You don’t generally need to backup all of your tables before updating phpBB

Updated October 13, 2019 to mention that the phpbb_migrations table is always changed with an update.

When updating phpBB, you should backup your database. That’s the guidance given by the phpBB Group. Updates occur when you are moving from one micro version of phpBB to another, say 3.2.6 to 3.2.7. When moving from minor versions, like 3.1 to 3.2, you are doing an upgrade and different procedures apply.

It’s never a bad idea to backup your database. It can be done manually in phpBB: ACP > Maintenance > Backup. This method though is not foolproof. Particularly on larger forums or on shared hosting, backups can time out. Sometimes you think you have a complete backup and you don’t. The only way to know for sure is to download it, and examine it in an editor. If the bottom of the file shows the phpbb_zebra table is being populated and ends with a semicolon, it should be complete. Web hosts often offer features that make automatic database and file backups for you.

But it turns out that when making updates, generally not much of your forum’s database actually changes. Only two tables are guaranteed to change: phpbb_config and phpbb_migrations. (I use phpbb_ as your table prefix. Yours may be different. You can see your actual table prefix in your forum’s config.php file.) This is because phpBB always tracks the current version of phpBB installed, and it is stored as a row in this table. And with each update, one or more rows are added to the phpbb_migrations table to indicate what migrations were made.

Most updates don’t affect many tables. In fact, it’s typical that only the phpbb_config and phpbb_migration tables are affected.

So there is no point in making a full backup of your database prior to updating if you don’t need to. It’s a real hassle on larger forums.

It turns out that if you look through phpBB’s code you can figure out which tables are updated. The /phpbb/db/migration folder contains a number of subfolders. The programs in these subfolders do the work of changing your database during updates.

For example, there is a v320 folder. This contains the migration programs used to bring phpBB up to version 3.2.0.

There is also a v32x folder. This contains the migration programs used for each version update of phpBB 3.2. You can infer from the file names which these are. For example, v321.php and v321rc1.php are used to update from phpBB 3.2.0 to 3.2.1. “rc” in the file name means “release candidate”. There is typically at least one release candidate before an official release. So it’s a matter of reading these programs to see what tables are actually affected.

That’s what I did, and you can see the results on my Do I need to update page. Or you can examine them yourself. I’ll keep the update page updated as new micro releases occur. You might want to bookmark it and refer to it before doing your own update.

Of course, I do updating as a service. You can see my pricing here and send me a service inquiry if you’d like to get started.

If you do it yourself, follow the official procedures on phpBB’s update page. But you may decide to backup only the tables that are actually changed to save yourself extra hassle. If an error occurs, restore these tables and recover your files.

 

Using unapproved extensions is dangerous

As more phpBB extensions are developed, they are becoming more popular. Extensions add functionality to phpBB beyond what is available by default. Based on my work with clients, most have extensions installed, so I factor them in when updating or upgrading their forums. They often need to be upgraded as well when a forum is upgraded or updated.

The phpBB Group maintains a database of approved extensions. Both the phpBB Group and me recommend that if you install an extension that you only install extensions downloaded from this database. This is because approved extensions are quality checked by the phpBB Extensions Review Team. The team thoroughly inspects the extension and ensures they adhere to all coding standards as well as use best practices to minimize security issues. An extension typically goes through a number of reviews before it is accepted, if it is accepted. So you can have confidence that if you download an official extension it is of high quality and secure.

If you are not familiar with how to install extensions, the instructions are on the Manage extensions page: ACP > Customise > Manage extensions.

Unapproved extensions fall into two categories:

  • Extensions in development
  • Third-party extensions

Extensions in development

Extensions don’t appear out of nowhere. Like all software, they go through a development process. You can see a list of extensions in development on that forum. The topic title is prefixed by the state of the extension in brackets. Links to the extension for downloading are in the first post. If you have feedback on the extension, you leave it as a post on the topic.

The phpBB group has extension authors self-certify the quality of the extension they are creating. This is similar to other software. The levels from most risky to least risky are:

