Where has this gone?

Posted October 19, 201311 yr

http://community.invisionpower.com/topic/384522-how-to-set-up-a-secure-ipboard-installation-with-nginx-and-php-fpm/

I refer to this thread all the time, where has it gone?

October 19, 201311 yr

Community Expert

Probably moved to some area where we don't have permission to view.

October 19, 201311 yr

Author

I would prefer that it was returned so I can download it - for future reference to my own IPB server setup.

I mean, every single other thread about servers and setups is available................except Kirito's posts - which does put us who refer to them, at a disadvantage (hint hint IPS).

October 19, 201311 yr

nooo

I was planing to use this thread to setup my VPS when I move out soon. I don't think the thread broke any rules, please bring it back, lock it if you have to, but there was tons of useful information there.

October 19, 201311 yr

The author requested its removal, along with their resources. As it was in effect a support topic the decision was made to remove the topic, normally topics stay however.

October 19, 201311 yr

Well thats a shame, a really shame. Why would it have been requested to be removed? :(

October 19, 201311 yr

I'm sorry for having the topic removed without any prior notice. I didn't think anyone would really notice it was gone.

For a number of reasons, I no longer plan on participating in the IPS community and cannot continue to offer support to anyone.

I'm mostly just sick of all the drama I've been involved with and have personally put myself in here. Management in general and most of the active developers/contributors have long wanted me gone anyways, and for a number of reasons they probably have a justifiable reason to feel that way. But really, at the same time, I feel like all of the effort I've put into contributing to the community and contributing to IPS as a whole over the years has been completely shunned and disregarded by the administration in response to a few personal disputes, and that really has made me lose any of the remaining motivation I had for staying.

But as for why I requested to have the topic removed, there are a number of reasons. The topic in question was in need of a rewrite. It was messy and disorganized with some out of date information. When I first created the topic, I didn't even realize at the time that topics in this forum were restricted to members with an active client account only. My initial hopes for the thread were that it would be information freely available to everyone, whether or not they had a currently active/renewed subscription.

Rather than completely abandon the thread and leave, my intention was to rewrite it and publish it publicly elsewhere, where It can be freely edited/updated as needed and where the guide can be freely used and referenced by anyone.

I'm going to try and write something to submit to Nginx's Wiki and re-publish an updated version of the guide somewhere else at a later date, but if you need the reference, here's a copy of the old thread:

Installing the latest stable release of NGiNX on Debian or CentOSBasic NGiNX configurationSetting up rewrite rules for IP.Board through NGiNXInstalling and configuring PHP-FPMSetting up proper, secure permissions for your IP.Board powered website

# NGiNX Official Debian Repository
deb http://nginx.org/packages/debian/ squeeze nginx
deb-src http://nginx.org/packages/debian/ squeeze nginx

wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
rm nginx_signing.key

apt-get update
apt-get install nginx

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1

wget http://nginx.org/keys/nginx_signing.key
rpm --import nginx_signing.key
rm nginx_signing.key

yum install nginx
/etc/init.d/nginx start

# DotDeb Debian Repository
deb http://packages.dotdeb.org squeeze all
deb-src http://packages.dotdeb.org squeeze all

wget http://www.dotdeb.org/dotdeb.gpg
apt-key add dotdeb.gpg
rm dotdeb.gpg

apt-get update
apt-get install php5 php5-apc php5-cli php5-common php5-curl php5-fpm php5-gd php5-imagick php5-imap php5-mysql

yum install php-cli php-curl php-fpm php-gd php-imap php-mysql php-xml php-pecl-apc

user  nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log error;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    server_tokens off;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  30;

    #gzip  on;

    include conf.d/*.conf;
}

server {
    listen       80;
    server_name  yourdomain.com www.yourdomain.com;
    root         /srv/http/yourdomain.com/root;

    # Basic web server configuration.
    index        index.php;
    #access_log   off;
    client_max_body_size  1G;

    # GZIP static content not processed by IPB.
    gzip  on;
    gzip_static on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 3;
    gzip_proxied any;
    gzip_types text/plain text/css application/json application/x-javascript application/xml application/xml+rss text/javascript application/javascript text/x-js;
    gzip_buffers 16 8k;
    gzip_disable "MSIE [1-6].(?!.*SV1)";

    # Set up rewrite rules.
    location / {
        try_files  $uri $uri/ /index.php;
    }
    location ~^(/page/).*(.php)$ {
        try_files  $uri $uri/ /index.php;
    }

    # Stub Status module
    location /server_status {
        stub_status on;
        #allow 127.0.0.1;
        #deny all;
    }

    # Deny access to hidden files
    location ~ /. {
        deny  all;
    }

    # Mask fake admin directory
    location ~^/admin/(.*)$ {
        deny     all;
    }

    # Secure real admin directory
    location ~^(/nimda/).*(.php) {
        #allow         127.0.0.1;
        #deny          all;
        #auth_basic    "Restricted Area";
        #auth_basic_user_file $document_root/nimda/.htpasswd;
        fastcgi_pass   unix:/var/run/php-fpm/ipboard.sock;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        /etc/nginx/fastcgi_params;
    }

    # IP.Board PHP/CGI Protection
    location ~^(/uploads/).*(.php)$ {
        deny     all;
    }
    location ~^(/hooks/).*(.php)$ {
        deny     all;
    }
    location ~^(/cache/).*(.php)$ {
        deny     all;
    }
    location ~^(/screenshots/).*(.php)$ {
        deny     all;
    }
    location ~^(/downloads/).*(.php)$ {
        deny     all;
    }
    location ~^(/blog/).*(.php)$ {
        deny     all;
    }
    location ~^(/public/style_).*(.php)$ {
        deny     all;
    }

