28. Install MyBB

by Cover Tower - Updated July 23, 2021

MyBB is a free and open source forum application recommended by its structure, features and flexibility. The reason why we included MyBB and not phpBB in RED SCARF Suite, is that MyBB is by far superior, mainly because of its structure and ease of use. Some system administrators may believe that installing a forum plugin like bbPress or BuddyPress inside WordPress can fulfill all the needs related to forum software. If you take that route, you will soon understand that having a full-featured forum application independent of WordPress is by far better. Installing forum plugins inside WordPress usually leads to upgrade difficulties and decreased page loading speed. If you use such plugins, sooner or later you will find that they lack important functionalities which are offered by fully-fledged forum applications like MyBB. Apart from this, modularity is very important: if your forum is implemented by an application that is separate from WordPress, it means that they will function independantly and if one goes down for whatever reason, the other will continue to work.

MyBB allows admins to open/close/stick/unstick threads, move or copy threads, split and merge threads, merge selected posts together, merge users, send mass emails to users, ban users, add more user groups, etc. It displays a ‘who’s online’ list, it has a forum statistics page, a full text search engine, a customizable control panel, custom user permissions, ability to attach multiple files per post, quick moderation operations, email notification of new posts, creation of polls, quick reply box, it allows reporting posts to moderators, etc. Its features can be further extended by choosing one of the hundreds of plugins available. Its appearance can also be changed by installing different themes.

28.1. Create a database and a user for MyBB

First create a MyBB database, a user for this database and a password, using phpMyAdmin: log in to phpMyAdmin, click on ‘Databases’, enter mybb in the ‘Create database’ field, then click ‘Create’. Next click on ‘Home’ in the upper left corner, click on ‘User accounts’ in the upper bar, click on ‘Add user account’: in ‘User name’ enter mybbuser or other name, in ‘Host name’ select ‘Local’, so that the second field is populated with ‘localhost’, in ‘Password’ enter a strong password, then write it down to use it later, in ‘Re-type’ enter the same password again, then scroll down and click ‘Go’. Next, to give the user mybbuser all the priviledges over the mybb database click again on ‘User accounts’ in the upper bar, then next to mybbuser click on ‘Edit privileges’, then click on ‘Dababase’ tab, on the list of available databases, click on mybb to select it, then click ‘Go’. In the next window check ‘Check all’, then, under ‘Administration’ uncheck ‘GRANT’, which is not necessary, then click ‘Go’.

28.2. Download the latest release

The official MyBB website is: https://mybb.com/download/ . To download the latest version of MyBB, to extract the archive and move it to the appropriate directory, run the following commands:

cd /tmp

wget https://resources.mybb.com/downloads/mybb_1822.zip

unzip mybb_1822.zip

rm mybb_1822.zip

mv Upload /var/www/forum.example.com

Change example.com with your domain. Next, set the appropriate ownership and permissions:

chown -R www-data:www-data /var/www/forum.example.com
find /var/www/forum.example.com -type d -exec chmod 750 {} +
find /var/www/forum.example.com -type f -exec chmod 640 {} +

28.3. Obtain a Let’s Encrypt SSL certificate

Now edit the Nginx server blocks configuration file:

nano /etc/nginx/sites-enabled/0-conf

Create a new server block for forum.example.com, by adding the following lines:

server {
listen 80;
listen [::]:80;
server_name forum.example.com;

location /.well-known/acme-challenge {
root /var/www;
}
}

Restart Nginx:

systemctl restart nginx

Now edit your DNS settings. Add an A entry and an AAAA entry for forum.example.com . These entries are similar with the entries you already have for cloud.example.com. It’s just that instead of cloud you use forum .

Now you can install the Let’s Encrypt certificate for the forum.example.com domain. To do this just run:

certbot certonly –agree-tos –webroot -w /var/www/ -d forum.example.com

28.4. Configure Nginx for MyBB

Next, open the /etc/nginx/sites-enabled/0-conf file and replace the entire server block of forum.example.com that you set up earlier with the following server blocks, in order to allow Nginx to serve the site over SSL:

server {
listen 80;
listen [::]:80;
server_name forum.example.com;
return 301 https://forum.example.com$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name forum.example.com;
root /var/www/forum.example.com;
index index.php;

ssl_certificate /etc/letsencrypt/live/forum.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forum.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/forum.example.com/chain.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;

ssl_session_timeout 4h;
ssl_session_cache shared:SSL:40m;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security “max-age=63072000” always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
}

location /.well-known/acme-challenge {
root /var/www;
}

location / {
try_files $uri $uri/ /index.php?$args;
}

    # Deny access to internal files.
    location ~ /(inc|uploads/avatars) {
        deny all;
    }

location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}

# Deny access to hidden files and folders except for those used to update the Let’s Encrypt SSL certificate
location ~ /\.(?!well-known).* {
deny all;
return 403;
}

