How to Install phpBB with LEMP on Debian 12, 11 or 10

phpBB stands out as a premier open-source forum software, offering a feature-rich and user-friendly platform. For those running Debian-based systems, such as Debian 12 Bookworm, Debian 11 Bullseye, or Debian 10 Buster, integrating phpBB becomes even more advantageous. This guide will walk you through how to install phpBB with LEMP (Nginx, MariaDB, PHP) on these Debian versions, ensuring you have a robust forum platform tailored to your needs.

Key attributes of phpBB include:

• Open Source: Being free to use, modify, and distribute, phpBB boasts a dynamic community of developers and users actively contributing to its evolution.
• Extensibility: With many extensions and styles, phpBB offers extensive customization options, allowing you to shape your forum precisely to your requirements.
• Security: Prioritizing safety, phpBB frequently releases updates and patches, ensuring your forum remains shielded from emerging threats.
• Multilingual Support: With support for over 50 languages, phpBB truly caters to a global audience.
• User-Friendly Interface: Designed for accessibility, phpBB’s interface is intuitive for both novices and seasoned users.

When juxtaposed with other forum software, phpBB’s distinct advantages become evident:

• Its open-source nature contrasts with commercial solutions, allowing you to adapt and expand your forum without constraints.
• While some alternatives might promise a quicker setup, they often can’t match the depth of customization that phpBB delivers.
• The active phpBB community drives the software’s development and offers invaluable resources and support.

Debian’s reputation for stability and security makes it an ideal host for phpBB. The APT package manager in Debian simplifies the installation process, making it approachable even if you’re not a Linux expert. As we progress in this guide, you’ll gain insights into installing phpBB on your Debian system, setting the stage for vibrant online interactions and a flourishing digital community.

Section 1: Setting Up LEMP (Nginx, MariaDB, PHP) on Debian

Step 1: Updating the Debian System

Before installing the LEMP stack, ensuring that your Debian system is up-to-date is essential. This step helps avoid package conflicts and ensures smooth execution of subsequent processes. It also aligns your system with the latest security patches and software improvements. To update your system, execute the following command:

sudo apt update && sudo apt upgrade

The sudo apt update command updates the list of available packages and their versions, while sudo apt upgrade installs the latest versions of the packages you have.

Step 2: Installing NGINX

NGINX, an open-source, high-performance HTTP server and reverse proxy, is the cornerstone of the LEMP stack. To install NGINX, execute the following command:

sudo apt install nginx

After the installation of NGINX, the service usually starts automatically. However, it’s good practice to confirm this and ensure it’s operating as expected. You can verify the status of the NGINX service by issuing the following command:

systemctl status nginx

You should see an output indicating the active (running) status of the NGINX service, confirming the successful initiation of NGINX. If the server hasn’t started for any reason, the following command can start it and also set NGINX to launch automatically upon system reboot:

sudo systemctl enable nginx --now

This command ensures that the NGINX service is both enabled to start on boot (enable) and started immediately (–now).

Optionally, you can visit the server IP address to verify Nginx is installed, you should see a similar test page:

Step 3: Installing MariaDB

The next step in setting up the LEMP stack is installing the database module. MariaDB, known for its performance and various supplementary attributes, is preferred over MySQL within the LEMP stack. To install MariaDB, execute the following command:

sudo apt install mariadb-server mariadb-client

Step 4: Verifying MariaDB Service

Once MariaDB is installed, it’s crucial to confirm the status of the MariaDB service. It’s important to ensure that the MariaDB service is enabled and operating correctly. The command to inspect the service’s status is as follows:

systemctl status mariadb

You can execute the following command if the server has not been activated. This will ensure that MariaDB is not only started immediately but also set to boot up upon every system reboot automatically.

sudo systemctl enable mariadb --now

Step 6: Securing MariaDB Installation

Securing your database is fundamental in setting up a robust and reliable system, and MariaDB is no exception. After the installation, it’s highly recommended to run the security script that comes with the installation. This script strengthens the MariaDB installation by modifying its default settings, often considered insecure, thereby protecting the system from potential unauthorized access or exploitation.

To run the MariaDB security script, known as mysql_secure_installation, issue the following command:

sudo mysql_secure_installation

Once the security script is executed, the next step involves adjusting various settings to enhance the security of your MariaDB installation. These changes include setting up the root password, restricting remote access, eliminating anonymous user accounts, and removing the test database. Each of these adjustments adds a layer of security to your MariaDB installation, helping to protect it from potential security threats.

Let’s delve into each of these adjustments:

• Setting up the root password: This is the password for the root user of your MariaDB installation. It’s crucial to choose a strong password to prevent unauthorized access.
• Restricting remote access: The root user can access the database from any location by default. Restricting remote access ensures that the root user can only access the database from the local machine, reducing the risk of remote attacks.
• Eliminating anonymous user accounts: Anonymous user accounts have no names. These accounts pose a security risk as they can be used to gain unauthorized access to the database. The security script allows you to remove these accounts.
• Removing the test database: MariaDB has a test database that any user can access. This database is unnecessary for production use and can be safely removed to reduce the attack surface.

By taking the time to secure your MariaDB installation, you’re taking a significant step toward ensuring the integrity and security of your data.

Step 6: Installing PHP and PHP-FPM

The final component of the LEMP stack is the PHP service, which acts as the bridge between Nginx and MariaDB. This bridging is accomplished by the PHP-FPM service and extra modules required by phpMyAdmin. To install PHP, PHP-FPM, and the required modules on your Debian system, run the following command:

sudo apt install php-fpm php php-cli php-mysql php-curl php-common php-mbstring php-xml

Step 7: Verifying PHP Service Status

After the installation, it’s critical to confirm the status of the PHP service. This validation ensures that PHP is enabled and operates flawlessly without any errors. The command is contingent on the version of PHP installed; in our case, it was PHP 8.2.

systemctl status php8.2-fpm

Step 8: Activating PHP Service

If the PHP service is inactive, the following command enables it and ensures it auto-starts with every system reboot.

sudo systemctl enable php-fpm --now

This command will activate the PHP-FPM service and ensure it starts automatically during each system boot-up.

Section 2: phpBB Backend Installation

With the LEMP stack successfully installed, it’s time to proceed with the installation of phpBB forums. As of the time of this tutorial, the latest version is phpBB 3.3.10. However, this may change over time as new releases are typically rolled out every six months. To verify the current version, visit the phpBB downloads page.

Step 1: Downloading phpBB and Setting Up Directories

First, download the phpBB package:

cd /tmp && wget https://download.phpbb.com/pub/release/3.3/3.3.10/phpBB-3.3.10.zip
unzip phpBB-3.3.10.zip
sudo mv phpBB3 /var/www/html/phpbb

Next, modify the directory permissions for NGINX:

sudo chown -R www-data:www-data /var/www/html/phpbb
sudo chmod -R 755 /var/www/html/phpbb

Step 2: Configuring MariaDB for phpBB

Now, create a database for your phpBB installation. First, open the MariaDB terminal as root:

sudo mysql -u root -p

Create the database for your forums:

CREATE DATABASE phpbb;

Create a new database user called phpbbuser with a new password:

CREATE USER 'phpbbuser'@'localhost' IDENTIFIED BY 'new_password_here';

Grant the user full access to the database:

GRANT ALL ON phpbb.* TO 'phpbbuser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;

Flush the privileges to apply the changes:

FLUSH PRIVILEGES;

Exit the MariaDB terminal:

EXIT;

Your database for phpBB is now ready. You will enter these details during the web UI installation part of the tutorial.

Step 3: Configuring PHP for phpBB

To ensure a successful phpBB installation and its optimal operation, you should adjust a few options in the php.ini configuration file.

Open the php.ini file:

sudo nano /etc/php/{version}/fpm/php.ini

Please remember to replace {version} with the specific PHP-FPM version that you have installed, such as 8.2, 8.1, 8.0, or 7.4, etc.

Locate the following settings and adjust them as follows:

max_execution_time = 180
max_input_time = 90
memory_limit = 256M
upload_max_filesize = 64M

These settings are generally standard, but if you’re using a VPS with limited resources or shared hosting, you may need to adjust them lower. Remember that each phpBB installation, like any other CMS system, can vary.

Once done, save and exit the file. You will need to restart PHP FPM for the changes to take effect:

sudo systemctl restart php8.2-fpm

Step 4: Configuring Nginx for phpBB

In your Nginx server block, declare the PHP upstream and then the PHP locations. The best way to do this is to create a new server block using a subdomain such as forums or community.

First, create the server block:

sudo nano /etc/nginx/sites-available/phpbb.conf

Copy and paste the following into the server block, modifying the domain name, SSL, root path, and anything else to suit your needs. The locations and PHP should not be touched unless you know what you’re doing.

Attention: The following Nginx configuration syntax markdown includes annotated comments aimed to guide you in personalizing the configuration according to your specific requirements. We highly recommend carefully scrutinizing each segment and making appropriate adjustments to suit your system configuration. Your attention to these details is greatly appreciated.

