phpBB 3.1.10 to 3.2.0 - No input file specified.

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
Lumpy Burgertushie
Registered User
Posts: 67227
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Lumpy Burgertushie »

the cache is right where it belongs. that was added in 3.2

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5444
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Marc »

Ok, I was finally able to free up some time after two 11 hour days. Anyway, this is the nginx config file that should work on windows:

Code: Select all

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        root C:/nginx/html;

        location /forums/ {
            # phpBB uses index.htm
            index  index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /forums/app.php/$1 last;
        }
        
        # Deny access to internal phpbb files.
        location ~ /forums/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }
        
        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /forums/app.php$is_args$args;
            fastcgi_pass php;
        }
        
        # Correctly pass scripts for installer
        location /forums/install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /forums/install/app.php$is_args$args;
                fastcgi_pass php;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /forums/install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /forums/\.svn|/forums/\.git {
            deny all;
            internal;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
	
    # If running php as fastcgi, specify php upstream.
    upstream php {
        server 127.0.0.1:9000;
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}
It is based on the default nginx.conf for Windows and does not contain anything regarding proper SSL.

The timeout error you mentioned can happen when you specify your upstream with localhost:9000 instead of 127.0.0.1:9000. In that case, nginx has to look up the hostname first before trying to contact the actual upstream. That can result in timeouts between nginx and php-cgi. This is however not caused by phpBB but by the setup itself. Also, please note that anything in install/ should use the install/app.php and hence the @rewriteapp_install while anything outside install/ should use app.php in the forum root and @rewriteapp.

edit: A white page without stylesheet usually indicates that you are using a style that might inherit from prosilver but does not currently exist in the styles folder.

Heo32
Registered User
Posts: 142
Joined: Sat Jan 07, 2017 10:08 pm

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Heo32 »

Marc,

You are a lifesaver. It works now! I finally upgraded my forums to phpBB 3.2.0 thanks to your file.

Thank you SO MUCH for all your time and effort! :D

As a side note, I had to re-add this, otherwise WordPress's main page wouldn't show up. It was displaying the nginx's index page (index.html) only:

Code: Select all

        location / {
            index  index.php index.html index.htm;
            try_files $uri $uri/ /index.php;
        }
*Edit*

Here is my full working versions thanks to Marc which have been modified to specifically accompany a Windows, Nginx, PHP, MySQL, phpBB, WordPress and Cloudflare setup with the snippet of code used above. I use 3 configuration variants set up for my site. The first (Low Security) is used temporarily only when making full backups of my website so there are no functionality issues when doing so, because the higher the security, the more functionality restrictions there tends to be. The second (High Security) is used when I run my website for public use. This does not compromise too much functionality over security but it does prevent some things from working (e.g. phpBB database backups through the ACP, among other things). The third (Maximum Security) is where things really start to break, but this is a no-compromise setup where maximum security is the only thing that matters, even if things don't function. I don't use this setup anymore, but I do keep it for reference.

I replaced the URL of my website with "website.com" instead. Do searches for "website" and replace that bit of text with the URL of your website.

File name: nginx.conf

Low Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2;
		server_name						website.com www.website.com;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/certificate/website.crt;
		ssl_certificate_key				C:/nginx/html/certificate/website.key;
		ssl_session_timeout				60m;
		ssl_session_cache				shared:SSL:10m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		# add_header					Strict-Transport-Security				"max-age=63072000";
		# add_header					X-Frame-Options							"DENY";
		# add_header					X-Xss-Protection						"1; mode=block";
		# add_header					X-Content-Type-Options					"nosniff";
		# add_header					Feature-Policy							"geolocation 'none'; midi 'self'; sync-xhr 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'; accelerometer 'none'; usb 'none'; payment 'none'";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://website.report-uri.com/r/d/csp/reportOnly";
		# add_header					Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-9VcPx1CZeDuXn' 'unsafe-inline' http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://website.report-uri.com/r/d/csp/enforce";
		# add_header					Public-Key-Pins							'pin-sha256="**********+q8MiDeQ="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		# add_header					Referrer-Policy							"strict-origin-when-cross-origin";
		# add_header					Access-Control-Allow-Origin				*;
		server_tokens					off;


		# client_body_buffer_size		16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /certificate/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to internal WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to internal phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin configuration file.
		location ~ /phpmyadmin/(config.inc\.php) {
			deny all;
			internal;
		}


		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stops hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked website.com *.website.com;
			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}

		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi_params from NGINX distribution.
			include fastcgi_params;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi_params from NGINX distribution.
				include fastcgi_params;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Denies access to version control system directories.
		#
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		#
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}

		# Proxy the PHP scripts to Apache listening on 127.0.0.1:80.
		#
		# location ~ \.php$ {
		# 	proxy_pass http://127.0.0.1;
		# }

		# Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
		#
		# location ~ \.php$ {
		# 	root						html;
		# 	fastcgi_pass				127.0.0.1:9000;
		# 	fastcgi_index				index.php;
		# 	fastcgi_param				SCRIPT_FILENAME				/scripts$fastcgi_script_name;
		# 	include						fastcgi_params;
		# }

		# Denies access to .htaccess files, if Apache's document root
		# Concurs with NGINX's one
		#
		# location ~ /\.ht {
		# 	deny all;
		# }
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}


	# Another virtual host using mix of IP-, name-, and port-based configuration.
	#
	# server {
	# 	listen 8000;
	# 	listen somename:8080;
	# 	server_name somename alias another.alias;

	# 	location / {
	# 		root html;
	# 		index index.html index.htm;
	# 	}
	# }


	# HTTPS server
	#
	# server {
	# 	listen 443 ssl;
	# 	server_name localhost;

	# 	ssl_certificate cert.pem;
	# 	ssl_certificate_key cert.key;

	# 	ssl_session_cache shared:SSL:1m;
	# 	ssl_session_timeout 5m;

	# 	ssl_ciphers HIGH:!aNULL:!MD5;
	# 	ssl_prefer_server_ciphers	on;

	# 	location / {
	# 		root html;
	# 		index index.html index.htm;
	# 	}
	# }

}
High Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2;
		server_name						website.com www.website.com;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/certificate/website.crt;
		ssl_certificate_key				C:/nginx/html/certificate/website.key;
		ssl_session_timeout				60m;
		ssl_session_cache				shared:SSL:10m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		add_header						Strict-Transport-Security				"max-age=63072000";
		add_header						X-Frame-Options							"DENY";
		add_header						X-Xss-Protection						"1; mode=block";
		add_header						X-Content-Type-Options					"nosniff";
		add_header						Feature-Policy							"geolocation 'none'; midi 'self'; sync-xhr 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'; accelerometer 'none'; usb 'none'; payment 'none'";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://website.report-uri.com/r/d/csp/reportOnly";
		add_header						Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-9VcPx1CZeDuXn' 'unsafe-inline' http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://website.report-uri.com/r/d/csp/enforce";
		add_header						Public-Key-Pins							'pin-sha256="**********+q8MiDeQ="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		add_header						Referrer-Policy							"strict-origin-when-cross-origin";
		# add_header					Access-Control-Allow-Origin				*;
		server_tokens					off;


		client_body_buffer_size			16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /certificate/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to internal WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to internal phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin login page, which includes the configuration file.
		location ~ /phpmyadmin/ {
			deny all;
			internal;
		}

		# Deny access to WordPress login page.
		location ~ /(wp-login\.php) {
			deny all;
			internal;
		}

		# Deny access to WordPress admin page.
		location ~ /wp-admin/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB admin control panel (ACP).
		location ~ /forums/adm/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB moderator control panel (MCP).
		location ~ /forums/mcp\.php {
			deny all;
			internal;
		}

		# Deny access to the phpBB docs CHANGELOG page.
		location ~ /forums/docs/CHANGELOG\.html {
			deny all;
			internal;
		}


		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stops hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked website.com *.website.com;
			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}

		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi_params from NGINX distribution.
			include fastcgi_params;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi_params from NGINX distribution.
				include fastcgi_params;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Denies access to version control system directories.
		#
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		#
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}

		# Proxy the PHP scripts to Apache listening on 127.0.0.1:80.
		#
		# location ~ \.php$ {
		# 	proxy_pass http://127.0.0.1;
		# }

		# Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
		#
		# location ~ \.php$ {
		# 	root						html;
		# 	fastcgi_pass				127.0.0.1:9000;
		# 	fastcgi_index				index.php;
		# 	fastcgi_param				SCRIPT_FILENAME				/scripts$fastcgi_script_name;
		# 	include						fastcgi_params;
		# }

		# Denies access to .htaccess files, if Apache's document root
		# Concurs with NGINX's one
		#
		# location ~ /\.ht {
		# 	deny all;
		# }
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}


	# Another virtual host using mix of IP-, name-, and port-based configuration.
	#
	# server {
	# 	listen 8000;
	# 	listen somename:8080;
	# 	server_name somename alias another.alias;

	# 	location / {
	# 		root html;
	# 		index index.html index.htm;
	# 	}
	# }


	# HTTPS server
	#
	# server {
	# 	listen 443 ssl;
	# 	server_name localhost;

	# 	ssl_certificate cert.pem;
	# 	ssl_certificate_key cert.key;

	# 	ssl_session_cache shared:SSL:1m;
	# 	ssl_session_timeout 5m;

	# 	ssl_ciphers HIGH:!aNULL:!MD5;
	# 	ssl_prefer_server_ciphers	on;

	# 	location / {
	# 		root html;
	# 		index index.html index.htm;
	# 	}
	# }

}
Maximum Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2;
		server_name						website.com www.website.com;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/certificate/website.crt;
		ssl_certificate_key				C:/nginx/html/certificate/website.key;
		ssl_session_timeout				60m;
		ssl_session_cache				shared:SSL:10m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		add_header						Strict-Transport-Security				"max-age=63072000";
		add_header						X-Frame-Options							"DENY";
		add_header						X-Xss-Protection						"1; mode=block";
		add_header						X-Content-Type-Options					"nosniff";
		add_header						Feature-Policy							"geolocation 'none'; midi 'self'; sync-xhr 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'; accelerometer 'none'; usb 'none'; payment 'none'";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://website.report-uri.com/r/d/csp/reportOnly";
		add_header						Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-9VcPx1CZeDuXn' 'unsafe-inline' http: https:; style-src 'self' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://website.report-uri.com/r/d/csp/enforce";
		add_header						Public-Key-Pins							'pin-sha256="**********+q8MiDeQ="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		add_header						Referrer-Policy							"strict-origin-when-cross-origin";
		# add_header					Access-Control-Allow-Origin				*;
		server_tokens					off;


		client_body_buffer_size			16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /certificate/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to internal WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to internal phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin login page, which includes the configuration file.
		location ~ /phpmyadmin/ {
			deny all;
			internal;
		}

		# Deny access to WordPress login page.
		location ~ /(wp-login\.php) {
			deny all;
			internal;
		}

		# Deny access to WordPress admin page.
		location ~ /wp-admin/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB ACP.
		location ~ /forums/adm/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB MCP.
		location ~ /forums/mcp\.php {
			deny all;
			internal;
		}

		# Deny access to the phpBB docs CHANGELOG page.
		location ~ /forums/docs/CHANGELOG\.html {
			deny all;
			internal;
		}


		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stops hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked website.com *.website.com;
			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}

		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi_params from NGINX distribution.
			include fastcgi_params;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi_params from NGINX distribution.
				include fastcgi_params;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Denies access to version control system directories.
		#
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		#
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}

		# Proxy the PHP scripts to Apache listening on 127.0.0.1:80.
		#
		# location ~ \.php$ {
		# 	proxy_pass http://127.0.0.1;
		# }

		# Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
		#
		# location ~ \.php$ {
		# 	root						html;
		# 	fastcgi_pass				127.0.0.1:9000;
		# 	fastcgi_index				index.php;
		# 	fastcgi_param				SCRIPT_FILENAME				/scripts$fastcgi_script_name;
		# 	include						fastcgi_params;
		# }

		# Denies access to .htaccess files, if Apache's document root
		# Concurs with NGINX's one
		#
		# location ~ /\.ht {
		# 	deny all;
		# }
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}


	# Another virtual host using mix of IP-, name-, and port-based configuration.
	#
	# server {
	# 	listen 8000;
	# 	listen somename:8080;
	# 	server_name somename alias another.alias;

	# 	location / {
	# 		root html;
	# 		index index.html index.htm;
	# 	}
	# }


	# HTTPS server
	#
	# server {
	# 	listen 443 ssl;
	# 	server_name localhost;

	# 	ssl_certificate cert.pem;
	# 	ssl_certificate_key cert.key;

	# 	ssl_session_cache shared:SSL:1m;
	# 	ssl_session_timeout 5m;

	# 	ssl_ciphers HIGH:!aNULL:!MD5;
	# 	ssl_prefer_server_ciphers	on;

	# 	location / {
	# 		root html;
	# 		index index.html index.htm;
	# 	}
	# }

}

Removed unnecessary links from the configuration files:

# https://github.com/phpbb/phpbb/blob/3.2 ... ample.conf
# https://github.com/phpbb/phpbb/blob/mas ... ample.conf
# https://www.nginx.com/resources/wiki/st ... ples/full/
# https://mozilla.github.io/server-side-t ... generator/
# https://wiki.mozilla.org/Security/Serve ... igurations
# https://infosec.mozilla.org/guidelines/web_security
# https://developer.mozilla.org/en-US/doc ... low-Origin
# https://serverfault.com/questions/16242 ... inx#176729

# TLSv1.3 information: https://wiki.openssl.org/index.php/TLS1.3 and https://secure.php.net/manual/en/functi ... crypto.php and https://ssl-config.mozilla.org/

# Use https://securityheaders.com/ and https://www.ssllabs.com/ssltest/ and https://observatory.mozilla.org/ and https://csp-evaluator.withgoogle.com/ to test my site.
# Google reCAPTCHA's FAQ for the Content-Security-Policy: https://developers.google.com/recaptcha/docs/faq
# Generate Public-Key-Pins: https://report-uri.com/ and https://report-uri.com/home/tools and https://report-uri.com/home/pkp_hash but note that Public-Key-Pins are not recommended for most sites due to risk of potentially locking out users if used incorrectly.
# Referrer-Policy information: https://scotthelme.co.uk/a-new-security ... er-policy/ and https://www.w3.org/TR/referrer-policy/ and https://w3c.github.io/webappsec-referrer-policy/
# For refere but not in use: https://infosec.mozilla.org/guidelines/ ... ty#cookies and https://geekflare.com/httponly-secure-cookie-nginx/ and https://github.com/AirisX/nginx_cookie_flag_module

# Buffer limitations: https://www.upguard.com/articles/top-10 ... or-windows and https://nginx.org/en/docs/http/ngx_http ... odule.html

# Extra settings for NGINX: https://www.scalescale.com/tips/nginx/n ... ity-guide/


Bonus Files:

These are scripts that I use to start, restart and stop my server. I also use a program called RunHiddenConsole to hide the console. All of these files are to be placed in the C:\nginx folder.


RunHiddenConsole Website:
https://redmine.lighttpd.net/attachment ... onsole.zip

RunHiddenConsole Download:
http://redmine.lighttpd.net/attachments ... onsole.zip


nginx-restart.bat

Code: Select all

@ECHO OFF
call nginx-stop.bat
call nginx-start.bat
EXIT /b

nginx-start.bat

Code: Select all

@ECHO OFF

pushd C:\nginx

ECHO Starting PHP FastCGI...
RunHiddenConsole.exe "C:\php\php-cgi.exe" -b 127.0.0.1:9000 -c "C:\php\php.ini"

ECHO Starting NGINX
start nginx.exe

popd
EXIT /b

nginx-stop.bat

Code: Select all

@ECHO OFF
taskkill /f /IM nginx.exe
taskkill /f /IM php-cgi.exe
EXIT /b

Updated: January 3, 2020
Last edited by Heo32 on Sat Jan 04, 2020 2:45 am, edited 29 times in total.
stevemaury wrote:
Sun May 20, 2018 8:16 pm
I went to your board and looked for an hour or so, but did not see the women without underwear.
Is this for you?
Windows + Nginx + PHP + MySQL + phpBB + WordPress + Cloudflare

Content-Security-Policy:
Allow using Content-Security-Policy without unsafe-inline

MicheleS
Registered User
Posts: 9
Joined: Wed Nov 19, 2014 10:22 am

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by MicheleS »

I did update php 5.5 to 5.6

problem solved

User avatar
imatthews
Registered User
Posts: 42
Joined: Mon Oct 04, 2004 11:14 pm
Location: Calgary, Alberta
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by imatthews »

After banging my head on this for 6 hours I finally worked a solution to NO INPUT FILE SPECIFIED that included thoughts from this thread and more. The process was to 1: use the full upgrade file set less a few key folders, 2: upgrade the database via command line 3: Modify the php ini (which is hard, but is far from obvious on GoDaddy hosting).

See: https://www.urtech.ca/2018/12/solved-up ... -specified

I hope this helps. I was minutes away from rolling back and fnding a different BB platform.
_______________________
Ian Matthews
see www.Commodore.ca
For 8 Bit Commodore History, News and Discussion
see: www.URTech.ca
For modern PC tech tips and news

Post Reply

Return to “[3.2.x] Support Forum”