Cookie and server settings for redirected subdomain

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
Registered User
Posts: 7
Joined: Fri Nov 14, 2014 12:46 pm
Name: Walter

Cookie and server settings for redirected subdomain

Post by WalterM » Wed Feb 27, 2019 6:49 am

I recently upgraded a site from 3.0.12 to 3.2.5 and moved it to a Digital Ocean droplet deployed using It is running on Ubuntu 16.04 with a mixed Nginx and Apache Web server setup. (Runcloud basically just uses Apache so than .htaccess files will still work. It is not actually being used as a reverse proxy as is more typical.) It is a mixed WordPress and phpBB site, so to fully take advantage of runcloud's capabilities, each app has to be installed in it's own subdomain. However, to maintain comparability with existing links to this long running site, I need the board URLs to be, as opposed to This is pretty easy to accomplish with a symlink and .htaccess file. However, We are experiencing severe problems with users being logged out constantly, which did not happen when I was developing and testing using the actual subdomains, before I added the symlinks and .htaccess redirects. The site is also behind Cloudflare, but that did not seem to be an issue previously, either. I'm using the Cloudflare IP extension from sitesplat, and the stopforumspam extension, but no other extensions that would be likely to have an effect--and all were enabled during testing and development. PHP is version 7.2, which I don't believe is officially supported, but I did not see any difference when I switched to 7.0. I am also still using http only, as I wanted to keep the variables at a minimum until everything is working smoothly. I was able to drastically reduce the log-out problem by setting several security settings to their most permissive values (Session IP validation,Validate browser, Validate X_FORWARDED_FOR header, Validate Referrer, Validate upload certificate, Check IP against DNS Blackhole List), but it is not completely gone and I certainly don't want to leave these settings in place. I have experimented with quite a few different cookie and server settings, but I suspect that I do not quite have them right. Can anyone who really understands this aspect of phpBB tell me what would be the proper settings should be, or what else I need to change?

To recap, the directory layout is:


with the root of the domain pointing to the /production folder. The /forum directory is being served at via a symlink. It's actual domain is Just going to will redirect you to

Post Reply

Return to “[3.2.x] Support Forum”