How to Install phpBB with LEMP (Nginx, MariaDB, and PHP) on Debian 11 Bullseye

phpBB is one of the most extended open-source forum bulletin software on the market. With the rise of social media platforms such as Reddit, Facebook, Twitter, and online chat platforms such as discord, we have seen online bulletin forum communities dwindle. Personally, as I just mentioned, they are slowly making a comeback in specific niche communities over the newer additions.

phpBB isn’t the only option. Others such as VBulletin, Nodebb, Xenforo, and so on, but most of these are paid with mixed reviews. VBulletin used to be a powerhouse, but now it’s a shadow of its former self. Xenforo is one of the best-paid bulletin pieces of software. However, that is just my personal opinion, but I will always choose phpBB first as it’s free, open-source, and has some great 3rd party open-source developers, both new devs and ones that have been around since the start.

In the following tutorial, you will learn how to install LEMP with the most up-to-date packages in their respective fields, along with setting up phpBB for first-time use on Debian 11 Bullseye.

Prerequisites

  • Recommended OS: Debian 11 Bullseye
  • User account: A user account with sudo privilages or root access (su command).
  • Required Packages: curl

Updating Operating System

Update your Debian 11 operating system to make sure all existing packages are up to date:

sudo apt update && sudo apt upgrade

Root or Sudo Access

By default, when you create your account at startup with Debian compared to other distributions, it does not automatically receive sudoers status. You must either have access to the root password to use the su command or visit our tutorial on How to Add a User to Sudoers on Debian.

Install CURL & UNZIP Package

The tutorial makes use of the curl and unzip command during certain parts. To make sure this is installed, run the following command in your terminal:

sudo apt install curl unzip -y

Advertisement


Install Nginx – (LEMP Stack)

To kickstart the LEMP stack installation, you will need to install the Nginx web server. A method is to install the latest Nginx mainline or stable from the Ondřej Surý repository to have the most updated software. Many Ubuntu users would know his PPA, and you can do the same pretty much in Debian.

To use the latest version of either Nginx mainline or stable, you will need first to import the repository.

To import mainline repository:

curl -sSL https://packages.sury.org/nginx-mainline/README.txt | sudo bash -x

To import stable repository:

curl -sSL https://packages.sury.org/nginx/README.txt | sudo bash -x

Update your repository to reflect the new change:

sudo apt update

Now that you have installed the Nginx repository and updated the repository list, install Nginx with the following:

sudo apt install nginx-core nginx-common nginx nginx-full

Example output:

How to Install phpBB on Debian 11 with LEMP

Type “Y”, then press the “ENTER KEY” to proceed and complete the installation.

Now check the version and build installed; our tutorial example installed Nginx mainline:

nginx -v

Example output:

nginx version: nginx/1.21.1

Note that you may be prompted to keep or replace your existing /etc/nginx/nginx.conf configuration file during the installation. It is recommended to keep your existing configuration file by pressing (n). A copy will be made regardless of the maintainer’s version, and you can also check this in the future.

You will notice additional modules will be available in this version, most notably brotli support. To install brotli, follow the steps below.

Open your nginx.conf configuration file:

nano /etc/nginx/nginx.conf

Now add the additional lines before in the HTTP{} section:

brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/rss+xml
   application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
   application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
   font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
   image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

The brotli_comp_level can be set between 1 (lowest) and 11 (highest). Normally, most servers sit in the middle, but if your server is a monster, set to 11 and monitor CPU usage levels.

Next, test to make sure the changes are working correctly before making it live:

sudo nginx -t

If the changes are working correctly, you should see the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now make the changes live by restarting your server:

sudo systemctl restart nginx

Next, enable Nginx on system boot:

sudo systemctl enable nginx

Install MariaDB (LEMP STACK)

For phpBB to run, you will need to install a database software; given we are using LEMP, the choice will be MariaDB.

You can install the default version of MariaDB from Debian’s repository, and the tutorial will install the latest 10.6 MariaDB.

