With the rise of social media platforms such as Reddit, Facebook, Twitter, and online chat platforms such as discord, we have seen online bulletin forum communities dwindle. Personally, as I just mentioned, they are slowly making a comeback in specific niche communities over the newer additions. phpBB is one of the most extended open-source forum bulletin software on the market.
phpBB isn’t the only option. Others such as VBulletin, Nodebb, Xenforo, and so on, but most of these are paid with mixed reviews. VBulletin used to be a powerhouse, but now it’s a shadow of its former self. Xenforo is one of the best-paid bulletin pieces of software. However, that is just my personal opinion, but I will always choose phpBB first as it’s free, open-source, and has some great 3rd party open-source developers, both new devs and ones that have been around since the start.
In the following tutorial, you will learn how to install LEMP, along with adjusting to the latest packages and how to set up phpBB for first-time use of Almalinux 8.
Table of Contents
Prerequisites
- Recommended OS: AlmaLinux 8.
- User account: A user account with sudo privilages or root access (su command).
Updating Operating System
Update your AlmaLinux operating system to make sure all existing packages are up to date:
sudo dnf upgrade --refresh -yThe tutorial will be using the sudo command and assuming you have sudo status.
To verify sudo status on your account:
sudo whoamiExample output showing sudo status:
[joshua@localhost ~]$ sudo whoami
rootTo set up an existing or new sudo account, visit our tutorial on How to Add a User to Sudoers on AlmaLinux.
To use the root account, use the following command with the root password to log in.
suInstall Nginx – (LEMP Stack)
The first task is to install Nginx as part of the LEMP installation.
First, from AlmaLinux 8.5 onwards, enable Nginx version 1.20 instead of the 1.14 version.
sudo dnf module enable nginx:1.20 -yNext, install Nginx by running the following command.
sudo dnf install nginxExample output:
Confirm the installation by checking the build version:
nginx -vExample output:
nginx version: nginx/1.20.0Note that Nginx was installed using the AlmaLinux 8.5; 8.4 users may notice an older version.
By default, when installing Nginx on Rocky Linux, it is not enabled. To enable on boot and to start, use the following:
sudo systemctl enable nginx --nowExample of successfully enabling (symlink):
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.Now, check to see the status of your Nginx service with the following terminal command:
systemctl status nginxExample output saying everything is ok:
Now, you can confirm that your Nginx webserver is operational by entering HTTP://server-ip or HTTP://domain-name in your Internet Browser, and you should get the following:
If you cannot access this page, you may need to configure the firewall settings covered in the next section.
Configure Firewall Rules
It does not automatically add firewall rules to the standard port 80 or 443 ports when installing Nginx. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.
Open port 80 or HTTP:
sudo firewall-cmd --permanent --zone=public --add-service=httpOpen port 443 or HTTPS:
sudo firewall-cmd --permanent --zone=public --add-service=httpsReload firewall to make changes into effect
sudo firewall-cmd --reloadInstall MariaDB (LEMP STACK)
Now, it is time to install MariaDB; first, it is recommended to change to MariaDB 10.5, which is also available on the Almalinux 8 App stream. The default is 10.3.
In your terminal, execute the following command only if you want to switch.
sudo dnf module enable mariadb:10.5 -yNext, install MariaDB with the following command.
sudo dnf install mariadb-server mariadbExample output:
Type “Y,” then press “ENTER KEY” to proceed with the installation.
To confirm the installation of MariaDB and to check what build is installed, type the following command:
mysql --versionExample output:
mysql Ver 15.1 Distrib 10.5.9-MariaDB, for Linux (x86_64) using EditLine wrapperCheck MariaDB server status
By default, you will find MariaDB status to be off. To start MariaDB, use the following command:
sudo systemctl enable mariadb --nowNow you have installed and enabled MariaDB, check the status with the following systemctl command:
systemctl status mariadbNow recheck the status, and you should get the following:
To stop MariaDB:
sudo systemctl stop mariadbTo enable MariaDB on system startup:
sudo systemctl enable mariadbTo disable MariaDB on system startup:
sudo systemctl disable mariadbTo restart the MariaDB service:
sudo systemctl restart mariadbSecure MariaDB with Security Script
When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script that comes with the MariaDB installation.
