MyBB

Here is a basic configuration file, which works great as of MyBB 1.6.3.

server { server_name quantifiedselfforum.com; access_log logs/qsforum.access; error_log logs/qsforum.error error;

root /var/www/qsforum;

location / { index index.php; }

# Deny access to internal files. location ~ /(inc|uploads/avatars) { deny all; }

# Pass the php scripts to fastcgi server location ~ \.php$ { fastcgi_pass unix:/tmp/php.socket; # Necessary for php. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Unmodified fastcgi_params from nginx distribution. include fastcgi_params; }

}

There is a potential security flaw, e.g. if a user uploads an avatar images pic.gif with valid PHP-Code and calls it with /uploades/avatars/pic.gif/foo.php. The issue is discussed here. Because the link is ending with .php, nginx is passing it to the PHP interpreter. PHP can't find the file /uploades/avatars/pic.gif/foo.php, but it tries to be smart and executes /uploades/avatars/pic.gif as an PHP-script. To avoid this, you need to set cgi.fix_pathinfo=0 in your php.ini, which is set to cgi.fix_pathinfo=1 as default (unfortunately).

See PHPFcgiExample for details on creating the UNIX socket and this forum post on enabling human-understandable (aka SEO-friendly or human-readable) URLs using the Google SEO plugin.