Install Depedencies

The first step is to install the dependencies needed for the installation. To do this, use the following command in your terminal:

sudo apt-get install curl software-properties-common dirmngr -y

Import GPG Key & Repository

To successfully install MariaDB, you will need to import the GPG key to verify that the packages are from the authentic source and not modified. To do this, use the following command:

sudo curl -LsSO https://mariadb.org/mariadb_release_signing_key.asc
sudo chmod -c 644 mariadb_release_signing_key.asc
sudo mv -vi mariadb_release_signing_key.asc /etc/apt/trusted.gpg.d/
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://mirror.realcompute.io/mariadb/repo/10.6/debian bullseye main'

Note, download mirrors can be found on this page from MariaDB foundation to find a location closer to you for the repository.

Now that the key and repository are imported update the apt package manager list to reflect the new addition.

sudo apt update

Install MariaDB

To install MariaDB, you will need to install the client and the server packages. This can be done as follows:

sudo apt install mariadb-server mariadb-client

Example output:

How to Install phpBB on Debian 11 with LEMP

Type “Y”, then press the “ENTER KEY” to proceed and complete the installation.

Confirm the installation of MariaDB by checking the version and build:

mariadb --version

Example output:

mariadb  Ver 15.1 Distrib 10.6.4-MariaDB, for debian-linux-gnu (x86_64) using readline EditLine wrapper

Next, start your MariaDB service by running the following command to start and enable on boot:

sudo systemctl start mariadb && sudo systemctl enable mariadb

Example output if successful:

Synchronizing state of mariadb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mariadb

Check MariaDB server status

Now you have installed MariaDB, and you can verify the status of the database software by using the following systemctl command:

systemctl status mariadb

By default, you will find MariaDB status to be off. To start MariaDB, use the following command:

sudo systemctl start mariadb

Now recheck the status, and you should get the following:

How to Install MariaDB 10.6 on Debian 11 68

To stop MariaDB:

sudo systemctl stop mariadb

To enable MariaDB on system startup:

sudo systemctl enable mariadb

To disable MariaDB on system startup:

sudo systemctl disable mariadb

To restart the MariaDB service:

sudo systemctl restart mariadb

Secure MariaDB with Security Script

When installing MariaDB fresh, the default settings that default are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers, a solution is to run the installation security script that comes with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

sudo mysql_secure_installation

Next, follow below:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the local host.
  • Removing anonymous-user accounts.
  • Removing the test database, which by default can be accessed by anonymous users.

Note, you use (Y) to remove everything.

Example:

How to Install phpBB on Debian 11 with LEMP

Advertisement


Install PHP 7.4

As the name suggests, phpBB requires PHP. However, the bulletin board software has made good progress in fully supporting PHP 8.0. However, the catch is some plugins from external community devs featured in their official download store or from the community are yet to fully port to PHP 8.0, so you can run into quite a few issues.

The safe bet, especially for first-time installers of phpBB, is to use PHP 7.4, which is still considered stable and supported. You can install the PHP version from Debian 11’s default repository. Still, to keep the theme common in using more updated packages, we will install the Ondřej Surý PHP repository, the PHP maintainer, on Debian. In this repository, the latest versions of PHP 7.4 and 8.0 are available at all times, including the extensions.

Import & Install GPG key:

The first step is to import and install the GPG key before adding the repository. To do this, use the following terminal (CTRL+ALT+T) command:

wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg

Note, you may need to install these dependencies if you have trouble:

sudo apt install apt-transport-https lsb-release ca-certificates

Import & Install Repository:

With the GPG key sorted, it is time to add the Ondřej Surý repository as follows:

sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt update

Install PHP 7.4

Now you can proceed to install PHP 8 for your particular need as follows:

sudo apt install php7.4-fpm php7.4-cli php7.4-common php7.4-mbstring php7.4-xmlrpc php7.4-soap php7.4-gd php7.4-xml php7.4-intl php7.4-mysql php7.4-cli php7.4-ldap php7.4-zip php7.4-mcrypt php7.4-curl php7.4-json php7.4-opcache php7.4-readline php7.4-xml php7.4-gd -y

Note, the PHP 7.4 extensions were also installed that you will require to run phpBB forums later on in the tutorial. If you are dead set on wanting to try PHP 8 instead of 7.4, then replace the php7.4 with php8.0.