  • [DEV] – Development – the extension is very recent and is being issued for feedback and to refine features. It should only be used on a test board.
  • [ALPHA] – Alpha – The extension is no longer in development. The feature set is largely set and the code quality has been refined. Traditionally an alpha release has meant that it is to be used “within an organization”. Alpha release testers are expected to provide feedback and significant bugs and security issues may be experienced. “Within the organization” has no meaning with phpBB so it simply indicates it’s out of the principle early development phase. Using it on a live, production board is quite risky and definitely not recommended. A download link is usually provided.
  • [BETA] – Beta – The extension is designed to be used and tested by a larger group of people. There may be significant bugs and security issues. It should not be used on a production forum, but the code quality should be pretty high at this point and most bugs should have been addressed. A download link is required.
  • [RC] – Release candidate – Most of the bugs have been found and fixed. The release candidate could be submitted for formal review for inclusion as an extension if no more issues are discovered as a result of testing. The extension should be stable with no more features anticipated. Using it on a production forum is not recommended, but if you choose to do so anyhow it is likely to work as intended and not show any problems. Release candidates are submitted to the phpBB Group extension review team at the author’s discretion.
  • [CDB] – Customise database. You will see this in the Extensions in development forum. It means that the extension is approved. There should be a link to take you to its official page on phpbb.com. The topic is locked.
  • [ABD] – Abandoned. The extension author abandoned work on the extension. It is not approved, should not be used but some other extension author could take up working on the extension. These are placed in their own abandoned extensions forum.

There may be multiple versions of the extension in each phase. Generally extensions in development start with 0.1 and as an extension reaches Alpha or Beta stage it becomes 1.0. But there is no fixed standard for version numbers other than the PHP Composer guidelines. The extension is usually suffixed by the build quality, ex: 0.1.0-dev. The extension is usually downloaded from GitHub.

Third-party extensions

Third-party extensions are usually developed by commercial companies and typically tie into existing products outside of phpBB. Companies can submit their extensions for review by the phpBB group but usually don’t. This is because a review is time consuming. It can take months to get a review, then multiple issues must be fixed, and the extension resubmitted. This is not agile enough for many companies. In addition, the phpBB Group frowns on software that does not use an open source license. Many third-party extensions are issued with open source licenses but tie into products or services that are not.

When you use one of these extensions, you are assuming significant risk. Obviously, these companies don’t want their reputation besmirched, so generally they will take the time to write a quality extension and possibly adhere to the coding standards for extensions. But since in most cases they aren’t approved extensions, they are risky because they were not reviewed by the phpBB group to ensure their quality. They are typically downloaded from the company’s website or from their GitHub page.

Tapatalk

Tapatalk is a smartphone app that allows you to use the same user interface to access multiple forums, phpBB or otherwise. Prior to phpBB 3.1 the Tapatalk modification was widely used because styles for phpBB were not responsive, i.e. did not resize intelligently for mobile devices. Since phpBB 3.1, approved styles must be responsive, so users can use a browser on their smartphone to access the forum without the hassle of the past. Still, many people like the convenience of using one app to access multiple forums, so Tapatalk developed an extension. It creates an interface between phpBB and the Tapatalk app.

This extension is not approved and likely would never be approved by the phpBB Group. Why? When you install the extension, although an interface is seen in the /ext folder as usual, there is also a /mobiquo folder installed in your forum’s root directory. The software in the /mobiquo folder does most of the work of communicating between phpBB and the Tapatalk app. Tapatalk is available for other forum solutions too, and they use a similar architecture. The /mobiquo folder does all the data munging, so it is unique and proprietary. phpBB’s extension architecture requires that all extensions work within the /ext folder. Since Tapatalk doesn’t do this and its data munging is proprietary, it’s unlikely to ever be approved. It’s clear that Tapatalk developers don’t want to try.

More importantly, Tapatalk injects a major vulnerability in that it can bypass phpBB’s functions that do important work like posting to the database. This makes it dangerous. You should encourage your users to use a mobile browser instead of Tapatalk to access your forum. Ideally, you should disable and uninstall the extension.

Cleantalk

Cleantalk is an antispam service. Cleantalk’s extension for phpBB is approved, but it’s very old (2016 as of this writing). It may be that a newer version of the extension has been submitted for review, but the version on phpBB.com probably won’t work on phpBB 3.2. If it does, it’s missing many features. So as a practical matter, if you use Cleantalk you will want to get its most recent published version off of GitHub. Just bear in mind it’s a version that has not been approved by the phpBB Group, so using it may be risky.

Proprietary style user interfaces

Many proprietary (paid) phpBB styles come with a user interface that makes it easier to customize the style, doing things like changing background colors easily, swapping in different logos, changing fonts, etc. Because these styles are proprietary, they are not free and thus not allowed on the list of approved styles for phpBB. Consequently, extensions bundled with their styles are not approved as well. Using a proprietary style incurs some risk by itself. Using an extension used to manage the style adds additional risk.

The phpBB file structure

I try to write at least one “tip” post a month. Today I want to dig into phpBB’s file structure. Looking at the folder and file names, a lot of it is self explanatory, but not all of it is.

To start, the file structure has two parts: data and software. Most of it is software which is replaced with upgrades or updates. But some of it is pure data and must be carefully avoided when upgrading or updating. Note that most of your content is actually stored in a database attached to your forum.