# Cache media files for 1 hour
location ~ \.(jpg|jpeg|gif|png|css|ico|xml|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$ {
allow all;
expires 1h;
add_header Pragma public;
add_header Cache-Control “public”;
}

access_log /var/log/sites/forum.example.com/access.log;
error_log /var/log/nginx/forum.example.com.error.log notice;
}

Create the robots.txt file:

cd /var/www/forum.example.com
nano robots.txt

If you want the forum to be indexed by search engines add the following content:

User-agent: *
Disallow:

If you want to set up a private forum that shouldn’t be indexed by search engines add:

User-agent: *
Disallow: /

Change ownsership and permissions:

chown www-data:www-data robots.txt
chmod 640 robots.txt

Create the access log directory:

mkdir -p /var/log/sites/forum.example.com

Save the file and exit.

systemctl restart nginx

28.5. Configure logrotate to rotate MyBB logs

Also, add a block for the MyBB access log in the /etc/logrotate.d/nginx file, in order to allow logrotate to properly rotate the access logs.

nano /etc/logrotate.d/nginx

/var/log/sites/forum.example.com/access.log {

missingok

rotate 10

compress

delaycompress

notifempty

create 0640 www-data adm

size 2M

sharedscripts

prerotate

if [ -d /etc/logrotate.d/httpd-prerotate ]; then \

run-parts /etc/logrotate.d/httpd-prerotate; \

fi; \

endscript

postrotate

[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`

endscript

}

28.6. Configure Fail2ban to protect MyBB against brute-force attacks

Navigate to /etc/fail2ban/filter.d:

cd /etc/fail2ban/filter.d

Create a new custom filter for MyBB:

nano mybb.conf

Enter the following content:

[Definition]

failregex = ^<HOST> .* \”POST /member.php HTTP/2.0\” 200 37.*$

^<HOST> .* \”POST /admin/index.php HTTP/2.0\” 200 858 .*$

ignoreregex =

Please note that there are two lines in the ‘failregex’ section: the first is to identify the failed log in attempts against the MyBB member login page, and the second is to identify the failed log in attempts against the admin login page. Next, edit the /etc/fail2ban/jail.local file:

nano /etc/fail2ban/jail.local

Right above the [phpmyadmin] block, add the following block:

[mybb]

enabled = true

filter = mybb

logpath = /var/log/sites/forum.example.com/access.log

port = 80,443

findtime = 3600

maxretry = 4

bantime = 604800

Replace example.com with your domain.

Reload Fail2ban:

systemctl reload fail2ban

28.7. Run the installation

Then open a browser and navigate to:

https://forum.example.com

You will see the welcome screen, where you can disable sending statistics about the server, then click Next:


The next screen is the License Agreement (GNU LGPL v.3). Click Next. The next screen should inform you that all the checks have been passed. Click Next.



In the next screen, in the ‘Database Engine’ field choose ‘MySQL Improved’, in the ‘Database Server Hostname’ leave localhost, in ‘Database Username’ enter mybbuser, in ‘Database Password’ enter the database user’s password, in ‘Database Name’ enter mybb, in ‘Table Prefix’ leave mybb_ , and in ‘Table Encoding’ choose ‘UTF-8 Unicode’. Then click Next.

In the next screen you will be informed that all the database tables have been created. Click Next.

In the next screen you will be informed that the default data has been inserted into the database tables. Click Next to insert the default MyBB template and theme sets into the database:

In the next screen you will be informed that the default theme and template sets have been successfully inserted. Click Next to configure the basic options. In the next screen, in ‘Forum Name’ enter a name for the first forum, in ‘Forum URL’ enter https://forum.example.com , in ‘Website Name’ enter forum.example.com , in ‘Website URL’ enter https://forum.example.com/ , in ‘Cookie Domain’ enter .forum.example.com , in ‘Cookie Path’ enter / , in ‘Contact Email’ enter admin@example.com or other email address that you want to set as contact address, and leave the ‘ACP PIN’ field empty. Then click Next. In the next screen, in ‘Username’ enter a username for the Administrator, enter a password two times and the Administrator’s email address, then click Next.