Verify the installation and check the version and build:

php -v

Example output:

PHP 7.4.23 (cli) (built: Aug 26 2021 16:06:20) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.23, Copyright (c), by Zend Technologies

Now, by default, PHP-FPM should be running. To confirm this, use the following systemctl command:

sudo systemctl status php7.4fpm

Example output:

How to Install phpBB on Debian 11 with LEMP

Part 1. phpBB Backend Installation

Now that you have installed the LEMP stack, you can now proceed to install phpBB forums. As of the time of this tutorial, phpBB 3.3.4 is the latest version, and however, in time, like most things, this will change as they do a release roughly every 6 months. Check the downloads page to verify the version link is still valid.

Download & Directory Setup

First download phpBB:

cd /tmp && wget https://download.phpbb.com/pub/release/3.3/3.3.4/phpBB-3.3.4.zip
unzip phpBB-3.3.4.zip
sudo mv phpBB3 /var/www/html/phpbb

Now we need to modify the directory permission for NGINX:

sudo chown -R www-data:www-data /var/www/html/phpbb
sudo chmod -R 755 /var/www/html/phpbb

MariaDB Configurement

Now you proceed to make a database for your phpBB installation and future bulletin board.

First, bring up the MariaDB terminal instance as root:

sudo mysql -u root -p

Create the database for your forums:

CREATE DATABASE phpbb;

Example output if successful:

Query OK, 1 row affected (0.000 sec)

Create a database user called phpbbuser with a new password:

CREATE USER 'phpbbuser'@'localhost' IDENTIFIED BY 'new_password_here';

Example output if successful:

Query OK, 0 rows affected (0.001 sec)

Then grant the user full access to the database by doing the following:

GRANT ALL ON phpbb.* TO 'phpbbuser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;

Example output if successful:

Query OK, 0 rows affected (0.000 sec)

Flush the privileges to make the changes activated:

FLUSH PRIVILEGES;

Now exit:

EXIT;

Your database for phpBB is now ready, and you will be entering the details once you get the web UI installation part of the tutorial.

PHP Configurement

To successfully install phpBB and operate it well into the future, you should increase a few options in the php.ini configuration file.

Firstly, open the php.ini file:

sudo nano /etc/php/7.4/fpm/php.ini

Next, you will find a recommended settings to work with phpBB. You will need to locate the settings and lines and change them to as follows:

max_execution_time = 180 (located on line 338)
max_input_time = 90 (located on line 398)
memory_limit = 256M (located on line 409)
upload_max_filesize = 64M (located on line 846)

Optional, some increased security settings, this can be skipped:

cgi.fix_pathinfo=0 
session.use_strict_mode = 1
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1
session.name = LCCookies (Change the name, example: POPme)
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = example.com (example only)
session.cookie_httponly = 1
session.cookie_samesite = Strict

Once done, CTRL+O to save then CTRL+X to exit the file.

You will need to restart PHP 7.4 FPM for the changes to be active:

sudo systemctl restart php7.4-fpm

Nginx Configurement

In your Nginx server block, you need to declare the PHP upstream and then the PHP locations.

The best way to create a new server block, using a subdomain such as forums or community.

An example of this is below, modify to suit your needs:

First, create the server block:

sudo nano /etc/nginx/sites-available/phpbb.conf

Now copy and paste the following into the server block, modify the domain name, SSL, root path, and anything else to suit your needs. The locations and PHP itself should not be touched unless you know what you are doing.

upstream phpbb {
        server unix:/run/php/php7.4-fpm.sock;
}

server {
   listen 80;
   listen [::]:80;

   server_name www.example.com example.com;
   root /etc/nginx/sites-available/example.com/;
   index index.php index.html index.htm index.nginx-debian.html;

    server_name forums.linuxcapable.com;
    root /var/www/html/phpbb;
    index index.php index.html index.htm index.nginx-debian.html;

    access_log /var/log/nginx/forums-access.log;
    error_log /var/log/nginx/forums-error.log;

location / {
	try_files $uri $uri/ @rewriteapp;

	# Pass the php scripts to FastCGI server specified in upstream declaration.
	location ~ \.php(/|$) {
		include fastcgi.conf;
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
		fastcgi_param DOCUMENT_ROOT $realpath_root;
		try_files $uri $uri/ /app.php$is_args$args;
		fastcgi_pass phpbb;
		fastcgi_intercept_errors on;	
	}

	# Deny access to internal phpbb files.
	location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
		deny all;
		# deny was ignored before 0.8.40 for connections over IPv6.
		# Use internal directive to prohibit access on older versions.
		internal;
	}
}

location @rewriteapp {
	rewrite ^(.*)$ /app.php/$1 last;
}

# Correctly pass scripts for installer
location /install/ {
	try_files $uri $uri/ @rewrite_installapp =404;

	# Pass the php scripts to fastcgi server specified in upstream declaration.
	location ~ \.php(/|$) {
		include fastcgi.conf;
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
		fastcgi_param DOCUMENT_ROOT $realpath_root;
		try_files $uri $uri/ /install/app.php$is_args$args =404;
		fastcgi_pass phpbb;
		fastcgi_intercept_errors on;	
	}
}

location @rewrite_installapp {
	rewrite ^(.*)$ /install/app.php/$1 last;
}

# Deny access to version control system directories.
location ~ /\.svn|/\.git {
	deny all;
	internal;
}

 gzip on; 
 gzip_comp_level 6;
 gzip_min_length 1000;
 gzip_proxied any;
 gzip_disable "msie6";
 gzip_types
     application/atom+xml
     application/geo+json
     application/javascript
     application/x-javascript
     application/json
     application/ld+json
     application/manifest+json
     application/rdf+xml
     application/rss+xml
     application/xhtml+xml
     application/xml
     font/eot
     font/otf
     font/ttf
     image/svg+xml
     text/css
     text/javascript
     text/plain
     text/xml;

  # assets, media
  location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
      expires    90d;
      access_log off;
  }
  
  # svg, fonts
  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
      add_header Access-Control-Allow-Origin "*";
      expires    90d;
      access_log off;
  }
}

Note, if you are using PHP 8.0 find and replace the above line “fastcgi_pass unix:/run/php/php7.4-fpm.sock;” to “fastcgi_pass unix:/run/php/php8.0-fpm.sock;”.

Next, enable the new server block:

sudo ln -s /etc/nginx/sites-available/phpbb.conf /etc/nginx/sites-enabled/

Once enabled, you can do a quick dry run test of your Nginx service to make sure everything is working correctly:

sudo nginx -t 

Example output if all is working correctly:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now restart the Nginx service for phpBB to be accessible via the web UI:

sudo systemctl restart nginx

Advertisement


Optional – Secure Nginx with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the certbot package as follows:

sudo apt install python3-certbot-nginx -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d forums.example.com

This is the ideal setup that includes force HTTPS 301 redirects, Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be https://forums.example.com instead of HTTP://forum.example.com.

Note, if you use the old HTTP URL, it will automatically redirect to HTTPS.

Part 2. phpBB Web UI Installation

If everything has worked correctly, we now move to the nominated address of your freshly installed phpBB forums. For our example, it is https://forums.linuxcapable.com for the tutorial example, and if successful you will arrive at the main installation page for phpBB.

Once you arrive at the page, click the Install button on the left top-hand side to begin the graphical installation.

Example:

How to Install phpBB on Debian 11 with LEMP

Next, you will be taken to the next screen advising you of the minimum specs and other technical information. After reading and double-checking, click the Install button on the bottom of the page.

Example:

How to Install phpBB on Debian 11 with LEMP

On the next screen, you need to create the admin account for phpBB. Make sure this is filled correctly and with a strong password as this is important for recovery, amongst other things.

Example:

How to Install phpBB on Debian 11 with LEMP

Now that you have entered your Admin details successfully, the database details screen will appear to fill out. First, keep the default MySQL with MySQLi Extension and enter localhost unless your database is located on a separate server, then place the server IP instead along with port if it was changed from the default.