Data folders

There are three data folders:

  • /files contains any files that are uploaded by users, with a few exceptions. Mostly these are images attached to posts, but sometimes they are documents attached to posts if permissions allow. If you go into the files folder though, you will see file names that don’t look the least bit like images and lack the file suffix you would expect, such as a .jpg, .gif or .png. The file names look all scrambled, such as “2_09acd47ea11adef5e4d9cac2903e4ddc”. This is mostly a random hexadecimal file name created by the phpBB software. Its purpose is to hide the intent of the file. If a file represents a thumbnail, it is prefixed with thumb_. phpBB uses a database table, the phpbb_attachments table, and a program called download/file.php to actually render the file. file.php sends HTTP headers that tell the browser how to interpret the file, such as a JPEG image. It’s actually quite clever — security through obscurity! Unless you are on the forum reading a topic, you have no idea what the uploaded file name was, its file type, or who uploaded it. Moreover, you can only indirectly download it. You don’t want to tamper with this folder as it must be consistent with the phpbb_attachments table. Since uploaded files must be stored, this folder must have 777 file permissions.
  • /images contains images, which is not too surprising but not any images users attached to posts, as they are in the /files folder. If you drill down into the folder you will see a bunch of subfolders that describe the content of images placed inside them, such as /avatars, /ranks and /smilies. If you allow users to upload an avatar, they are stored in the /images/avatars/upload folder, which is why this folder should have 777 file permissions. If you add rank images or smilies packs, they must be uploaded with FTP into the appropriate folder to be seen and used. In general, you don’t need to mess with this folder. Just leave it alone. But since there is no software inside it, it’s a pure data folder.
  • /store contains miscellaneous files that may be created by phpBB. It is most often used to store an extract of your database, which you can do: ACP > Maintenance > Backup. If you recover your database, it will read the file placed here using the ACP > Maintenance > Restore function. It has occasional other uses. When upgrading or updating phpBB, lock files are created here. If things go awry you may have to manually delete them. Extensions that store data outside of the database may also write data here. These folders must be identified by the vendor and extension name. For example, my digests extension uses a /store/phpbbservices/digests folder.

Styles folder

The /styles folder can be considered a data folder, but only if you made custom changes to the styles. Your custom changes will get overwritten with a phpBB upgrade or update, or if you update a non prosilver style. As a general practice, you should backup all your folders and files before upgrading or updating. But if you made custom changes to a style, you really need to back these up and reapply them if desired after an update or upgrade. You might want to read my post on creating a custom style to minimize the impact of these changes.

Cache folder

The /cache folder hints on its function: it creates a “cache” of PHP scripts that speed up the process of rendering web pages. For example, your style creates a unique look for your site, so parts of the web page are actually a .php program placed here dynamically created by phpBB.

The cache folder is new since phpBB 3.0, but since phpBB 3.2 there are two major subfolders: /cache/production contains your “production” cache and /cache/installer is used during updating or upgrading phpBB. The cache folder itself must have 777 permissions so they can be publicly written to. The same is true with all folders and files inside it: folders must have 777 file permissions and files must have 666 file permissions.

When you click on the “Purge the cache” button in the ACP, you are destroying files in the /cache/production folder. If you accidentally delete files in the cache folder outside of phpBB, they will get recreated. You will notice a little lag rendering these web pages while the cache files are recreated.

Tip: if you get weird error messages that seem to lock up your board, use your FTP program or web host control panel file manager to delete the files and folders in the /cache/production folder. Often, the site will come back up with a page refresh!

config.php file

This is a critical file in your forum’s root folder that is essentially a data file and should not normally be messed with. Why? This joins phpBB software to your database, so it contains your database host server, name and the credentials of the account (including the password!) to your database. Consequently, don’t mess with this file unless you know what you are doing and do not allow it to be publicly readable. Ideally, the file will have 600 file permissions.

Tip: if you move from PHP 5.x to 7.x and you get a message saying mysql drivers are not supported, edit the line in this file:

$dbms = 'mysql';

changing to:

$dbms = 'mysqli';

and your forum should come up! PHP 7 does not support older mysql drivers and requires the newer mysqli (i is for “interactive”) drivers.

Software folders

With the exception of the above files and folders, all the other folders and files are software. I use the term “software” liberally. Technically, only PHP programs and Javascript files are “software” in that they implement programmatic logic. In reality though there are a host of technologies used to render phpBB including HTML, CSS, jQuery and XML. 

For the most part the folder name describes what they do, so I’ll concentrate on important folders.