First, use the following command to launch the (mysql_secure_installation):
sudo mysql_secure_installationNext, you will be given a prompt asking you to enter your (MariaDB root password). For now, press the (ENTER) key as the root password isn’t’ set yet as below:
Next, type (Y) and press enter to set up the (root) password as below:
The next series of questions you can safely hit (ENTER), which will answer (Y) to all the subsequent questions which ask you to (remove anonymous users, disable remote root login, and remove the test database). Note the (Y) is capitalized, meaning it is the default answer when you press the (ENTER) key.
Example below:
Overview of what should have been done above:
- Setting the password for root accounts.
- Removing root accounts that are accessible from outside the local host.
- Removing anonymous-user accounts.
- Removing the test database, which by default can be accessed by anonymous users.
This step is essential for MariaDB database security and should not be altered or skipped unless you know what you are doing.
Install PHP & PHP-FPM (LEMP STACK)
As the name would suggest, phpBB is run with PHP. The default version that is on the AlmaLinux app stream is version 7.2. Ideally, you should change this to PHP 7.4 as the bulletin board software works very well with this version, and the performance benefits are leaps ahead of 7.2
To enable PHP 7.4 dnf module, use the following command.
sudo dnf module enable php:7.4 -yNote, you can enable PHP-7.3 or others by following the dnf module reset command and using the dnf module enable php:7.3 command instead. Choose the version you require for the application, and this was just an example of having the latest PHP version of whatever PHP choice you decide.
Install PHP & PHP-FPM
Next, install PHP on your server; depending on which version of PHP, the outputs will look different; however, the commands stay the same.
sudo dnf install php php-fpm php-mysqli php-cli php-common php-gd php-intl php-opcache php-xml php-soap php-mbstringExample output:
Type “Y,” then press “ENTER KEY” to proceed with the installation. Note, you may be prompted to type “Y.”
Verify the installation and check the version and build:
php -vExample output:
Now, by default, PHP-FPM is off and not enabled on boot. To enable on boot and start the service, use the following systemctl commands:
sudo systemctl enable php-fpm --nowTo confirm PHP-FPM is now running, use the following systemctl command:
systemctl status php-fpmExample output:
Remember, you do not need to use PHP 8.0, do some research if unsure, or better yet, ask in phpBB community forums, which works best currently; however, the process is the same along with commands to either use the default or other alternative versions in the dnf module list.
Now that LEMP is set up, proceed to the actual phpBB installation.
Part 1. phpBB Backend Installation
Now that you have installed the LEMP stack, you can now proceed to install phpBB forums. As of the time of this tutorial, phpBB 3.3.4 is the latest version, and however, in time, like most things, this will change as they do a release roughly every six months. Check the downloads page to verify the version link is still valid.
Download & Directory Setup
First download phpBB:
cd /tmp && wget https://download.phpbb.com/pub/release/3.3/3.3.5/phpBB-3.3.5.zip
unzip phpBB-3.3.5.zip
sudo mv phpBB3 /var/www/html/phpbbNow we need to modify the directory permission for NGINX:
sudo chown -R nginx /var/www/html/phpbb
sudo chmod -R 755 /var/www/html/phpbbSelinux Configurement
By default, Selinux will deny you from successfully installing and running phpBB on your AlmaLinux server. To fix this, you must configure SELinux.
It is not advised to disable Selinux. Instead, you will copy the following code below to grant permission.
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/phpbb/That is it, and you do not need to do it anymore. If you re-install phpBB in the future in a new location, re-run the command.
MariaDB Configurement
Now you proceed to make a database for your phpBB installation and future bulletin board.
First, bring up the MariaDB terminal instance as root:
sudo mysql -u root -pCreate the database for your forums:
Example:
CREATE DATABASE phpbbdb;Create a database user called phpbbuser with a new password:
Example:
CREATE USER 'phpbbuser'@'localhost' IDENTIFIED BY 'new_password_here';Then grant the user full access to the database by doing the following:
Example:
GRANT ALL PRIVILEGES ON phpbbdb.* TO phpbbuser@localhost IDENTIFIED BY 'new_password_here';Flush the privileges to make the changes activated:
FLUSH PRIVILEGES;Now exit:
EXIT;Your database for phpBB is now ready, and you will be entering the details once you get the web UI installation part of the tutorial.
