Server configuration



As an administrator of a board, being able to fine-tune the settings that your phpBB board uses for the server is a must. Configuring your board's server settings is very easy. There are five main categories of server settings: Cookie settings, Server settings, Security settings, Load settings, and Search settings. Properly configuring these settings will help your board not only function, but also work efficiently and as intended. The following subsections will outline each server configuration category. Once you are done with updating settings in each setting, remember to click Submit to apply your changes.

3.2.3.1. Cookie settings

dhn

MennoniteHobbit

Your board uses cookies all the time. Cookies can store information and data; for example, cookies are what enable users to automatically login to the board when they visit it. The settings on this page define the data used to send cookies to your users' browsers.

Warning

When editing your board's cookie settings, do so with caution. Incorrect settings can cause such consequences as preventing your users from logging in.

To edit your board's cookie settings, locate the Cookie Settings form. The following are four settings you may edit:

Cookie Settings

  • Cookie domain: This is the domain that your board runs on. Do not include the path that phpBB is installed in; only the domain itself is important here.

  • Cookie name: This is the name that will be assigned to the cookie when it is sent to your users' browsers and stored. This should be a unique cookie name that will not conflict with any other cookies.

  • Cookie path: This is the path that the cookie will apply to. In most cases, this should be left as "/", so that the cookie can be accessible across your site. If for some reason you must restrict the cookie to the path that your board is installed in, set the value to the path of your board.

  • Cookie secure: If your board is only accessible via SSL, set this to Enabled. If the board is not accessible only via SSL, then leave this value set to Disabled, otherwise server errors will result during redirections and users may experience difficulties remaining logged in.

When you are done editing your board's server settings, click Submit to submit your changes.

3.2.3.2. Server settings

dhn

MennoniteHobbit

On this page, you can define server and domain-dependent settings. There are three main categories of server settings: Server Settings, Path Settings, and Server URL Settings. The following describes each server settings category and the corresponding settings in more detail. When you are done configuring your board's server settings, click Submit to submit your changes.

Warning

When editing your board's server settings, do so with caution. Incorrect settings can cause such consequences as emails being sent out with incorrect links and/or information, or even the board being inaccessible.

The Server Settings form allows you to set some settings that phpBB will use on the server level:

Server Settings

  • Enable GZip Compression: Setting this value will enable GZip compression on your server. This means that all content generated by the server will be compressed before it is sent to users' browsers, if the users' browsers support it. Though this can reduce network traffic/bandwidth used, this will also increase the server and CPU load, on both the user's and server's sides.

  • Run periodic tasks from system cron: When off, phpBB will arrange for periodic tasks to be run automatically when users visit the board. When on, phpBB will not schedule any periodic tasks by itself; a system administrator must arrange for bin/phpbbcli.php cron:run to be run by the system cron facility at regular intervals (e.g. every 5 minutes).

Next, the Path Settings form allows you to set the various paths that phpBB uses for certain board content. For default installations, the default settings should be sufficient. The following are the four values that you can set:

Path Settings

  • Enable URL Rewriting: When enabled, URLs containing "app.php" will be rewritten to remove the filename (i.e. app.php/foo will become /foo). This will generally only be seen if you install extensions. This feature is currently limited to Apache web servers with mod_rewrite enabled.

  • Smilies storage path: This is the path to the directory, relative to the directory that your board is installed in, that your smilies are located in.

  • Post icons storage path: This is the path to the directory, relative to the directory that your board is installed in, that the topic icons are stored in.

  • Extension group icons storage path: This is the path to the directory, relative to the directory that your board is installed in, that the icons for the attachments extension groups.

  • Rank image storage path: This is the path to the directory, relative to the directory that your board is installed in, that your rank images are located in.

The last category of server settings is Server URL Settings. The Server URL Settings category contains settings that allow you to configure the actual URL that your board is located at, as well as the server protocol and port number that the board will be accessed to. The following are the five settings you may edit:

Server URL Settings

  • Force server URL settings: If for some reason the default settings for the server URL are incorrect, then you can force your phpBB board to use the server URL settings you specify below by selecting the Yes radio button.