  • Principle programs. The principle programs are in the forum’s root file. For example, index.php renders the index and viewtopic.php assembles and presents all posts in a topic. Obviously you don’t want to edit any of these.
  • /adm contains the styles used inside the Administration Control Panel. The actual ACP software is in /includes/acp.
  • /ext folder contains extensions. Extensions are additional functionality that developers write that does not come “out of the box” with phpBB. They are placed in an ext/vendor/package folder. For example, my digests extension if installed is in the /ext/phpbbservices/digests. The vendor is phpbbservices and the extension name is digests. These must be uploaded with FTP then enabled: ACP > Customise > Manage extensions
  • /includes contains key support programs used by the principle programs.
  • /language contains various language translations. British English is provided. If you install one or more language packs, they are uploaded to this folder. For example, a French language translation will be in a /language/fr folder.
  • /phpbb contains a set of phpBB objects and services that “object-orient” phpBB. This object-orientation became system-wide starting in phpBB 3.1. Most programs in the /includes folder as well as the key programs use one or more objects or services in these folders.
  • /vendor contains third-party software than phpBB needs to run. Since phpBB 3.1, phpBB has depended on a number of high-quality, 3rd-party software solutions. If you look inside the /vendor folder you can see all of them. For example, phpBB uses the /vendor/twig folder’s software for handing its templates, i.e. inserting dynamic data into web pages.

Hopefully this gives you a good idea of how phpBB’s file organization works.

 

Your web host may be virtual

Introduction

I recently wrote a post about putting phpBB in the Google Cloud. I learned that it’s not too hard to do if you have decent technical skills or even if they are more modest. There could be some serious upsides to putting your forum in a cloud like Google’s, Amazon Web Services (AWS) or Microsoft Azure. (There are other cloud vendors out there.) These could include lower costs, higher uptime, and scalability if you forum gets suddenly popular.

Most of us though contract with web hosts. For example, I use Siteground. Web hosts have server rooms somewhere where they keep all the equipment they need to host your forum plus lots of other websites. Most web hosts have multiple server rooms in various countries. The closer these are to their customers and their site viewers, the better. For example, Siteground has server farms in Chicago, London, Amsterdam and Singapore. They have incentive to organize their data centers to be fast and reliable because they control them. Siteground does this not only with four server farms, but by having an end-to-end solid state infrastructure. They figured out that although solid state drives (SSDs) were more expensive, they were heaps more reliable and faster than filling their server rooms with mechanical disk drives. It’s been key to their success as a company.

Virtual hosting

These days though some web hosts are figuring out they don’t need to bother with the actual hosting anymore. There are two ways they do this. One is old, the other is new.

The first way is to be a reseller. For example, ABC Hosting may actually rent servers in (hypothetically speaking) a Rackspace server room. Becoming a reseller is not hard. Siteground will let you be a reseller. Resellers are often people like me who have multiple clients and as a convenience to their customers also provide hosting. I don’t want to bother setting up a server farm, particularly if I can lease one. If I did, I would probably choose to become a Siteground reseller, since Siteground’s spiffy servers sold me on being their client. Siteground would provide a front end console for me to use, and consoles that my customers would use too to which I would apply my own logo and some custom pages. From the customer’s perspective, it looks like I have my own server room. The downside is that I would become responsible for any hosting issues. I would essentially be the support department, and I’m not available 24/7. I don’t want to get involved in the minutia of my client’s hosting, so I don’t expect to ever become a reseller, even though it would generate a good deal of passive income for my business.

The second way is that some web hosts are becoming virtual by using cloud providers. Who’s the number one host on the web? You probably don’t have to think too much: GoDaddy. You may be surprised to learn that in 2018, GoDaddy decided to move much of its hosting inside AWS. You can read why here. Basically, GoDaddy realized that AWS built a much better infrastructure. They can resell Amazon’s cloud services under their own label for less than they can maintain their own hosting centers. AWS has a sophisticated set of services and they have the fast connection and high reliability thing all figured out. This is not good news for GoDaddy’s hosting staff. Presumably most of them will be laid off at some point.

All this suggests that web hosting will be undergoing a fundamental transformation as hosts ditch their own hosting centers to find better reselling deals in the cloud. In short, your web host may become a virtual web host. If you host on GoDaddy, there’s a good chance it’s already virtual hosted on AWS.

Should you host in the cloud?

This does raise the question: why not just buy your hosting from a cloud vendor like AWS and skip a middle man? If you read my posts on cloud hosting, you’ll realize the main issue is that cloud hosting tends to be complicated to set up, maintain and troubleshoot, at least from the perspective of someone trying to get some web space without a lot of technical skills. Virtual web hosts like GoDaddy essentially become front ends for optimizing the hosting experience for people likely a lot like you who want the process to be simpler. So they offer 24/7 support, domain management and basic customer handholding while putting up a virtual front end that suggests they are doing all this themselves when in fact the technical infrastructure is outsourced to a major cloud vendor.

My bet is that at some point Siteground will do the same, in which case I will have less reason to use them. If I know a suite of virtual web hosts are all using AWS, for example, I can get choosier and choose a virtual host based on their support and the ease by which I can do things via their control panels. I can assume the reliability and speed will all be excellent since they are hosted in a professionally managed commercial cloud. Since I do have the technical skills to put my sites in a cloud like AWS, at some point I will probably just do that. I pay a premium primarily to call someone on the phone to resolve some technical issues. Right now the $20/month I pay for Siteground hosting for my domains is reasonable, even though I am guessing I could pay $10/month or less putting my sites in the cloud. I’d just have to fix any technical problems myself, and right now the cost difference doesn’t make it worth my time.

For most of you, this is probably true too. Price is certainly important when you decide who to host with, but ready support, easy interfaces to managing your sites and fast page load speeds probably matter more. At some point you either won’t know or won’t care if your web sites are actually in a major cloud vendor’s facilities somewhere. Virtual web hosts aren’t probably going to advertise this either.

If interested in Siteground hosting, use my affiliate link

If you are intrigued about my discussion of Siteground for web hosting, learn more on my rehosting page. If you decide to host with Siteground, please use my affiliate link. You won’t pay anything extra and I will earn a small commission.

Installing phpBB in the Google Cloud

Introduction

In this post I’ll go through the steps for installing phpBB in the cloud, Google’s cloud in this case. More specifically, I will show how to do it using their Google Compute Engine, which offers Infrastructure as a Service (IAAS). In this example I use the prebuilt (and free) Bitnami solution. It won’t get into advanced topics, like fine-tuning phpBB to run on the Google platform.

If you haven’t read my two posts on cloud computing, you should before trying any of this.

Creating a virtual machine on the Google Cloud

The first step is to create a virtual machine on the Google Cloud. This is your personal web server, but it is virtualized so that you have complete control over it, but it’s actually on a machine shared with many others. To create a virtual machine on the Google Cloud, you first need to have a Google Cloud account. No sweat there. Google will give new users a $300 credit to play with its infrastructure. Or you can use a micro instance at no cost. Here I show installing a micro instance of a virtual machine.

  1. Go to Google Cloud at https://cloud.google.com/.
  2. Create an account on the Google Cloud platform if you haven’t already. You might want to click on the Get started for free button if you are new to the Google cloud. If you have an account already, then click on the Console link near the top right corner of the page.
  3. On the blue navigation bar near the top, if you have any projects defined you will see a list of them. Regardless, open the dropdown to the left of the search field. Then select New project.
  4. Enter a project name in the field. I entered “My phpBB forum”. This is only for your reference and isn’t seen by the public. You probably don’t want to attach the project to an existing project since you are probably new to the Google Cloud. If so, ignore the Organization field. Then press the Create button.

 

Creating a new project on the Google Cloud platform
  1. Generally it takes a minute or two to create the project. Eventually a dashboard page appears for your new project.
  2. Under Getting Started, select Deploy a Pre-built solution.
  3. In the search field, type “phpBB“. One or more pre-built solutions may appear. If you click on a prebuilt solution, it will give you the estimated cost per month to run the solution. The actual cost depends on the traffic your site gets, how much you use in the way of Google’s resources, and whether your prebuilt solution comes with a monthly charge. I suggest picking “phpBB Certified by Bitnami“. Note that Bitnami does not charge a monthly usage fee, so your costs are solely based on the resources you use. The package contents on the left shows you what is installed by the solution. The operating system should be Debian (a version of Linux) and phpBB should be the most recent version. You will get an Apache webserver, a recent version of PHP, a MySQL community edition database as well as a few other tools, most noticeably phpMyAdmin, which lets you manipulate the database directly.
  4. Click on the Launch on Compute Engine button. You will get a screen that lets you configure the instance of your virtual server, which will include phpBB.
  • The Deployment name doesn’t matter, but should be something you will recognize
  • Zone is where the server hardware is physically located. Generally pick a zone close to you or where you expect a majority of your users will be.
  • Machine type directly affects cost. This can be changed later. The default micro instance is fine for getting started but probably not sufficient unless your forum is very lightly trafficked. You can choose micro, small, or a number of variations based on the number of virtual CPUs you need.
  • Boot disk size defaults to 10GB for the micro instance
  • Change other settings if desired, but it’s likely that the defaults are okay.
  • Finally, click the Deploy button. It will take a while for your virtual server to be deployed, but it will be created with phpBB installed.
Deploying a virtual machine on the Google Cloud platform
Deploying a virtual machine on the Google Cloud platform

Accessing the forum

After deployment, a number of useful links are on the right sidebar. Your phpBB forum is installed, but is only accessible by an IP address, ex: http://35.245.145.32/. Click on the Visit the Site button to login to phpBB, which is in the web root folder. The username to use is probably “user” and is in the sidebar. The password is below it. Write these down. You can get into the Administration Control Panel with the same username and password.

Accessing the virtual terminal

SSH (Secure shell) access is provided, but it is rudimentary. Click on the SSH dropdown button. It will open a pop up terminal window. You can enter any Linux commands here to administer your virtual server, as well as upload or download a file using the little wheel icon at the top right corner of the window. This is a convenient way to issue commands on your virtual server for occasional use. Since you can only upload or download one file at a time, it’s not a very practical interface for daily use.

Setting up SSH remotely

To use FTP productively, you will need to access SSH more easily using a terminal application on your local machine. This video may help in setting up a SSH connection.

Using FTP with a FTP client

Once your virtual machine has a set of SSH keys, you can access SSH remotely from your machine. But also you can now use Secure FTP to transfer files. The attached screenshot shows Filezilla configured for my virtual machine instance. Notice I’ve linked it to a key file created in the last step. This assumes you set up a BitNami instance of phpBB. You will find phpBB in the /opt/bitnami/apps/phpbb/htdocs directory

Filezilla setup with Google cloud
Filezilla setup with Google cloud

phpMyAdmin access

You may need to directly manipulate your database. You can do this from SSH if you are Linux savvy with the mysql command.

It is generally more convenient to use phpMyAdmin, a web-based tool for accessing MySQL and MariaDB databases. It takes some configuration to use it remotely, however. This article shows how to set up remote access to phpMyAdmin using the key file you acquired in your last step. The approach requires a proxy command like this that seems to work only as long as the process remains active and will look similar to this example:

ssh -N -L 8888:127.0.0.1:80 -i google-cloud-phpbb google-cloud-phpbb@35.245.145.32

To access it, you use the localhost IP of 127.0.0.1, essentially http://127.0.0.1:8888/phpmyadmin. To login use the credentials in your forum’s config.php file. You will have to sudo su root in the Google console to see the contents of the file.

To kill your local process, type CTRL-C.

Getting a static IP address

You start out with an ephemeral IP address that could change. If you want to attach a domain to your IP address, you should convert your ephemeral IP address into a static IP address. This document describes how to do this.

Creating nameservers and attaching your server to your domain

Next, you need to create some nameservers for your virtual server. This video documents how this is done:

Once you have nameservers defined, you go to your domain registrar and point the domain name to the nameservers created in the Google Compute Console. Then wait a few hours until the changes are broadcast to your local DNS server.

Next steps

Generally at this point you want to get phpBB configured. I won’t document here how to do these steps. Some of these might be:

  • Moving phpBB into a subdirectory. This is pretty easy to do with SSH access if you know Linux commands. You will need to change phpBB’s server settings, and possibly the cookie settings as well.
  • Add styles
  • Add extensions
  • Create forums, permissions and policies. phpBB’s documentation is voluminous but will tell you what you need to know.
  • Set up HTTPS. You may have to pay a bit extra for this service. See this page.

If you want to move your existing forum now to the Google Cloud platform, I can help. At this point though I don’t consider myself competent at tuning the Google Cloud for phpBB.

Basically you need to move the files and the database. Use FTP to move the files and an extract of the database. phpMyAdmin can be used to load the database in many cases. There are things that can trip up this process, such as if the PHP version is not the same between systems. I am happy to help in the process. See my rehosting page.

There is more to using the Google Cloud platform in phpBB that I may cover in future posts.

Why aren’t my private messages getting read?

phpBB is excellent forum software, but there are aspects of the way phpBB works that are not intuitive. One of these how it handles private messages, including private message notifications and how it stores and labels private messages.

Sending a private message

In phpBB, you can send a private message to a user from a convenient link on the navigation bar. In this example, the user “tester” is sending me a private message:

Once the submit button is pressed and the screen refreshes, and the just sent private message appears in the user’s outbox:

Receiving a private message

Now let’s look at it from the perspective of the email recipient. Here I login to my board. Notice the private message notification on the navigation bar, which appears unless this notification is turned off:

If I click on the private messages link, I can see the new and unread private message with the red unread private message icon next to it, to distinguish the private message as new:

I can click on it to view the message:

The act of viewing the private message marks it as read. From the sender’s side, this takes it out of their outbox. Now logged in as “tester”, see the difference:

How phpBB handles private messages

All this demonstrates the non-intuitive way that phpBB handles messaging. All private messages are stored in the database. But a “sent” private message is not considered “sent” until it is read by the recipient. Until then, it hangs around in your outbox because, I guess, phpBB does not assume it was actually delivered.