PHP Configurement
To successfully install phpBB and operate it well into the future, you should increase a few options in the php.ini configuration file.
Firstly, open the php.ini file:
sudo nano /etc/php.iniNext, you will find recommended settings to work with phpBB. You will need to locate the settings and lines and change them to as follows:
max_execution_time = 180 (located on line 338)
max_input_time = 90 (located on line 398)
memory_limit = 256M (located on line 409)
upload_max_filesize = 64M (located on line 846)Optional, some increased security settings, this can be skipped:
cgi.fix_pathinfo=0
session.use_strict_mode = 1
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1
session.name = LCCookies (Change the name, example: POPme)
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = example.com (example only)
session.cookie_httponly = 1
session.cookie_samesite = StrictOnce done, CTRL+O to save then CTRL+X to exit the file.
Unlike LEMP installations on Debian/Ubuntu that use the (www-data) user, this isn’t the case with Rhel/Rocky Linux installations. By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.
Firstly, open following (www.conf) configuration file:
sudo nano /etc/php-fpm.d/www.confNext, replace the (Apache) user and group with the (Nginx) user and group:
To save, press (CTRL+O) then exit (CTRL+X).
You will need to restart PHP for the changes to be active:
sudo systemctl restart php-fpmNginx Configurement
In your Nginx server block, you need to declare the PHP upstream and then the PHP locations.
The best way to create a new server block, using a subdomain such as forums or community.
An example of this is below, modify to suit your needs:
First, create the server block:
sudo nano /etc/nginx/conf.d/phpbb.confNow copy and paste the following into the server block, modify the domain name, SSL, root path, and anything else to suit your needs. The locations and PHP itself should not be touched unless you know what you are doing.
Example only:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
root /var/www/html/phpbb;
index index.php index.html index.htm;
access_log /var/log/nginx/forums-access.log;
error_log /var/log/nginx/forums-error.log;
location / {
try_files $uri $uri/ @rewriteapp;
# Pass the php scripts to FastCGI server specified in upstream declaration.
location ~ \.php(/|$) {
include fastcgi.conf;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /app.php$is_args$args;
fastcgi_intercept_errors on;
}
# Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
}
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# Correctly pass scripts for installer
location /install/ {
try_files $uri $uri/ @rewrite_installapp =404;
# Pass the php scripts to fastcgi server specified in upstream declaration.
location ~ \.php(/|$) {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /install/app.php$is_args$args =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_intercept_errors on;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /install/app.php/$1 last;
}
# Deny access to version control system directories.
location ~ /\.svn|/\.git {
deny all;
internal;
}
gzip on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied any;
gzip_disable "msie6";
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 90d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 90d;
access_log off;
}
}Note, the line with “fastcgi_pass unix:/run/php-fpm/www.sock;” is essential; without it FPM won’t be able to communicate.
Once enabled, you can do a quick dry run test of your Nginx service to make sure everything is working correctly:
sudo nginx -t Example output if all is working correctly:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulNow restart the Nginx service for phpBB to be accessible via the web UI:
sudo systemctl restart nginxOptional – Secure Nginx with Let’s Encrypt SSL Free Certificate
Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).
First, install the EPEL repository and the mod_ssl package for better-updated packages and security.
sudo dnf install epel-release mod_ssl -yNext, install the certbot package as follows:
sudo dnf install python3-certbot-nginx -yOnce installed, run the following command to start the creation of your certificate:
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d forums.example.comThis is the ideal setup that includes force HTTPS 301 redirects, Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.
Now your URL will be https://forums.example.com instead of HTTP://forums.example.com.
Note, if you use the old HTTP URL, it will automatically redirect to HTTPS.
Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.
sudo certbot renew --dry-runIf everything is working, open your crontab window by using the following terminal command.
sudo crontab -eNext, specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help with finding a good time to set, use the crontab.guru free tool.
00 00 */1 * * /usr/sbin/certbot-auto renewSave (CTRL+O) then exit (CTRL+X), and the cronjob will be automatically enabled.
Part 2. phpBB Web UI Installation
If everything has worked correctly, we now move to the nominated address of your freshly installed phpBB forums. For our example, it is https://forums.linuxcapable.com for the tutorial example, and if successful, you will arrive at the main installation page for phpBB.
