phpBB 3.1.10 to 3.2.0 - No input file specified.

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68587
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Lumpy Burgertushie »

the cache is right where it belongs. that was added in 3.2

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5505
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Marc »

Ok, I was finally able to free up some time after two 11 hour days. Anyway, this is the nginx config file that should work on windows:

Code: Select all

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        root C:/nginx/html;

        location /forums/ {
            # phpBB uses index.htm
            index  index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /forums/app.php/$1 last;
        }
        
        # Deny access to internal phpbb files.
        location ~ /forums/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }
        
        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /forums/app.php$is_args$args;
            fastcgi_pass php;
        }
        
        # Correctly pass scripts for installer
        location /forums/install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /forums/install/app.php$is_args$args;
                fastcgi_pass php;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /forums/install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /forums/\.svn|/forums/\.git {
            deny all;
            internal;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
	
    # If running php as fastcgi, specify php upstream.
    upstream php {
        server 127.0.0.1:9000;
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}
It is based on the default nginx.conf for Windows and does not contain anything regarding proper SSL.

The timeout error you mentioned can happen when you specify your upstream with localhost:9000 instead of 127.0.0.1:9000. In that case, nginx has to look up the hostname first before trying to contact the actual upstream. That can result in timeouts between nginx and php-cgi. This is however not caused by phpBB but by the setup itself. Also, please note that anything in install/ should use the install/app.php and hence the @rewriteapp_install while anything outside install/ should use app.php in the forum root and @rewriteapp.

edit: A white page without stylesheet usually indicates that you are using a style that might inherit from prosilver but does not currently exist in the styles folder.
Heo32
Registered User
Posts: 201
Joined: Sat Jan 07, 2017 10:08 pm

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Heo32 »

Marc,

You are a lifesaver. It works now! I finally upgraded my forums to phpBB 3.2.0.

Thank you so much! :D

As a side note, I had to re-add this, otherwise WordPress's main page wouldn't show up. It was displaying the nginx's index page (index.html) only:

Code: Select all

        location / {
            index  index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$args;
        }
*Edit*

I am using PHP 7.4 and MySQL Community Server 5.7. While PHP 7.4 does support TLS 1.3, I cannot take advantage of it just yet due to MySQL Community Server 5.7. For this, I require PHP 7.4 (or higher) with MySQL Community Server 8.0 (or higher). If you are using PHP 7.4 (or higher), MySQL Community Server 8.0 (or higher) and phpBB 3.3.3 (or higher) -- ( Still I am with my idea to state MySql8 not ready for 3.3.1 though ) --, use the following ciphers listed below instead of what is being shown in the Nginx configuration snippets for "Low Security", "Medium Security" and "High Security" (noted below this):

Code: Select all

		ssl_protocols					TLSv1.3;
		ssl_ciphers					TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256;
		ssl_prefer_server_ciphers			on;
Once again, the requirements for the TLS 1.3 ciphers (listed above) requires the following:
  • PHP 7.4 (or higher): Only works with phpBB 3.3 (or higher)
  • MySQL Community Server 8.0 (or higher): Only works with PHP 7.4 (or higher)
  • phpBB 3.3.3 (or higher): Fully compatible with MySQL Community Server 8.0. There is a "group" bug fixed here for phpBB 3.3.3, among other other small fixes in this upcoming release related to MySQL Community Server 8.0.
Once you use everything listed above, there is no need to continue to use Visual C++ 12.0 (Visual Studio 2013) for your site to function. Instead, all you will need is Visual Studio 2015, 2017 and 2019. The link to download the latest versions of Visual Studio for Windows is:

https://support.microsoft.com/en-us/kb/2977003
https://support.microsoft.com/en-us/hel ... -downloads

Be sure to manually keep these components updated on Windows by checking for and installing new releases as needed. Windows Update does not necessarily keep these programs up-to-date.

Below is my fully working configuration files thanks to Marc which have been modified to specifically accompany a Windows, Nginx, PHP, MySQL, phpBB, WordPress and Cloudflare setup with the snippet of code used above from him. I use 3 Nginx configuration variants set up for my site. The first (Low Security) is used temporarily only when making full backups of my website so there are no functionality issues when doing so, because as the security is increased, that's when functionality is prevented and things stop working. The second (High Security) is used when I run my website for public use. This does not compromise too much functionality over security but it does prevent some things from working (e.g. phpBB database backups through the ACP, among other things). The third (Maximum Security) is where things really start to break, but this is a no-compromise setup where maximum security is the only thing that matters even if things don't function. I don't use this setup anymore but I do keep it for reference.