You are probably saying to yourself: “But this makes no sense.” And most people would agree with you. But that’s not how phpBB was designed. When you “send” the private message, a notification may be generated to the recipient. The notification can be an email notification, or just a notification that appears on the navigation bar when the recipient logs in, or both! But phpBB won’t consider it “sent” until it is read — it’s just an item in your outbox! To count it as read, the recipient must login to the forum and read it in the private message interface.

How notifications changed with phpBB 3.1

To make this all the more confusing, the phpBB group changed the way the notifications system works with phpBB 3.1. Previously, the default was to get email notifications when private messages were “sent” to you. Since phpBB 3.1, the default is now not to send an email notification. Instead, when you login in you will see private message notifications on the navigation bar.

If a user wants to get email new private message notifications, they have to reenable this feature. Doing so is not intuitive: User control panel > Board preferences > Edit notification options. See this screenshot for the checkbox that needs to be enabled:

So if this bothers you, you have to let your users know. Perhaps post a global announcement on the forum, or send a mass email to all users telling them how to change this setting. If you got hundreds or thousands of users, you may want to pay me to change this in your database for everyone. If so, send me a service inquiry.

This is just one of these quirks. All software has them, and this is one of those phpBB features that makes a lot of sense to the designers of phpBB, but little sense to the rest of us.

 

Breaking the GoDaddy domain registrar habit

I have never used GoDaddy hosting. This is in part because I have worked with so many clients who did use GoDaddy hosting, and it left a bad taste in my mouth.

The good news was that over the years GoDaddy’s hosting and support have improved from abysmal to acceptable. Their hosting now rates a solid C, which is not bad in the hosting business, and their support a solid B. You don’t usually have to wait long on hold when you need their tech support, and their support tends to be good.

I do use GoDaddy as my domain registrar, however. I do this because over the years I learned painfully that to divorce from a bad web host, it helps to keep your domain registrar separate from your web host. Move your files and databases to the new host, point your nameservers for your domains to the new web host and you have the equivalent of a Las Vegas divorce. It’s all done quickly and neatly.

It turns out though that GoDaddy’s domain services are pricey and annoying. If you’ve used GoDaddy, you no doubt learned they will try to upsell everything, and that includes domain management. While that is annoying, when I looked into it I discovered that they really charge quite a lot for their domain registry services. In fact, they are one of the most pricey registrars out there.

So I used the excuse of their latest bill for renewing a domain as an excuse to find a cheaper and less annoying registrar and move my business there. I’ve only got five domains but it looks like I should save at 33%-50% by moving to my new registrar, namesilo.com. Not only are their charges for domains significantly less than GoDaddy’s, but they throw in some very valuable extras.

For example, namesilo.com charges $8.99 a year for a .com domain, while GoDaddy charges $15.17. That’s a savings 33%, but the savings are comparable for other popular top-level domains.

I have a blog that I would just as soon not associate with me personally, in part because opinions expressed there might affect this business. The business me is strictly agnostic. I take on pretty much all clients as long as they will pay my rates and I don’t find their content personally offensive. I have worked on some adult sites if their content was clearly legal. This business is less than five percent of my total business.

For my blog, I would like to disassociate its domain from me personally. In case you don’t know, when you have a domain you have to fill in various contact information where you are supposed to enter your actual name and address. On GoDaddy, I paid $9.99/year for privacy protection so this information was not shown publicly. It comes at no charge though on namesilo.com. namesilo.com also offers free domain protection. This means someone can’t steal my domain. GoDaddy charges $5.00/year per domain for this service.

It takes about a week to transfer most domains. Transferring my domains also meant a bit of hassle: I had to unlock my domains, get transfer authorization codes for each domain and enter them into various web forms on the namesilo.com site. But it’s all straightforward, while generating a lot of emails from both registrars. namesilo.com works like most registrars: to transfer the domain you are essentially buying another year for the domain.

There’s no point in paying a lot of money to GoDaddy for domain services anymore. Nor do you have deal with GoDaddy’s constant and annoying upselling features. The support on namesilo.com was good when I tried it. It took only a few minutes to get them on their online chat system and they answered my question promptly.