Once you arrive at the page, click the Install button on the left top-hand side to begin the graphical installation.
Example:
Next, you will be taken to the next screen advising you of the minimum specs and other technical information. After reading and double-checking, click the Install button on the bottom of the page.
Example:
On the next screen, you need to create the admin account for phpBB. Make sure this is filled correctly and with a strong password as this is important for recovery, amongst other things.
Example:
Now that you have entered your Admin details successfully, the database details screen will appear to fill out. First, keep the default MySQL with MySQLi Extension and enter localhost unless your database is located on a separate server, then place the server IP instead along with port if it was changed from the default.
Next in the tutorial example, the example database was named phpbb, with phpbbuser being the username that has access besides root to access the phpBB database. Lastly, the prefix is by default phpbb_, which you can keep the same, but if you are going to install multiple forums, it would be advised to change this to keep the prefix’s clean and separate.
Enter these and click submit to proceed.
Example:
Set your server configuration. If you are not running SSL, the default settings should be adequate. If you are running SSL, change them to suit your needs.
Example:
Next page, you can set up SMTP if you have a setup to enter. If not, leave defaults and hit next.
Example:
Set your Board Name / Title and Language. If you are unsure what to name your forums, leave defaults and hit submit. You can change these settings later.
Example:
After hitting submit, you should see a final screen similar to below with the forums installed and a link taking you to the ACP panel. If you have errors refer back as a step, permission may have been missed.
Post phpBB Installation
Remove Installation Directory
Congrats on getting to this part. After logging into your ACP panel for the first time, you will see a friendly big red alert telling you to remove or rename your install directory. It is recommended to delete, not move, the directory. To do this, use the following command in your terminal:
sudo rm -R /var/www/html/phpbb/installFix CHMOD Permissions (Critical Step)
While you are active doing terminal commands, It is critical to set the correct chmod permissions after the installation. The official phpBB guide on this can be found here. Skipping this can leave open some significant security risks, so please follow this precisely or in your way if you have a better technique but do not leave the default permissions!!
sudo find /var/www/html/phpbb -type d -exec chmod 755 {} \;
sudo find /var/www/html/phpbb -type f -exec chmod 644 {} \;Afterward, we need to give some folders/files some special permissions only as follows:
sudo chmod 777 -R /var/www/html/phpbb/files
sudo chmod 777 -R /var/www/html/phpbb/cache
sudo chmod 777 -R /var/www/html/phpbb/store
sudo chmod 777 -R /var/www/html/phpbb/images/avatars/uploadFailure to do this will break the functions of your board. Make sure you follow these paths strictly, or you may accidentally give your entire phpBB directory full read and write access back to the public, re-causing a security problem.
Set Cronjob for phpBB (Recommended)
The final last step in our guide is to set up a cronjob. Cronjobs are recommended on busy and slow forums to set up cron jobs to run every 5 minutes by phpBB standards.
Bring up crontab:
sudo crontab -eFirst cronjob option:
*/5 * * * * /usr/bin/php /var/www/html/phpbb/bin/phpbbcli.php cron:run > /dev/null 2>&1Example:
To save, CTRL+O then exits with CTRL+X. If correct, you will see the following output back in your terminal:
crontab: installing new crontabThis means it is installed and working, and it is advised to run cronjobs every 5 minutes with phpBB; however, you can adjust the times to suit your needs if you desire.
Now, navigate your Admin panel back in phpBB and enable the server cron job in your server settings.
Example:
Congrats, you have successfully installed phpBB forums, and you are ready to design your forums and get your community started. It is highly recommended to check out phpBB’s’ official website and wiki as it contains much information about customization of your forums, which would be too much to put in this guide we have created here.
Example:
Comments and Conclusion
As for security, the phpBB team has a track record of security. When investigating possible breaches, found users not focusing on “secure” installs, such as some of the steps we pointed out in the guide, like chmod permissions.
Overall, phpBB is a tried and tested open source free software that does not appear to disappear anytime soon. I never had an issue with a robust, hardened server, phpBB initial set up.
The 3rd party community is pretty good. A few of these to look at are SplickerSnap and DMZX, but I could list 20 or so more worthy of being mentioned.