In the next screen you will be informed that the installation was successfull:



Although the install directory is locked, to prevent anyone from running the installation again you should remove the /var/www/forum.example.com/install directory by running:

rm -r /var/www/forum.example.com/install

You can view your forum by accessing:

https://forum.example.com

You can log in as Administrator by accessing:

https://forum.example.com/admin

28.8. Move the configuration file outside the web root

To increase the security of this installation, first copy the configuration file outside the web root directory, namely in /srv/scripts :

cp /var/www/forum.example.com/inc/config.php /srv/scripts/mybb.php

Then delete all the content of the /var/www/forum.example.com/inc/config.php file:

cat /dev/null > /var/www/forum.example.com/inc/config.php

Then open it:

nano /var/www/forum.example.com/inc/config.php

Add the following line inside it:

<?php include(‘/srv/scripts/mybb.php’); ?>

Change ownership and permissions for the mybb.php file:

chown www-data:root /srv/scripts/mybb.php
chmod 400 /srv/scripts/mybb.php

28.9. Create a new forum

Log in as Administrator. To create a new forum click ‘Forums & Posts’ > ‘Add New Forum’. Enter a title, a description and select a parent forum. In the ‘Permissions’ section you can allow or disallow actions for different user types by dragging the action name to the right or to the left column. You can leave all the permissions as default and click on ‘Save Forum’. The first page will look similar to this:

28.10. Create new users and groups

To create a new user go to ‘Users & Groups’ and click ‘Create New User’. Enter the user’s details, then click ‘Save User’.

To view or modify the permissions of a group of users go to ‘Users & Groups’, click ‘Groups’ in the left panel, then, next to the group that you want to view click ‘Options’ > ‘Edit Group’, then click on the different tabs to read and modify what the users in that group can do.

To create a new group go to ‘Users & Groups’, click ‘Groups’ in the left panel, then click ‘Add New User Group’. After adding all the details, click ‘Save User Group’.

28.11. Change forum theme

To change the default theme, once logged in as Administrator click on ‘Templates & Style’ > ‘Browse Themes’, choose a theme from the list and click ‘Download’ next to it. It will take you to the theme’s page on community.mybb.com . Click on the ‘Download’ tab, then ‘Download’ again, to download the theme’s archive to your computer. Next, extract the archive locally.

Then, create a copy of the original /var/www/forum.example.com/images directory, because we have to make changes to this directory:

cp -r /var/www/forum.example.com/images /var/www/forum.example.com/images_orig

Create a new folder dedicated to the new theme inside the images directory:

cd /var/www/forum.example.com/images
mkdir themename_theme

Next open FileZilla and connect to your server, then upload the archived theme to /var/www/forum.example.com/images/themename_theme. Extract the archive:

unzip themesarchivename.zip

Then, in the extracted theme’s folders, search for the folder named images (it is usually located in the upload subdirectory) and copy it to /var/www/forum.example.com, over the original images folder.

cp -r /var/www/forum.example.com/images/themename_theme/upload/images /var/www/forum.example.com

In this way, a few files in the /var/www/forum.example.com/images folder will be overwritten with the files of the new theme. The next step is to go to ‘Templates & Style’ > ‘Import a Theme’ > ‘Import from Local File’, click on ‘Browse’, then select the nameoftheme.xml file from the extracted theme directory, check ‘Ignore Version Compatibility’, ‘Import Stylesheets’ and ‘Import Templates’, then click ‘Import Theme’. Then, click on Templates & Style’ > ‘Themes’, in the list of available themes you will see the name of the new theme. To make it the default theme click the small arrow located on the same row. To view the new theme, click on ‘View Forum’ in the upper right corner.

Also, if you want to customize a theme, it’s recommended to create a new theme as a child of an existing theme and make all the modifications on the child theme. This way, when the parent theme will be updated, the changes will not be lost. To make a child theme of an existing theme go to Templates & Style’ > ‘Create New Theme’, enter the name for the new theme, select the parent theme from the drop-down list of available theme, then click ‘Create New Theme’. Then you can customize the child theme: Templates & Style’ > ‘Themes’, click on the name of the theme, then click on a stylesheet to edit it. You can also customize the look and structure of the templates of the new theme by clicking on Templates & Style’, then clicking on ‘Templates’ in the left panel, then clicking on the name of the theme whose templates you want to change, then clicking on a group of templates, then clicking on an individual template.

28.12. Upgrading MyBB

Before upgrading MyBB to a new version, it’s recommended to check if the new version has been tested and confirmed to function well within the suite by visiting this page.

