hash # in front of the 2 relevant lines):

        #auth_basic "Private";
        #auth_basic_user_file /usr/local/nginx/conf/htpasswd;

The restart Nginx server for it to take effect:

  service nginx restart

or command shortcut

  ngxrestart