  • Server protocol: This is the server protocol (http:// or https://, for example) that your board uses, if the default settings are forced. If this value is empty or the above Force server URL settings setting is disabled, then the protocol will be determined by the cookie secure settings.

  • Domain name: This is the name of the domain that your board runs on. Include "www" if applicable. Again, this value is only used if the server URL settings are forced.

  • Server port: This is the port that the server is running on. In most cases, a value of "80" is the port to set. You should only change this value if, for some reason, your server runs on a different port. Again, this value is only used if the server URL settings are forced.

  • Script path: This is the directory where phpBB is installed, relative to the domain name. For example, if your board was located at www.example.com/phpBB3/, the value to set for your script path is "/phpBB3". Again, this value is only used if the server URL settings are forced.

When you are done editing your board's server settings, click Submit to submit your changes.

3.2.3.3. Security settings

MennoniteHobbit

Here, on the Security settings page, you are able to manage security-related settings; namely, you can define and edit session and login-related settings. The following describes the available security settings that you can manage. When you are done configuring your board's security settings, click Submit to submit your changes.

Allow persistent logins

This determines whether users can automatically login to your board when they visit it.

The available options are Yes and No. Choosing Yes will enable automatic logins.

Persistent login key expiration length (in days)

This is the set number of days that login keys will last before they expire and are removed from the database.

You may enter an integer in the text box located to the left of the word Days. This integer is the number of days for the persistent login key expiration. If you would like to disable this setting (and thereby allow use of login keys indefinitely), enter a "0" into the text box.

Session IP validation

This determines how much of the users' IP address is used to validate a session.

There are four settings available: All, A.B.C, A.B, and None. The All setting will compare the complete IP address. The A.B.C setting will compare the first x.x.x of the IP address. The A.B setting will compare the first x.x of the IP address. Lastly, selecting None will disable IP address checking altogether.

Validate browser

This enables the validation of the users' browsers for each session. This can help improve the users' security.

The available options are Yes and No. Choosing Yes will enable this browser validation.

Validate X_FORWARDED_FOR header

This setting controls whether sessions will only be continued if the sent X_FORWARDED_FOR header is the same as the one sent with the previous request. Bans will be checked against IP addresses in the X_FORWARDED_FOR header too.

The available options are Yes and No. Choosing Yes will enable the validation of the X_FORWARDED_FOR header.

Check IP against DNS Blackhole List:

You are also able to check the users' IP addresses against DNS blackhole lists. These lists are blacklists that list bad IP addresses. Enabling this setting will allow your board to check your users' IP addresses and compare them against the DNS blackhole lists. Currently, the DNS blacklist services on the sites spamcop.net, dsbl.org, and spamhaus.org.

Check email domain for valid MX record

It is also possible to attempt to validate emails used by your board's users. If this setting is enabled, emails that are entered when users register or change the email in their profile will be checked for a valid MX record.

The available options are Yes and No. Choosing Yes will enable the checking of MX records for emails.

Password complexity

Usually, more complex passwords fare well; they are better than simple passwords. To help your users try to make their account as secure as possible, you also have the option of requiring that they use a password as complex as you define. This requirement will apply to all users registering a new account, or when existing users change their current passwords.

There are four options in the selection menu. No requirements will disable password complexity checking completely. The Must be mixed case setting requires that your users' passwords have both lowercase and uppercase letters in their password. The Must contain alphanumerics setting requires that your users' password include both letters from the alphabet and numbers. Lastly, the Must contain symbols setting will require that your users' passwords include symbols.

Note

For each password complexity requirement, the setting(s) above it in the selection menu will also apply. For example, selecting Must contain alphanumerics will require your users' passwords to include not only alphanumeric characters, but also have both lowercase and uppercase letters.

Force password change

It is always ideal to change passwords once in a while. With this setting, you can force your users to change their passwords after a set number of days that their passwords have been used.

Only integers can be entered in the text box, which is located next to the Days label. This integer is the number of days that, after which, your users will have to change their passwords. If you would like to disable this feature, enter a value of "0".

Maximum number of login attempts

It is also possible to limit the number of attempts that your users can have to try to login. Setting a specific limit will enable this feature. This can be useful in temporarily preventing bots or other users from trying to log into other users' accounts.

Only integers can be entered for this setting. The number entered it the maximum number of times a user can attempt to login to an account before having to confirm his login visually, with the visual confirmation.

Allow PHP in templates

Unlike phpBB2, phpBB3 allows the use of PHP code in the template files themselves, if enabled. If this option is enabled, PHP and INCLUDEPHP statements will be recognized and parsed by the template engine.

3.2.3.4. Load settings

MennoniteHobbit

On particularly large boards, it may be necessary to manage certain load-related settings in order to allow your board to run as smoothly as possible. However, even if your board isn't excessively active, it is still important to be able to adjust your board's load settings. Adjusting these settings properly can help reduce the amount of processing required by your server. Once you are done editing any of the server load-related settings, remember to click Submit to actually submit and apply your changes.

The first group of settings, General Settings, allows you to control the very basic load-related settings, such as the maximum system load and session lengths. The following describes each option in detail.

General settings

  • Limit system load: This option enables you to control the maximum load that the server can undergo before the board will automatically go offline. Specifically, if the system’s one-minute load average exceeds this value, the board will automatically go offline. A value of "1.0" equals about 100% utilisation of one processor. Note that this option will only work with *nix-based servers that have this information accessible. If your board is unable to get the load limit, this value will reset itself to "0". All positive numbers are valid values for this option. (For example, if your server has two processors, a setting of 2.0 would represent 100% server utilisation of both processors.) Set this to "0" if you do not want to enable this option.

  • Session length: This is the amount of time, in seconds, before your users' sessions expire. Valid values are positive integers greater than or equal to 60.

  • Limit sessions: It is also possible to control the maximum amount of sessions your board will handle before your board will go offline and be temporarily disabled. Specifically, if the number of sessions your board is serving exceeds this value within a one-minute period, the board will go offline and be temporarily disabled. All positive integers are valid values. Set this to "0" if you want to allow an unlimited amount of sessions.

  • View online time span: This is the number of minutes after which inactive users will not appear in the Who is Online listings. The higher the number given, the greater the processing power required to generate the listing. All positive integers are valid values, and indicate the number of minutes that the time span will be.

The second group of settings, General Options, allows you to control whether certain options are available for your users on your board. The following describes each option further.

General options

  • Enable dotted topics: Topics in which a poster has already posted in will see dotted topic icons for these topics. To enable this feature, select, Yes.

  • Enable server-side topic marking: One of the many new features phpBB3 offers is server-side read tracking. This is different from phpBB2, which only offered read tracking based on cookies. To store read/unread status information in the database, as opposed to in a cookie, select Yes.

  • Enable topic marking for guests: It is also possible to allow guests to have read/unread status information. If you want your board to store read/unread status information for guests, select Yes. If this option is disabled, posts will be displayed as "read" for guests.

  • Enable online user listings: The online user listings can be displayed on your board's index, in each forum, and on topic pages. If you want to enable this option and allow the online user listings to be displayed, choose Yes.

  • Enable online guest listings in viewonline: If you want to enable the display of guest user information in the Who is Online section, choose Yes.

  • Enable display of user online/offline information: This option allows you to control whether or not online/offline status information for users can be displayed in profiles and on the topic view pages. To enable this display option, choose Yes.

  • Enable birthday listing: In phpBB3, birthdays is a new feature. To enable the listing of birthdays, choose Yes.

  • Enable display of moderators: Though it can be particularly useful to list the moderators who moderate each forum, it is possible to disable this feature, which may help reduce the amount of processing required. To enable the display of moderators, select Yes.