I replaced the URL of my website in the Nginx configuration examples listed below (Low Security, High Security and Maximum Security) with yourwebsite.com instead. Do searches for yourwebsite and yourwebsite.com and replace that bit of text with the URL of your website if you choose to use any of them. The 3 configuration examples indicate a website that would be https://www.yourwebsite.com/ and the forums would be located at https://www.yourwebsite.com/forums/ just so things are clear. Of course, you may not be using WordPress and instead have phpBB in your root directory, in which case you would replace /forums/ with / and make several changes to exclude WordPress from the root. You may also have called the folder for your phpBB forums something else, such as /community/ or /phpBB/, so replace /forums/ below with whatever you may have.

File name: nginx.conf

Low Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server
# HTTPS SSL/TLS SPDY vhost server (HTTP/2)
# HTTPS SSL/TLS QUIC vhost server (HTTP/3) - QUIC (with TLSv1.3)

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server ipv6only=on;
		server_name						yourwebsite.com www.yourwebsite.com;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2 ipv6only=on;
		server_name						yourwebsite.com www.yourwebsite.com;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/**********/yourwebsite.crt;
		ssl_certificate_key				C:/nginx/html/**********/yourwebsite.key;
		ssl_session_cache				shared:SSL:20m;
		ssl_session_timeout				180m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		# add_header					Strict-Transport-Security				"max-age=63072000; includeSubDomains" always;
		# add_header					X-Frame-Options							"DENY";
		# add_header					X-Xss-Protection						"1; mode=block";
		# add_header					X-Content-Type-Options					"nosniff";
		# add_header					Permissions-Policy						"geolocation=(); midi=(self); sync-xhr=(self); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(); vibrate=(self); fullscreen=(self); accelerometer=(); usb=(); payment=()";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://yourwebsite.report-uri.com/r/d/csp/reportOnly";
		# add_header					Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-N2eBi9r3AaPUBpi/5bHWLxAxPuLgS8zJH/zqiDuCXuNu5UzS' 'unsafe-inline' http: https:; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://yourwebsite.report-uri.com/r/d/csp/enforce";
		# add_header					Public-Key-Pins							'pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		# add_header					Referrer-Policy							"strict-origin-when-cross-origin";
		# add_header					Access-Control-Allow-Origin				"https://www.yourwebsite.com/";
		server_tokens					off;


		# client_body_buffer_size		16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /**********/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to the WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin configuration file.
		location ~ /phpmyadmin/(config.inc\.php) {
			deny all;
			internal;
		}

		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stop hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked
				yourwebsite.com *.yourwebsite.com;

			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			# WordPress uses index.php. The ?$args is included so non-default permalinks don't break when using query string, or idential query string.
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php?$args;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}


		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi.conf from NGINX distribution.
			include fastcgi.conf;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp =404;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi.conf from NGINX distribution.
				include fastcgi.conf;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args =404;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Deny access to the version control system directories.
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}

}
High Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server
# HTTPS SSL/TLS SPDY vhost server (HTTP/2)
# HTTPS SSL/TLS QUIC vhost server (HTTP/3) - QUIC (with TLSv1.3)

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server ipv6only=on;
		server_name						yourwebsite.com www.yourwebsite.com;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2 ipv6only=on;
		server_name						yourwebsite.com www.yourwebsite.com;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/**********/yourwebsite.crt;
		ssl_certificate_key				C:/nginx/html/**********/yourwebsite.key;
		ssl_session_cache				shared:SSL:20m;
		ssl_session_timeout				180m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		add_header						Strict-Transport-Security				"max-age=63072000; includeSubDomains" always;
		add_header						X-Frame-Options							"DENY";
		add_header						X-Xss-Protection						"1; mode=block";
		add_header						X-Content-Type-Options					"nosniff";
		add_header						Permissions-Policy						"geolocation=(); midi=(self); sync-xhr=(self); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(); vibrate=(self); fullscreen=(self); accelerometer=(); usb=(); payment=()";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://yourwebsite.report-uri.com/r/d/csp/reportOnly";
		add_header						Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-N2eBi9r3AaPUBpi/5bHWLxAxPuLgS8zJH/zqiDuCXuNu5UzS' 'unsafe-inline' http: https:; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://yourwebsite.report-uri.com/r/d/csp/enforce";
		# add_header					Public-Key-Pins							'pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		add_header						Referrer-Policy							"strict-origin-when-cross-origin";
		add_header						Access-Control-Allow-Origin				"https://www.yourwebsite.com/";
		server_tokens					off;


		client_body_buffer_size			16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /**********/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to the WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin index.
		location ~ /phpmyadmin/ {
			deny all;
			internal;
		}

		# Deny access to the WordPress login page.
		location ~ /(wp-login\.php) {
			deny all;
			internal;
		}

		# Deny access to the WordPress admin page.
		location ~ /wp-admin/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB ACP.
		location ~ /forums/adm/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB MCP.
		location ~ /forums/(mcp\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB changelog page.
		location ~ /forums/docs/(CHANGELOG\.html) {
			deny all;
			internal;
		}

		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stop hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked
				yourwebsite.com *.yourwebsite.com;

			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			# WordPress uses index.php. The ?$args is included so non-default permalinks don't break when using query string, or idential query string.
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php?$args;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}


		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi.conf from NGINX distribution.
			include fastcgi.conf;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp =404;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi.conf from NGINX distribution.
				include fastcgi.conf;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args =404;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Deny access to the version control system directories.
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}

}
Maximum Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server
# HTTPS SSL/TLS SPDY vhost server (HTTP/2)
# HTTPS SSL/TLS QUIC vhost server (HTTP/3) - QUIC (with TLSv1.3)

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server ipv6only=on;
		server_name						yourwebsite.com www.yourwebsite.com;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2 ipv6only=on;
		server_name						yourwebsite.com www.yourwebsite.com;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/**********/yourwebsite.crt;
		ssl_certificate_key				C:/nginx/html/**********/yourwebsite.key;
		ssl_session_cache				shared:SSL:20m;
		ssl_session_timeout				180m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		add_header						Strict-Transport-Security				"max-age=63072000; includeSubDomains" always;
		add_header						X-Frame-Options							"DENY";
		add_header						X-Xss-Protection						"1; mode=block";
		add_header						X-Content-Type-Options					"nosniff";
		add_header						Permissions-Policy						"geolocation=(); midi=(self); sync-xhr=(self); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(); vibrate=(self); fullscreen=(self); accelerometer=(); usb=(); payment=()";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://yourwebsite.report-uri.com/r/d/csp/reportOnly";
		add_header						Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-N2eBi9r3AaPUBpi/5bHWLxAxPuLgS8zJH/zqiDuCXuNu5UzS' 'unsafe-inline' http: https:; require-trusted-types-for 'script'; style-src 'self' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://yourwebsite.report-uri.com/r/d/csp/enforce";
		# add_header					Public-Key-Pins							'pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; pin-sha256="**********="; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		add_header						Referrer-Policy							"strict-origin-when-cross-origin";
		add_header						Access-Control-Allow-Origin				"https://www.yourwebsite.com/";
		server_tokens					off;


		client_body_buffer_size			16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /**********/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to the WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin index.
		location ~ /phpmyadmin/ {
			deny all;
			internal;
		}

		# Deny access to the WordPress login page.
		location ~ /(wp-login\.php) {
			deny all;
			internal;
		}

		# Deny access to the WordPress admin page.
		location ~ /wp-admin/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB ACP.
		location ~ /forums/adm/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB MCP.
		location ~ /forums/(mcp\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB changelog page.
		location ~ /forums/docs/(CHANGELOG\.html) {
			deny all;
			internal;
		}

		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stop hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked
				yourwebsite.com *.yourwebsite.com;

			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			# WordPress uses index.php. The ?$args is included so non-default permalinks don't break when using query string, or idential query string.
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php?$args;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}


		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi.conf from NGINX distribution.
			include fastcgi.conf;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp =404;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi.conf from NGINX distribution.
				include fastcgi.conf;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args =404;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Deny access to the version control system directories.
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}

}

Removed unnecessary links from the configuration files:

# https://github.com/phpbb/phpbb/blob/3.2 ... ample.conf
# https://github.com/phpbb/phpbb/blob/3.3 ... ample.conf
# https://github.com/phpbb/phpbb/blob/mas ... ample.conf
# https://www.nginx.com/resources/wiki/st ... ples/full/
# https://mozilla.github.io/server-side-t ... generator/
# https://wiki.mozilla.org/Security/Serve ... igurations
# https://infosec.mozilla.org/guidelines/web_security
# https://developer.mozilla.org/en-US/doc ... low-Origin
# https://serverfault.com/questions/16242 ... inx#176729

# TLSv1.3 information: https://wiki.openssl.org/index.php/TLS1.3 and https://secure.php.net/manual/en/functi ... crypto.php and https://ssl-config.mozilla.org/

# Use https://securityheaders.com/ and https://www.ssllabs.com/ssltest/ and https://observatory.mozilla.org/ and https://csp-evaluator.withgoogle.com/ to test my site.
# Google reCAPTCHA's FAQ for the Content-Security-Policy: https://developers.google.com/recaptcha/docs/faq
# Generate Public-Key-Pins: https://report-uri.com/ and https://report-uri.com/home/tools and https://report-uri.com/home/pkp_hash but note that Public-Key-Pins are not recommended for most sites due to risk of potentially locking out users if used incorrectly.
# Referrer-Policy information: https://scotthelme.co.uk/a-new-security ... er-policy/ and https://www.w3.org/TR/referrer-policy/ and https://w3c.github.io/webappsec-referrer-policy/
# For refere but not in use: https://infosec.mozilla.org/guidelines/ ... ty#cookies and https://geekflare.com/httponly-secure-cookie-nginx/ and https://github.com/AirisX/nginx_cookie_flag_module

# Buffer limitations: https://www.upguard.com/articles/top-10 ... or-windows and https://nginx.org/en/docs/http/ngx_http ... odule.html

# Extra settings for NGINX: https://www.scalescale.com/tips/nginx/n ... ity-guide/


Bonus Files:

These are scripts that I use to start, restart and stop my server. I also use a program called RunHiddenConsole to hide the console. All of these files are to be placed in the C:\nginx folder.


RunHiddenConsole Website:
https://redmine.lighttpd.net/attachment ... onsole.zip

RunHiddenConsole Download:
http://redmine.lighttpd.net/attachments ... onsole.zip


nginx-restart.bat

Code: Select all

@ECHO OFF
call nginx-stop.bat
call nginx-start.bat
EXIT /b

nginx-start.bat

Code: Select all

@ECHO OFF

pushd C:\nginx

ECHO Starting PHP FastCGI...
RunHiddenConsole.exe "C:\php\php-cgi.exe" -b 127.0.0.1:9000 -c "C:\php\php.ini"

ECHO Starting NGINX
start nginx.exe

popd
EXIT /b

nginx-stop.bat

Code: Select all

@ECHO OFF
taskkill /f /IM nginx.exe
taskkill /f /IM php-cgi.exe
EXIT /b

Updated: January 12, 2021
Last edited by Heo32 on Tue Jan 12, 2021 10:23 pm, edited 49 times in total.
Windows & Nginx & PHP & MySQL & phpBB & WordPress & Cloudflare • Updated: January 12, 2021

Allow using Content-Security-Policy without unsafe-inline • Content-Security-Policy
stevemaury wrote:
Sun May 20, 2018 8:16 pm
I went to your board and looked for an hour or so, but did not see the women without underwear.
MicheleS
Registered User
Posts: 9
Joined: Wed Nov 19, 2014 10:22 am

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by MicheleS »

I did update php 5.5 to 5.6

problem solved
User avatar
imatthews
Registered User
Posts: 43
Joined: Mon Oct 04, 2004 11:14 pm
Location: Calgary, Alberta
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by imatthews »

After banging my head on this for 6 hours I finally worked a solution to NO INPUT FILE SPECIFIED that included thoughts from this thread and more. The process was to 1: use the full upgrade file set less a few key folders, 2: upgrade the database via command line 3: Modify the php ini (which is hard, but is far from obvious on GoDaddy hosting).

See: https://www.urtech.ca/2018/12/solved-up ... -specified

I hope this helps. I was minutes away from rolling back and fnding a different BB platform.
_______________________
Ian Matthews
see www.Commodore.ca
For 8 Bit Commodore History, News and Discussion
see: www.URTech.ca
For modern PC tech tips and news
Post Reply

Return to “[3.2.x] Support Forum”