    # Caching directives for static files.
    location ~^(/uploads/profile/).*.(jpg|jpeg|gif|png)$ {
        access_log off;
        expires    1d;
    }
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml|htm|txt|swf|cur)$ {
        access_log off;
        expires    1w;
    }

    # Pass PHP scripts to php-fpm
    location ~ .php$ {
        fastcgi_pass   unix:/var/run/php-fpm/ipboard.sock;
        fastcgi_index  index.php;
        fastcgi_buffers 16 8k;
        fastcgi_buffer_size 16k;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        /etc/nginx/fastcgi_params;
    }
}

mkdir -p /srv/http/yourdomain.com/root
useradd --system ipboard
groupadd --system http
gpasswd -a nginx http
chown -R ipboard:http /srv/http/yourdomain.com

[ipboard]

; Set the prefix directory and the user/group to run under
prefix = /var/run/php-fpm
user = php-fpm
group = http

; Configure listen(2) directives
listen = ipboard.sock
listen.backlog = 4096
listen.owner = php-fpm
listen.group = http
listen.mode = 0660

; Set up the process manager
pm = static
pm.max_children = 10
pm.max_requests = 250
pm.status_path = /fpm.php

; The timeout for serving a single request. Prevents runaway scripts.
request_terminate_timeout = 5m

; Only execute .php scripts.
chdir = /srv/http/yourdomain.com/root
security.limit_extensions = .php

; Environment variables.
;env[HOSTNAME] = $HOSTNAME
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
env[DOCUMENT_ROOT] = /srv/http/yourdomain.com/root

; PHP flags and security directives for just this site
php_flag[display_errors] = off
php_admin_value[open_basedir] = /srv/http/yourdomain.com/root:/tmp:/usr/bin
php_admin_value[disable_functions] = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink
php_admin_value[upload_max_filesize] = 1G
php_admin_value[post_max_size] = 1G

mkdir /var/run/php-fpm
useradd --system php-fpm
chown php-fpm:root /var/run/php-fpm

/etc/init.d/nginx restart
/etc/init.d/php-fpm restart

<?php
phpinfo();
?>

chown -R ipboard:http /srv/http/yourdomain.com
httproot=/srv/http/yourdomain.com/root
find $httproot -type d -exec chmod 0750 {} ;
find $httproot -type f -exec chmod 0640 {} ;
find $httproot/{uploads,cache,downloads,hooks,screenshots,blog,public/style_*} -type d -exec chmod 0770 {} ;
find $httproot/{uploads,cache,downloads,hooks,screenshots,blog,public/style_*} -type f -exec chmod 0660 {} ;

<?php

    define( 'CP_DIRECTORY', 'nimda' );

?>

chmod 0640 constants.php
chown ipboard:http constants.php

I probably could have just requested to have the thread locked instead of removed, I guess. But anyways, there you go. You're still welcome to send me a message if you have questions/need help, but I can't guarantee a quick response (or a response at all).

October 19, 201311 yr

shoot, meant to print the whole topic (with replies) to pdf other day and didn't.

was a super useful post.

thanks for posting this part.

October 19, 201311 yr

Author

I'm sorry for having the topic removed without any prior notice. I didn't think anyone would really notice it was gone.

For a number of reasons, I no longer plan on participating in the IPS community and cannot continue to offer support to anyone.

I'm mostly just sick of all the drama I've been involved with and have personally put myself in here. Management in general and most of the active developers/contributors have long wanted me gone anyways, and for a number of reasons they probably have a justifiable reason to feel that way. But really, at the same time, I feel like all of the effort I've put into contributing to the community and contributing to IPS as a whole over the years has been completely shunned and disregarded by the administration in response to a few personal disputes, and that really has made me lose any of the remaining motivation I had for staying.

But as for why I requested to have the topic removed, there are a number of reasons. The topic in question was in need of a rewrite. It was messy and disorganized with some out of date information. When I first created the topic, I didn't even realize at the time that topics in this forum were restricted to members with an active client account only. My initial hopes for the thread were that it would be information freely available to everyone, whether or not they had a currently active/renewed subscription.

Rather than completely abandon the thread and leave, my intention was to rewrite it and publish it publicly elsewhere, where It can be freely edited/updated as needed and where the guide can be freely used and referenced by anyone.

I'm going to try and write something to submit to Nginx's Wiki and re-publish an updated version of the guide somewhere else at a later date, but if you need the reference, here's a copy of the old thread:

I probably could have just requested to have the thread locked instead of removed, I guess. But anyways, there you go. You're still welcome to send me a message if you have questions/need help, but I can't guarantee a quick response (or a response at all).

Thank you very much for reposting this information.

I was very upset with myself (like Dmacleo) because when I went to save as a pdf - It was gone :hyper: It was just one of those things I had put off for so long.........lesson learnt.

If I could ask, could you PM me when you do update the Nginx wiki (or provide links) please - I would love to see the entry and bookmark it.

Again thanks very much, you have no idea how helpful this information is to us ;) (well I guess you do now :grin: )

EDIT: I do hope that what ever is happening - it settles down to everyone's satisfaction!

October 19, 201311 yr

another developer gone :sad:

October 19, 201311 yr

Author

another developer gone :sad:

Yeah - that concerns me a fair bit. As there has to be a reason why this continues to happen.

I do hope that whatever is causing these problems, are nipped in the bud ASAP before we lose more dev's.

Just thought that I would add that Kirito's posts are always informative and are (shudders - or was) a huge help to this community :thumbsup:

October 19, 201311 yr

had that topic saved as bookmark in forefox toolbar and accessed a lot, was very useful.

hope it all works out.

Five Invision Community 5 features your team will love

Five Invision Community 5 features your members will love

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Where has this gone?

Featured Replies

Archived

Recently Browsing 0

Account

Navigation

Search