  • Enable display of jumpbox: The jumpbox can be a useful tool for navigating throughout your board. However, it is possible to control whether or not this is displayed. To display the jumpboxes, select Yes.

  • Show user's activity: This option controls whether or not the active topic/forum information displayed in your users' profiles and UCP. If you want to show this user activity information, select Yes. However, if your board has more than one million posts, it is recommended that you disable this feature.

  • Recompile stale templates: This option controls the recompilation of old templates. If this is enabled, your board will check to see if there are updated templates on your filesystem; if there are, your board will recompile the templates. Select Yes to enable this option.

  • Allow usage of third party content delivery networks: If this setting is enabled, some files will be served from external third party servers (ajax.googleapis.com) instead of your server. This reduces the network bandwidth required by your server, but may present a privacy issue for some board administrators. In a default phpBB installation, this includes loading "jQuery" and the font "Open Sans" from Google's content delivery network.

  • Allow live searches: When enabled, certain search fields (memberlist searches) will automatically prompt with search results as you type.

Lastly, the last group of load settings relates to Custom Profile Fields, which are a new feature in phpBB3. The following describes these options in detail.

Custom Profile Fields

  • Allow styles to display custom profile fields in memberlist: This option allows you to control if your board's style(s) can display the custom profile fields (if your board has any) in the memberlist. To enable this, choose Yes.

  • Display custom profile fields in user profiles: If you want to enable the display of custom profile fields (if your board has any) in users' profiles, select Yes.

  • Display custom profile fields in viewtopic: If you want to enable the display of custom profile fields (if your board has any) in the topic view pages, choose Yes.

3.2.3.5. Search settings

MennoniteHobbit

Your board can be a well of information. Being able to effectively search through this information is very important, especially if you want to reduce the amount of redundant topics are posted on your board. Here, on the Search settings page, you can control what search backend your board's search functionality will use for indexing posts and searching, and set various options related to it. There are four main categories of search settings: General Search Settings, Search Backend, Fulltext mysql, and Fulltext native. The following describes each set of search settings in detail.

The first group of search settings are general and user-facing, meaning that they concern the users who use the search functionality directly.

General Search Settings

  • Enable search facilities: Setting this option to Yes will enable the search functionality for your users; member-searching functionality will also be enabled.

  • User search flood interval: This value indicates the number of seconds that your users have to wait between consecutive searches. This value is checked independently for each user. All positive integers are valid values. If you want to disable checking for search intervals for users, set this value to "0".

  • Guest search flood interval: This is the number of seconds between searches that guest users must wait. This value is shared for all guest users, if one guest searches, the others will have to wait until this interval passes. All positive integers are valid values. If you want to disable checking for search intervals for guests, set this value to "0".

  • Search page system load limit: You can also limit the amount of load your system will undergo for searches. If the system load exceeds this value, your board will go offline and be temporarily disabled. All numbers between 0 and 1.0 (inclusive) are valid values. A value of "1.0", for example, represents about 100% utilisation of a single processor; if the system load exceeds this value, the board will go offline. Note that this feature only works for *nix-based servers.

  • Min author name characters: Users have to enter at least this many characters of the name when performing a wildcard author search. If the author's username is shorter than this number, your users can still search for the author's posts by entering the complete username. All positive integers are valid values.

  • Search result cache length: phpBB3 can also cache search results. These cached search results will expire after this number of seconds. All positive integers are valid values. Set this value to "0" if you want to disable search caching.

The next group of search settings actually only contains one setting: choosing what backend your board's search facilities, if enabled, will use. The following details this option.

Search Backend

  • Search backend: This option specifies the backend that your board's search facilities will use if it is enabled. The backend is essentially the system/method that is actually responsible for conducting searches based on the queries it is given. There are four available options: MySQL Fulltext, phpBB Native Fulltext, PostgreSQL Fulltext, and Sphinx Fulltext.