# Upstream to abstract backend connection(s) for PHP
upstream phpbb {
    # Path to PHP 8.2 FPM socket, replace this with your own socket path
    server unix:/run/php/php8.2-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;

    # Change these to your main server name(s)
    server_name www.example.com example.com;

    # Replace this with your site root directory
    root /var/www/html/example.com-root/;
    index index.php index.html index.htm index.nginx-debian.html;

    # Change this to your specific server name
    server_name forums.linuxcapable.com;

    # Replace this with your site root directory
    root /var/www/html/phpbb/;
    index index.php index.html index.htm index.nginx-debian.html;

    # Log files, replace these paths if you have different log file paths
    access_log /var/log/nginx/forums-access.log;
    error_log /var/log/nginx/forums-error.log;

    location / {
        try_files $uri $uri/ @rewriteapp;

        # PHP processing, make sure to use your own upstream name if different
        location ~ \.php(/|$) {
            include fastcgi.conf;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /app.php$is_args$args;
            fastcgi_pass phpbb;
            fastcgi_intercept_errors on;    
        }

        # Deny access to certain PHPBB files
        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
            deny all;
            internal;
        }
    }

    location @rewriteapp {
        rewrite ^(.*)$ /app.php/$1 last;
    }

    location /install/ {
        try_files $uri $uri/ @rewrite_installapp =404;

        # PHP processing for installer
        location ~ \.php(/|$) {
            include fastcgi.conf;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            try_files $uri $uri/ /install/app.php$is_args$args =404;
            fastcgi_pass phpbb;
            fastcgi_intercept_errors on;    
        }
    }

    location @rewrite_installapp {
        rewrite ^(.*)$ /install/app.php/$1 last;
    }

    # Deny access to version control system directories
    location ~ /\.svn|/\.git {
        deny all;
        internal;
    }

    gzip on; 
    gzip_comp_level 6;
    gzip_min_length 1000;
    gzip_proxied any;
    gzip_disable "msie6";

    # Gzip compression types
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;

    # Static assets, media
    location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
        expires    90d;
        access_log off;
    }

    # SVG, fonts
    location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
        add_header Access-Control-Allow-Origin "*";
        expires    90d;
        access_log off;
    }
}

After setting up, enable the new server block:

sudo ln -s /etc/nginx/sites-available/phpbb.conf /etc/nginx/sites-enabled/

You can now check the configuration:

sudo nginx -t 

If all is set correctly, you’ll see:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the Nginx service to make phpBB accessible via the web UI:

sudo systemctl restart nginx

This completes the backend installation of phpBB.

Step 5: Implementing SSL Encryption with Let’s Encrypt (Optional)

If you intend to secure your Nginx server with HTTPS, a smart choice would be to utilize Let’s Encrypt. Let’s Encrypt is a reputable, free, fully automated certificate authority governed by the nonprofit Internet Security Research Group (ISRG).

Installing Certbot

Our first step involves installing the Certbot package. Certbot is an efficient client for Let’s Encrypt and can automate certificate issuance and installation with no downtime. Certbot also has a fairly rich command line interface.

To install the Certbot package, use the following command:

sudo apt install python3-certbot-nginx -y

Creating Your Certificate

With Certbot installed, we can now generate your SSL certificate. This procedure involves running the following command:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d forums.example.com

The command we’ve issued facilitates an optimal setup, which includes force HTTPS 301 redirects, Strict-Transport-Security header, and OCSP Stapling. Each of these elements contributes towards the security of your server.

Replacing ‘you@example.com’ and ‘forums.example.com’ with your email and domain name is crucial.

Transition to HTTPS

Upon successful execution of these commands, your forum should now be accessible via HTTPS at https://forums.example.com instead of the previous http://forum.example.com. Any attempts to access the old HTTP URL will be seamlessly redirected to the secure HTTPS version.

For further reading on securing Nginx, refer to our detailed guide on How to Secure Nginx with Let’s Encrypt on Debian Linux.

Section 3: Complete the phpBB Web UI Installation

Having successfully set up the backend, we’ll now transition to the frontend to complete the phpBB installation. You can access the installation page by visiting your designated phpBB forum URL. For illustrative purposes, we’re using https://forums.linuxcapable.com.

Step 1: Initiating the Installation

Upon visiting the specified URL, you’ll land on the phpBB installation page. Initiate the process by clicking the ‘Install’ button in the page’s upper left corner.

You will then be directed to a page detailing the minimum system requirements and other essential technical specifications for phpBB.

Once you’ve ensured your system meets these prerequisites, click ‘Install’ at the bottom of the page.

Step 2: Setting Up the Admin Account

The next stage involves creating your phpBB admin account. Using a strong password for this account is vital, as it’s crucial for recovery and overall security.

Step 3: Configuring Database Details

You’ll be prompted to provide database details after establishing your admin account. Maintain the default ‘MySQL with MySQLi Extension’, and enter ‘localhost’ unless your database resides on a different server. In that case, input the server IP and port (if it’s not the default).

Our tutorial utilizes a database named ‘phpbb’, with ‘phpbbuser’ as the user granted access (alongside root) to the phpBB database. Retain the default prefix’ phpbb_’, unless you plan on hosting multiple forums, in which case, altering the prefix can help differentiate them.

Step 4: Finalizing Server Configuration

Next, you’ll have the opportunity to configure your server settings. The default configurations should suffice if you’re not running SSL. However, if you’ve implemented SSL, adjust the settings to align with your specific requirements.

Step 5: SMTP Setup

Following server configuration, you can establish SMTP settings, if applicable. If not, you can skip this step and proceed with the default settings.

Step 6: Establishing Forum Details

Finally, designate your forum title and choose the desired language. If you’re uncertain about the forum title, the default option can be utilized for now; you can always revise this later.

Upon completing these steps, you should reach a concluding screen, confirming the successful installation of your phpBB forum, along with a link directing you to the ACP (Admin Control Panel). If you encounter any errors, you might need to revisit previous steps to ensure no steps or permissions have been overlooked.

Section 4: Completion of phpBB Installation and Configuration

Eradicating Installation Directory

Congratulations on reaching this stage. Upon your initial login into the phpBB Admin Control Panel (ACP), you’ll be greeted with a prominent red alert instructing you to either rename or eliminate your install directory. It’s highly recommended to delete this directory rather than just moving it. To accomplish this, execute the following command in your terminal:

sudo rm -R /var/www/html/phpbb/install

If you do not do this, you will most likely find your forum will not be able to be used until you have removed the install directory:

Setting the Correct CHMOD Permissions (Vital Step)

While we’re engaged with terminal commands, assigning the appropriate CHMOD permissions following the installation is crucial. The authoritative guide for this on phpBB’s official website can be located here. Bypassing this step could expose your system to significant security vulnerabilities, so please execute this exactly or utilize your method if you believe it’s superior, but refrain from maintaining the default permissions!!

Execute the following commands:

sudo find /var/www/html/phpbb -type d -exec chmod 755 {} \;
sudo find /var/www/html/phpbb -type f -exec chmod 644 {} \;

Subsequently, we need to accord some special permissions to certain directories and files:

sudo chmod 777 -R /var/www/html/phpbb/files
sudo chmod 777 -R /var/www/html/phpbb/cache
sudo chmod 777 -R /var/www/html/phpbb/store
sudo chmod 777 -R /var/www/html/phpbb/images/avatars/upload

Neglecting to do this will disrupt the functions of your board. Ensure you adhere to these paths strictly; otherwise, you may inadvertently grant the entire phpBB directory unrestricted read and write access, reintroducing a security issue.

Instituting a Cronjob for phpBB (Recommended)

The concluding step in this guide is the establishment of a cronjob. On forums with substantial traffic or slow response times, it’s recommended to configure cron jobs to execute every 5 minutes, per phpBB’s guidelines. Here’s how to do this.

Launch crontab with this command:

sudo crontab -e

Option for the first cronjob:

*/5 * * * * /usr/bin/php /var/www/html/phpbb/bin/phpbbcli.php cron:run > /dev/null 2>&1

To save, press CTRL+O, and to exit, press CTRL+X. If done correctly, you’ll see the following response in your terminal:

crontab: installing new crontab

This response indicates that the cronjob is active and functioning. Although phpBB recommends running cronjobs every 5 minutes, you can adjust the frequency to suit your needs.

Finally, return to your phpBB Admin Panel and enable the server cron job in your server settings.

With these steps, you’ve successfully completed the post-installation phase for your phpBB installation on Debian.

Conclusion

In this guide, we have taken you through the steps involved in installing and configuring phpBB with a LEMP stack (Nginx, MariaDB, and PHP) on Debian 12 Bookworm, Debian 11 Bullseye, or Debian 10 Buster. We discussed the initial system setup, software installation, database setup, and phpBB configuration. Post-installation steps such as removing the install directory, setting correct CHMOD permissions, and setting up a cron job were also covered to secure and optimize your phpBB installation.