Next in the tutorial example, the example database was named phpbb, with phpbbuser being the username that has access besides root to access the phpBB database. Lastly, the prefix is by default phpbb_, which you can keep the same, but if you are going to install multiple forums, it would be advised to change this to keep the prefix’s clean and separate.

Enter these and click submit to proceed.

Example:

How to Install phpBB on Debian 11 with LEMP

Set your server configuration. If you are not running SSL, the default settings should be adequate. If you are running SSL, change them to suit your needs.

Example:

How to Install phpBB on Debian 11 with LEMP

Next page, you can set up SMTP if you have a setup to enter. If not, leave defaults and hit next.

Example:

How to Install phpBB on Debian 11 with LEMP

Set your Board Name / Title and Language. If you are unsure what to name your forums, leave defaults and hit submit. You can change these settings later.

Example:

How to Install phpBB on Debian 11 with LEMP

After hitting submit, you should see a final screen similar to below with the forums installed and a link taking you to the ACP panel. If you have errors refer back as a step, permission may have been missed.


Advertisement


Post phpBB Installation

Remove Installation Directory

Congrats on getting to this part. After logging into your ACP panel for the first time, you will see a friendly big red alert telling you to remove or rename your install directory. It is recommended to delete, not move, the directory. To do this, use the following command in your terminal:

sudo rm -R /var/www/html/phpbb/install

Fix CHMOD Permissions (Critical Step)

While you are active doing terminal commands, It is critical to set the correct chmod permissions after the installation. The official phpBB guide on this can be found here. Skipping this can leave open some significant security risks, so please follow this precisely or in your way if you have a better technique but do not leave the default permissions!!

sudo find /var/www/html/phpbb -type d -exec chmod 755 {} \;
sudo find /var/www/html/phpbb -type f -exec chmod 644 {} \;

Afterward, we need to give some folders/files some special permissions only as follows:

sudo chmod 777 -R /var/www/html/phpbb/files
sudo chmod 777 -R /var/www/html/phpbb/cache
sudo chmod 777 -R /var/www/html/phpbb/store
sudo chmod 777 -R /var/www/html/phpbb/images/avatars/upload

Failure to do this will break the functions of your board. Make sure you follow these paths strictly, or you may accidentally give your entire phpBB directory full read and write access back to the public, re-causing a security problem.

Set Cronjob for phpBB (Recommended)

The final last step in our guide is to set up a cronjob. Cronjobs are recommended on busy and slow forums to set up cron jobs to run every 5 minutes by phpBB standards. We can do this two ways.

Bring up crontab:

sudo crontab -e

First cronjob option:

*/5 * * * * /usr/bin/php /var/www/html/phpbb/bin/phpbbcli.php cron:run > /dev/null 2>&1

Example:

How to Install phpBB on Debian 11 with LEMP

To save, CTRL+O then exit CTRL+X. If correct, you will see the following output back in your terminal:

crontab: installing new crontab

This means it is installed and working, and it is advised to run cronjobs every 5 minutes with phpBB; however, you can adjust the times to suit your needs if you desire.

Now, navigate your Admin panel back in phpBB and enable the server cron job in your server settings.

Example:

How to Install phpBB on Debian 11 with LEMP

Congrats, you have successfully installed phpBB forums, and you are ready to go designing your forums and getting your community started. It is highly recommended to check out phpBB’s official website and wiki as it contains much information about customization of your forums, which would be too much to put in this guide we have created here.


Example:

How to Install phpBB on Debian 11 with LEMP

Comments and Conclusion

phpBB is a tried and tested open source free software that does not appear it’s disappearing anytime soon. As for security, the phpBB team indicates having no CVE’s for years and, when investigating possible breaches, found users not focusing on “secure” installs, such as some of the steps we pointed out in the guide like chmod permissions. I never had an issue with a robust, hardened server, phpBB initial set up.

The 3rd party community is pretty good. A few of these to look at are SplickerSnap and DMZX, but I could list 20 or so more worthy of being mentioned.

Leave a Comment