Note

If you choose to change your board's current search backend, you will have to create an index of your board's content for the new search backend. If you know for sure that you're not going to use the index that was used with your old, previously chosen search backend, you can also delete it in order to free up some of your system's resources. To learn more about maintaining your board's search indices, see Section 3.9.3, “Search Indexing”.

MySQL Fulltext will make your board use MySQL's fulltext search as its search backend. This causes the SQL server to perform the searches, rather than building our own search tables. The settings shown are informational only and require the server's system administrator for changes to be made.

Fulltext mysql

  • Support for non-latin UTF-8 characters using PCRE: This tells you if your system supports searching for non-Latin UTF-8 characters. This is only available in PHP versions 4.4 and above, and 5.1 and above. This is only relevant if you actually want your users to have the ability to search for non-Latin characters.

  • Support for non-latin UTF-8 characters using mbstring: If your system doesn't support UTF-8 characters using PCRE (as indicated in the setting above), the mySQL fulltext search backend will try to use mbstring's regular expression engine. Again, this is only relevant if you actually want your users to have the ability to seasrch for non-Latin characters.

phpBB Native Fulltext is the default option, which is phpBB's own native fulltext search.

Fulltext native

  • Enable fulltext updating: This option allows you to control whether or not your board's search index will update when posts are made. If you would like to enable this, choose Yes. Note that this setting is not relevant if your board's search functionality is disabled entirely.

  • Min characters indexed by search: You can also control the minimum number of characters words must contain in order to be included in your board's search index. It is recommended that you not set this too low in order to have a quality search index. All positive integers are valid values.

  • Max characters indexed by search: Just like the above setting, you can also control the maximum number of characters words must contain in order to be included in your board's search index. If a word has more than this number of characters in it, it will not be included in the search index. All positive integers are valid values.

  • Common word threshold: Like phpBB2's stopwords feature, you can prevent the use of common words that you specify. However, this feature is expanded upon in phpBB3. You can now control the threshold that a word can have; this means that if a word is contained in more than a certain percentage of posts on your board, it will be deemed as a common word, and will be ignored in search queries. All positive integers are valid values, and represent the percentage of posts on your board words can be contained in. If you would like to disable this threshold and thereby allow searches using all words, even if they can be common, set this value to "0". This setting only applies if your board has more than 100 posts.

PostgreSQL Fulltext is similar to MySQL Fulltext, but for sites running on a PostgreSQL database.

PostgreSQL Fulltext

  • PostgreSQL version: This indicates if you are running a version of PostgreSQL that supports Fulltext searches. This feature is available in PostgreSQL 8.3 and above.

  • Text search Configuration Profile: If your database server has multiple search configurations created, you can choose between them here. The default is simple, though a language specific one may be more appropriate if your board contains non-Latin text.

  • Minimum word length for keywords: You can also control the minimum number of characters words must contain in order to be included in your board's search index. It is recommended that you not set this too low in order to have a quality search index. All positive integers are valid values.

  • Maximum word length for keywords: Just like the above setting, you can also control the maximum number of characters words must contain in order to be included in your board's search index. If a word has more than this number of characters in it, it will not be included in the search index. All positive integers are valid values.

Sphinx Fulltext makes use of a special search server called Sphinx. Sphinx will need to be installed prior to configuring it here. If you have a large board with hundreds of thousands of posts or more, you will most likely want to use Sphinx.

Sphinx Fulltext

  • Path to data directory: The absolute path to the data directory where Sphinx should store its indices and log files. The path should have a slash at the end.

  • Sphinx search daemon host: The hostname or IP address of the search server. Leave blank for localhost.

  • Sphinx search daemon port: The port which the search server is operating on. Leave blank for its default port 9312.

  • Indexer memory limit: The amount of memory the search server is allowed to use. This value should be less than the maximum amount of available memory on the system.

  • Sphinx config file: The generated output for your sphinx.conf file for the search server.

After submitting the form, a Sphinx search table will be created in the database. The search indexers must still be started manually before the indices are created. The exact commands needed to do that and more can be found on the wiki: Development Wiki: Sphinx Fulltext Search.