When a new version of MyBB is available on the official website (https://mybb.com/download/), you can upgrade your existing installation by following the next steps:

1) It’s recommended to first announce your users that an upgrade will take place at a specific date, and that the forum won’t be available for a few hours. This can be done by placing an announcement on the forum (‘Forums & Posts’ > on the left panel, click on ‘Forum Announcements’, then on the list of forums, click on ‘Add Announcement’ next to the forum on which you want the announcement to appear; after you enter the title and the text click ‘Save Announcement’), or by sending an email to the registered users of the forum.

2) The second step is to prevent any users to interact with the forum during upgrade so as not to interfere with the process. The simplest way to do this is to add the following two lines inside the location / { block, located inside the Nginx server block for forum.example.com , like this:

location / {
allow 123.123.123.123;
deny all;
try_files $uri $uri/ /index.php?$args;
}

where 123.123.123.123 is your IP. This way, all the users, except you will be denied access to the forum during the upgrade process. Also, to make it look professional, add these two lines right above the location / { block:

location = /maintenance.html {}
error_page 403 =200 /maintenance.html;

Then create the maintenance.html file in the /var/www/forum.example.com directory:

cd /var/www/forum.example.com
nano maintenance.html

Add the following content to this file:

<!DOCTYPE html>

<html>

<head>

<title>Maintenance</title>

<style>

body { background-color: #ededed; }

#announcement { padding: 240px; text-align: center; font: Helvetica, sans-serif; color: #333333; }

p { font-size: 19px; }

</style>

</head>

<body>

<div id=”announcement”>

<h2>The forum is undergoing maintenance and will be back shortly!</h2>

<p>If you have any questions contact us at info@example.com</p>

</div>

</body>

</html>

Of course, change the text to meet your needs and change the email address. After you save this file, set the proper ownership and permissions:

chown www-data:www-data maintenance.html
chmod 640 maintenance.html

This way, all the users who will visit the forum during upgrade will see the maintenance page and will understand that there is nothing wrong.

Restart Nginx:

systemctl restart nginx

3) The third step is to make a backup copy of the forum files and database. To make a backup of the forum database log in to phpMyAdmin, click on the name of the MyBB database in the left panel to select it, then click on Export in the upper bar, then click on Go. Rename the resulting .sql file, including in its name the date of the backup. To make a copy of the forum files run the following commands:

cd /var/www
tar cf forum.example.com.tar.gz forum.example.com

Then rename the forum.example.com.tar.gz archive, including in its name the date of the backup, then download it via FTP to your local computer and place it along with the sql file that you have just created, in a safe location (external hard drive, etc.).

4) Disable all the plugins that you have enabled by going to ‘Configuration’ > ‘Settings’ > ‘General Configuration’, changing ‘Disable All Plugins’ from No to Yes then clicking ‘Save Settings’.

5) Download the new version of MyBB from the official download page: https://mybb.com/download/ . Extract the archive locally and find the ‘Upload’ directory, which is the one containing all the files and folders of the new version that we need to upload to the server. Use FileZilla or other FTP client to connect to your server and upload all the files and directories located inside the ‘Upload’ directory of the extracted archive in the /var/www/forum.example.com remote directory, overwriting the files of the old MyBB version. Then open a browser and access https://forum.example.com/install. Choose the option “Upgrade to MyBB 1.8….” and take care to select the current version number from which you upgrade, then follow the instructions to perform the upgrade.

6) Once the upgrade has finished, remove the /var/www/forum.example.com/install directory. Next, move the /var/www/forum.example.com/inc/config.php file outside the web root as explained earlier, to increase the security of the installation. Then inspect all the forum to see if everything looks as it should. If you have made changes to a theme as it’s recommended, using a child theme and modifying it instead of the parent theme, then the upgrade should not remove the customizations made to the child theme.

If you have installed a different language pack than the default English language pack, look at the official ‘Translations’ forum (https://community.mybb.com/forum-169.html) to see if there is a new language pack released for the new version of MyBB. If there is one, download it, then upload it to your server, according to the instructions that it contains.

If you have made changes to the default English laguange pack, read through the blog post announcement regarding the new MyBB version (https://blog.mybb.com/) for a list of changes to the language packs and apply the changes if necessary. You may need to copy the modified language files from the backup of /var/www/forum.example.com that you have made before starting the upgrade, to the new upgraded version of MyBB, in order to see the same changes in the new version.

Don’t forget to comment out the lines added earlier. Make them look like this:

# location = /maintenance.html {}
# error_page 403 =200 /maintenance.html;
location / {
# allow 123.123.123.123;
# deny all;
try_files $uri $uri/ /index.php?$args;
}

Restart Nginx:

systemctl restart nginx

You can send your questions and comments to: