phpBB 3.1.10 to 3.2.0 - No input file specified.

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68116
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Lumpy Burgertushie »

the cache is right where it belongs. that was added in 3.2

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5470
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Marc »

Ok, I was finally able to free up some time after two 11 hour days. Anyway, this is the nginx config file that should work on windows:

Code: Select all

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        root C:/nginx/html;

        location /forums/ {
            # phpBB uses index.htm
            index  index.php index.html index.htm;
            try_files $uri $uri/ @rewriteapp;
        }

        location @rewriteapp {
            rewrite ^(.*)$ /forums/app.php/$1 last;
        }
        
        # Deny access to internal phpbb files.
        location ~ /forums/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
            internal;
        }
        
        # Pass the php scripts to fastcgi server specified in upstream declaration.
        location ~ \.php(/|$) {
            # Unmodified fastcgi_params from nginx distribution.
            include fastcgi_params;
            # Necessary for php.
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /forums/app.php$is_args$args;
            fastcgi_pass php;
        }
        
        # Correctly pass scripts for installer
        location /forums/install/ {
            # phpBB uses index.htm
            try_files $uri $uri/ @rewrite_installapp;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
                # Unmodified fastcgi_params from nginx distribution.
                include fastcgi_params;
                # Necessary for php.
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
                try_files $uri $uri/ /forums/install/app.php$is_args$args;
                fastcgi_pass php;
            }
        }

        location @rewrite_installapp {
            rewrite ^(.*)$ /forums/install/app.php/$1 last;
        }

        # Deny access to version control system directories.
        location ~ /forums/\.svn|/forums/\.git {
            deny all;
            internal;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
	
    # If running php as fastcgi, specify php upstream.
    upstream php {
        server 127.0.0.1:9000;
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}
It is based on the default nginx.conf for Windows and does not contain anything regarding proper SSL.

The timeout error you mentioned can happen when you specify your upstream with localhost:9000 instead of 127.0.0.1:9000. In that case, nginx has to look up the hostname first before trying to contact the actual upstream. That can result in timeouts between nginx and php-cgi. This is however not caused by phpBB but by the setup itself. Also, please note that anything in install/ should use the install/app.php and hence the @rewriteapp_install while anything outside install/ should use app.php in the forum root and @rewriteapp.

edit: A white page without stylesheet usually indicates that you are using a style that might inherit from prosilver but does not currently exist in the styles folder.
Heo32
Registered User
Posts: 181
Joined: Sat Jan 07, 2017 10:08 pm

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by Heo32 »

Marc,

You are a lifesaver. It works now! I finally upgraded my forums to phpBB 3.2.0 thanks to your file.

Thank you SO MUCH for all your time and effort! :D

As a side note, I had to re-add this, otherwise WordPress's main page wouldn't show up. It was displaying the nginx's index page (index.html) only:

Code: Select all

        location / {
            index  index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$args;
        }
*Edit*

Here is my full working versions thanks to Marc which have been modified to specifically accompany a Windows, Nginx, PHP, MySQL, phpBB, WordPress and Cloudflare setup with the snippet of code used above. I use 3 configuration variants set up for my site. The first (Low Security) is used temporarily only when making full backups of my website so there are no functionality issues when doing so, because the higher the security, the more functionality restrictions there tends to be. The second (High Security) is used when I run my website for public use. This does not compromise too much functionality over security but it does prevent some things from working (e.g. phpBB database backups through the ACP, among other things). The third (Maximum Security) is where things really start to break, but this is a no-compromise setup where maximum security is the only thing that matters, even if things don't function. I don't use this setup anymore, but I do keep it for reference.

I replaced the URL of my website with "yourwebsite.com" instead. Do searches for "yourwebsite" and "yourwebsite.com" and replace that bit of text with the URL of your website.

Since I am using PHP 7.2 and MySQL Community Server 5.7, I cannot take advantage of TLS 1.3 just yet. For this, I require PHP 7.4 (or higher) and MySQL Community Server 8.0 (or higher). I can only use TLSv1.2 at the moment. If you are using PHP 7.4 (or higher), MySQL Community Server 8.0 (or higher) with phpBB 3.3.2 (or higher) (phpBB 3.3.2+ is best with MySQL Community Server 8.0 since phpBB 3.3.1 is not ready yet for it), use the following ciphers instead of what is being proposed in the "code" snippets below:

Code: Select all

		ssl_protocols					TLSv1.3;
		ssl_ciphers					TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256;
Once again, the requirements for the TLS 1.3 ciphers (listed above) are:
  • PHP 7.4 (or higher): Only works with phpBB 3.3
  • MySQL Community Server 8.0 (or higher): Only works with PHP 7.4
  • phpBB 3.3.2 (or higher): Only works with MySQL Community Server 8.0
Once you use everything listed above, there is no need to continue to use Visual C++ 12.0 (Visual Studio 2013) for your site to function. Instead, you will continue to use Visual Studio 2015, 2017 and 2019 only. The link to download Visual Studio for Windows is: https://support.microsoft.com/en-us/kb/2977003

File name: nginx.conf

Low Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server;
		server_name						yourwebsite.com www.yourwebsite.com;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2;
		server_name						yourwebsite.com www.yourwebsite.com;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/**********/yourwebsite.crt;
		ssl_certificate_key				C:/nginx/html/**********/yourwebsite.key;
		ssl_session_cache				shared:SSL:10m;
		ssl_session_timeout				180m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		# add_header					Strict-Transport-Security				"max-age=63072000; includeSubDomains" always;
		# add_header					X-Frame-Options							"DENY";
		# add_header					X-Xss-Protection						"1; mode=block";
		# add_header					X-Content-Type-Options					"nosniff";
		# add_header					Feature-Policy							"geolocation 'none'; midi 'self'; sync-xhr 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'; accelerometer 'none'; usb 'none'; payment 'none'";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://yourwebsite.report-uri.com/r/d/csp/reportOnly";
		# add_header					Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-N2eBi9r3AaPUBpi' 'unsafe-inline' http: https:; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://yourwebsite.report-uri.com/r/d/csp/enforce";
		# add_header					Public-Key-Pins							'pin-sha256="**********"; pin-sha256="**********"; pin-sha256="**********"; pin-sha256="58qRu/**********"; pin-sha256="**********"; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		# add_header					Referrer-Policy							"strict-origin-when-cross-origin";
		# add_header					Access-Control-Allow-Origin				"https://www.yourwebsite.com/";
		server_tokens					off;


		# client_body_buffer_size		16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /**********/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to the WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin configuration file.
		location ~ /phpmyadmin/(config.inc\.php) {
			deny all;
			internal;
		}

		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stop hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked
				yourwebsite.com *.yourwebsite.com;

			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			# WordPress uses index.php. The ?$args is included so non-default permalinks don't break when using query string, or idential query string.
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php?$args;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}


		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi.conf from NGINX distribution.
			include fastcgi.conf;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp =404;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi.conf from NGINX distribution.
				include fastcgi.conf;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args =404;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Deny access to the version control system directories.
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}

}
High Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server;
		server_name						yourwebsite.com www.yourwebsite.com;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2;
		server_name						yourwebsite.com www.yourwebsite.com;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/**********/yourwebsite.crt;
		ssl_certificate_key				C:/nginx/html/**********/yourwebsite.key;
		ssl_session_cache				shared:SSL:10m;
		ssl_session_timeout				180m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		add_header						Strict-Transport-Security				"max-age=63072000; includeSubDomains" always;
		add_header						X-Frame-Options							"DENY";
		add_header						X-Xss-Protection						"1; mode=block";
		add_header						X-Content-Type-Options					"nosniff";
		add_header						Feature-Policy							"geolocation 'none'; midi 'self'; sync-xhr 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'; accelerometer 'none'; usb 'none'; payment 'none'";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://yourwebsite.report-uri.com/r/d/csp/reportOnly";
		add_header						Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-N2eBi9r3AaPUBpi' 'unsafe-inline' http: https:; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://yourwebsite.report-uri.com/r/d/csp/enforce";
		# add_header					Public-Key-Pins							'pin-sha256="**********"; pin-sha256="**********"; pin-sha256="**********"; pin-sha256="58qRu/**********"; pin-sha256="**********"; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		add_header						Referrer-Policy							"strict-origin-when-cross-origin";
		add_header						Access-Control-Allow-Origin				"https://www.yourwebsite.com/";
		server_tokens					off;


		client_body_buffer_size			16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /**********/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to the WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin index.
		location ~ /phpmyadmin/ {
			deny all;
			internal;
		}

		# Deny access to the WordPress login page.
		location ~ /(wp-login\.php) {
			deny all;
			internal;
		}

		# Deny access to the WordPress admin page.
		location ~ /wp-admin/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB ACP.
		location ~ /forums/adm/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB MCP.
		location ~ /forums/mcp\.php {
			deny all;
			internal;
		}

		# Deny access to the phpBB changelog page.
		location ~ /forums/docs/CHANGELOG\.html {
			deny all;
			internal;
		}

		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stop hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked
				yourwebsite.com *.yourwebsite.com;

			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			# WordPress uses index.php. The ?$args is included so non-default permalinks don't break when using query string, or idential query string.
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php?$args;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}


		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi.conf from NGINX distribution.
			include fastcgi.conf;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp =404;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi.conf from NGINX distribution.
				include fastcgi.conf;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args =404;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Deny access to the version control system directories.
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}

}
Maximum Security:

Code: Select all

# user									nobody nobody;
worker_processes						auto;
# worker_priority						0;

# error_log								logs/error.log;
# error_log								logs/error.log notice;
# error_log								logs/error.log info;

# pid									logs/nginx.pid;

events {
	worker_connections					1024;
}


# HTTPS server

http {

	include								mime.types;
	default_type						application/octet-stream;
	sendfile							on;

	server {
		listen							80 default_server;
		listen							[::]:80 default_server;
		server_name						yourwebsite.com www.yourwebsite.com;
		return							301 https://$server_name$request_uri;
	}

	server {
		listen							443 ssl http2;
		listen							[::]:443 ssl http2;
		server_name						yourwebsite.com www.yourwebsite.com;

		root							C:/nginx/html;
		ssl_certificate					C:/nginx/html/**********/yourwebsite.crt;
		ssl_certificate_key				C:/nginx/html/**********/yourwebsite.key;
		ssl_session_cache				shared:SSL:10m;
		ssl_session_timeout				180m;
		ssl_session_tickets				off;

		ssl_protocols					TLSv1.2	TLSv1.3;
		ssl_ciphers						ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
		ssl_prefer_server_ciphers		on;

		# client_body_timeout			60s;
		# client_header_timeout			60s;
		keepalive_timeout				30m;
		# send_timeout					60s;
		# resolver_timeout				30s;

		# charset						koi8-r;
		# access_log					logs/host.access.log					main;


		add_header						Strict-Transport-Security				"max-age=63072000; includeSubDomains" always;
		add_header						X-Frame-Options							"DENY";
		add_header						X-Xss-Protection						"1; mode=block";
		add_header						X-Content-Type-Options					"nosniff";
		add_header						Feature-Policy							"geolocation 'none'; midi 'self'; sync-xhr 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'; accelerometer 'none'; usb 'none'; payment 'none'";
		# add_header					Content-Security-Policy-Report-Only		"default-src 'unsafe-inline' 'unsafe-eval' https:; report-uri https://yourwebsite.report-uri.com/r/d/csp/reportOnly";
		add_header						Content-Security-Policy					"default-src 'none'; script-src 'strict-dynamic' 'nonce-N2eBi9r3AaPUBpi' 'unsafe-inline' http: https:; require-trusted-types-for 'script'; style-src 'self' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://apis.google.com; object-src 'none'; child-src 'self'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; report-uri https://yourwebsite.report-uri.com/r/d/csp/enforce";
		# add_header					Public-Key-Pins							'pin-sha256="**********"; pin-sha256="**********"; pin-sha256="**********"; pin-sha256="58qRu/**********"; pin-sha256="**********"; max-age=5184000; includeSubDomains' always;
		# add_header					Public-Key-Pins							'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains' always;
		add_header						Referrer-Policy							"strict-origin-when-cross-origin";
		add_header						Access-Control-Allow-Origin				"https://www.yourwebsite.com/";
		server_tokens					off;


		client_body_buffer_size			16k;
		# client_header_buffer_size		1k;
		# client_max_body_size			1m;
		# large_client_header_buffers	4 8k;


		# Deny access to the TLS certificate and key file.
		location ~ /**********/ {
			deny all;
			# Deny was ignored before 0.8.40 for connections over IPv6.
			# Use internal directive to prohibit access on older versions.
			internal;
		}

		# Deny access to the WordPress files.
		location ~ /(wp-config\.php|xmlrpc\.php) {
			deny all;
			internal;
		}

		# Deny access to the phpBB folders and files.
		location ~ /forums/(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
			deny all;
			internal;
		}

		# Deny access to the phpMyAdmin index.
		location ~ /phpmyadmin/ {
			deny all;
			internal;
		}

		# Deny access to the WordPress login page.
		location ~ /(wp-login\.php) {
			deny all;
			internal;
		}

		# Deny access to the WordPress admin page.
		location ~ /wp-admin/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB ACP.
		location ~ /forums/adm/ {
			deny all;
			internal;
		}

		# Deny access to the phpBB MCP.
		location ~ /forums/mcp\.php {
			deny all;
			internal;
		}

		# Deny access to the phpBB changelog page.
		location ~ /forums/docs/CHANGELOG\.html {
			deny all;
			internal;
		}

		# Block download agents.
		if ($http_user_agent ~* LWP::Simple|Wget|libwww-perl) {
			return 403;
		}

		# Deny referral spam.
		if ( $http_referer ~* (babes|casino|click|diamond|forsale|girl|jewelry|love|nude|nudit|organic|poker|porn|poweroversoftware|sex|teen|viagra|video|webcam|zippo) ) {
			return 403; 
		}

		# Stop hotlinking of images and media.
		location ~ .(gif|png|jpg|jpe?g|css|ico)$ {
			valid_referers none blocked
				yourwebsite.com *.yourwebsite.com;

			if ($invalid_referer) {
				return 403;
			}
		}


		location / {
			# WordPress uses index.php. The ?$args is included so non-default permalinks don't break when using query string, or idential query string.
			index index.php index.html index.htm;
			try_files $uri $uri/ /index.php?$args;

			# fastcgi_pass				127.0.0.1:8000;
			# fastcgi_param				SERVER_PROTOCOL				$server_protocol;
			# fastcgi_param				QUERY_STRING				$query_string;
			# fastcgi_param				REQUEST_METHOD				$request_method;
			# fastcgi_param				CONTENT_TYPE				$content_type;
			# fastcgi_param				CONTENT_LENGTH				$content_length;
			# fastcgi_param				SERVER_ADDR					$server_addr;
			# fastcgi_param				SERVER_PORT					$server_port;
			# fastcgi_param				SERVER_NAME					$server_name;
			# fastcgi_param				REMOTE_ADDR					$remote_addr;
			fastcgi_param				HTTPS						on;
			fastcgi_param				HTTP_SCHEME					https;
			error_log					logs/error.log;
			fastcgi_read_timeout		36000;
		}


		location /forums/ {
			# phpBB uses index.htm.
			index index.php index.html index.htm;
			try_files $uri $uri/ @rewriteapp;
		}

		location @rewriteapp {
			rewrite ^(.*)$ /forums/app.php/$1 last;
		}

		# Pass the PHP scripts to FastCGI server specified in upstream declaration.
		location ~ \.php(/|$) {
			# Unmodified fastcgi.conf from NGINX distribution.
			include fastcgi.conf;
			# Necessary for PHP.
			fastcgi_split_path_info ^(.+\.php)(/.*)$;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
			fastcgi_param DOCUMENT_ROOT $realpath_root;
			try_files $uri $uri/ /forums/app.php$is_args$args;
			fastcgi_pass php;
		}

		# Correctly pass scripts for installer.
		location /forums/install/ {
			# phpBB uses index.htm.
			try_files $uri $uri/ @rewrite_installapp =404;

			# Pass the PHP scripts to FastCGI server specified in upstream declaration.
			location ~ \.php(/|$) {
				# Unmodified fastcgi.conf from NGINX distribution.
				include fastcgi.conf;
				# Necessary for PHP.
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
				fastcgi_param DOCUMENT_ROOT $realpath_root;
				try_files $uri $uri/ /forums/install/app.php$is_args$args =404;
				fastcgi_pass php;
			}
		}

		location @rewrite_installapp {
			rewrite ^(.*)$ /forums/install/app.php/$1 last;
		}

		# Deny access to the version control system directories.
		location ~ /forums/\.svn|/forums/\.git {
			deny all;
			internal;
		}

		# Error_page 404 /404.html;

		# Redirects server error pages to the static page /50x.html
		error_page						500 502 503 504				/50x.html;
		location = /50x.html {
			root html;
		}
	}

	# If running PHP as FastCGI, specify PHP upstream.
	upstream php {
		server 127.0.0.1:9000;
	}

}

Removed unnecessary links from the configuration files:

# https://github.com/phpbb/phpbb/blob/3.2 ... ample.conf
# https://github.com/phpbb/phpbb/blob/mas ... ample.conf
# https://www.nginx.com/resources/wiki/st ... ples/full/
# https://mozilla.github.io/server-side-t ... generator/
# https://wiki.mozilla.org/Security/Serve ... igurations
# https://infosec.mozilla.org/guidelines/web_security
# https://developer.mozilla.org/en-US/doc ... low-Origin
# https://serverfault.com/questions/16242 ... inx#176729

# TLSv1.3 information: https://wiki.openssl.org/index.php/TLS1.3 and https://secure.php.net/manual/en/functi ... crypto.php and https://ssl-config.mozilla.org/

# Use https://securityheaders.com/ and https://www.ssllabs.com/ssltest/ and https://observatory.mozilla.org/ and https://csp-evaluator.withgoogle.com/ to test my site.
# Google reCAPTCHA's FAQ for the Content-Security-Policy: https://developers.google.com/recaptcha/docs/faq
# Generate Public-Key-Pins: https://report-uri.com/ and https://report-uri.com/home/tools and https://report-uri.com/home/pkp_hash but note that Public-Key-Pins are not recommended for most sites due to risk of potentially locking out users if used incorrectly.
# Referrer-Policy information: https://scotthelme.co.uk/a-new-security ... er-policy/ and https://www.w3.org/TR/referrer-policy/ and https://w3c.github.io/webappsec-referrer-policy/
# For refere but not in use: https://infosec.mozilla.org/guidelines/ ... ty#cookies and https://geekflare.com/httponly-secure-cookie-nginx/ and https://github.com/AirisX/nginx_cookie_flag_module

# Buffer limitations: https://www.upguard.com/articles/top-10 ... or-windows and https://nginx.org/en/docs/http/ngx_http ... odule.html

# Extra settings for NGINX: https://www.scalescale.com/tips/nginx/n ... ity-guide/


Bonus Files:

These are scripts that I use to start, restart and stop my server. I also use a program called RunHiddenConsole to hide the console. All of these files are to be placed in the C:\nginx folder.


RunHiddenConsole Website:
https://redmine.lighttpd.net/attachment ... onsole.zip

RunHiddenConsole Download:
http://redmine.lighttpd.net/attachments ... onsole.zip


nginx-restart.bat

Code: Select all

@ECHO OFF
call nginx-stop.bat
call nginx-start.bat
EXIT /b

nginx-start.bat

Code: Select all

@ECHO OFF

pushd C:\nginx

ECHO Starting PHP FastCGI...
RunHiddenConsole.exe "C:\php\php-cgi.exe" -b 127.0.0.1:9000 -c "C:\php\php.ini"

ECHO Starting NGINX
start nginx.exe

popd
EXIT /b

nginx-stop.bat

Code: Select all

@ECHO OFF
taskkill /f /IM nginx.exe
taskkill /f /IM php-cgi.exe
EXIT /b

Updated: July 15, 2020
Last edited by Heo32 on Wed Jul 15, 2020 4:34 pm, edited 38 times in total.
Is this for you? Windows & Nginx & PHP & MySQL & phpBB & WordPress & Cloudflare

Content-Security-Policy: Allow using Content-Security-Policy without unsafe-inline
stevemaury wrote:
Sun May 20, 2018 8:16 pm
I went to your board and looked for an hour or so, but did not see the women without underwear.
MicheleS
Registered User
Posts: 9
Joined: Wed Nov 19, 2014 10:22 am

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by MicheleS »

I did update php 5.5 to 5.6

problem solved
User avatar
imatthews
Registered User
Posts: 42
Joined: Mon Oct 04, 2004 11:14 pm
Location: Calgary, Alberta
Contact:

Re: phpBB 3.1.10 to 3.2.0 - No input file specified.

Post by imatthews »

After banging my head on this for 6 hours I finally worked a solution to NO INPUT FILE SPECIFIED that included thoughts from this thread and more. The process was to 1: use the full upgrade file set less a few key folders, 2: upgrade the database via command line 3: Modify the php ini (which is hard, but is far from obvious on GoDaddy hosting).

See: https://www.urtech.ca/2018/12/solved-up ... -specified

I hope this helps. I was minutes away from rolling back and fnding a different BB platform.
_______________________
Ian Matthews
see www.Commodore.ca
For 8 Bit Commodore History, News and Discussion
see: www.URTech.ca
For modern PC tech tips and news
Post Reply

Return to “[3.2.x] Support Forum”