 

Cloud service types and phpBB

Updated June 28, 2019

In a recent post I looked into putting phpBB in the cloud, the first in a series of related posts. In the first post I said that while it is possible to do it, phpBB is not a cloud-first software solution. There are advantages to putting phpBB in the cloud, such as scalability and potentially lower costs. But there are significant drawbacks for most forum administrators too, including almost no technical support and you must provide any system administration.

Cloud service are arranged around various service types. While the types can be breathtaking at times (look at Amazon’s many specialized web services) you can sort of lasso these into three types: IAAS (Infrastructure as a Service), PAAS (Platform as a Service) and SAAS (Software as a Service). As you will see, phpBB doesn’t fit neatly into any of these models.

IAAS (Infrastructure as a Service)

With IAAS, the cloud provider provides you with a set of basic tools and lets you have at it. The tools can be refined somewhat but generally you get an operating system (usually some variant of Linux), a web server (generally Apache) and a database (generally mySQL). The actual set of tools that you get depends on the package you select. In Amazon Web Services speak, this is the AMI (Amazon Machine Instance). Yes, there are AMIs for phpBB such as intuz’s and BitNami’s. However, these packages are not necessarily free. BitNami, for example, creates a “smart” integration of these tools along with other ones that are optimized for various cloud deployment patterns. You will probably be asked to pay for the privilege. A good package though it well thought out and cleverly integrated for maximum functionality and performance, and these phpBB AMIs should be finely tuned for phpBB. You might want to use one of these packages for an upfront cost and then rent it for a monthly fee.

Some packages/AMIs are free and come from a common library provided by the cloud vendor. You might want to install one of these instead. They likely won’t come as well integrated, but they will get the job done.

As much as an intelligent package/AMI helps, you still don’t get much in the way of handholding. You will generally get the most basic of control panels provided by the cloud provider and some SSH and database credentials. You are expected to know how to use SSH, FTP and relational databases. Of course as time goes on, your operating system, web server and database software will need updating. Generally, operating system and security upgrades are handled for you in the background. But you may be expected to figure out how to do this by yourself, so make sure you understand what will and won’t be done for you. It’s hard to escape doing some of your work using SSH and the Unix prompt.

If none of this intimidates you, IAAS is a great choice and probably cheaper than using a web host. But basically you are trading your own time and expertise to lower hosting costs, but as a bonus you should get a scalable cloud service to handle high and low demand periods, that is if you set it up right. There is an art to fine-tuning cloud service as you need to balance between potential high usage spikes and your budget.

PAAS (Platform as a Service)

In general, PAAS cloud services are oriented around developers. If you want to be the next Facebook, for example, PAAS will provide you not just with infrastructure as a service but also a set of development tools finely optimized for you to develop unique cloud services. They tend to be oriented around one or more programming languages, such as Java or PHP, and one or more deployment engines, such as Kubernetes. The nice thing about PAAS is that you don’t manage much. Should the Java J2EE engine need an update, that will be handled for you. Consequently, PAAS tends to cost more than IAAS. You and your development team are then free to focus on developing that next Facebook.

phpBB of course is a prepackaged software solution. You shouldn’t be developing anything, unless perhaps you are an extension developer like me. But if you are an extension developer like me, you don’t need to develop your extension using PAAS because phpBB is not typically deployed in the cloud. Instead, you have a local web development environment and do your development there. You might want to test it on a web server connected to the Internet, but you don’t need PAAS to do that.

So basically, using the PAAS cloud service type for phpBB makes no sense.

SAAS (Software as a Service)

In the SAAS model, you use a cloud provider to provide a software solution in the cloud. Perhaps the best known SAAS provider is Office 365. Why install Microsoft Office on a PC when you can run it as a cloud service instead? It’s a popular model that is making some companies like Adobe (and its Adobe Creative Suite) or Salesforce.com tons of money. They’ve already figured out an optimal solution and they are happy to rent it to you for a fixed cost per month. If you don’t need it anymore, you cancel your contract. In some cases, you do actually download some software on your PC that works optimally with these services in the cloud. Many developers using PAAS are actually hoping to market their solutions as SAAS. Since SAAS is deployed in the cloud, it is presumably finely engineered for optimal performance in all kinds of workloads.

The thing is, you can sort of get phpBB as SAAS already. phpBB has a knowledge base article on how to do it with Microsoft Azure. There are also a number of sites that allow you to create phpBB forums on their servers, which are often for free for low usage sites, sort of how you can host a blog on wordpress.com for free under a subdomain like myblog.wordpress.com. And if you have web hosting already, there is usually a scripting center that allows you to install phpBB. But are these really providing software as a service? They arguably don’t because once you install phpBB you generally don’t want to use it “out of the box”. You want to change the style, or add extensions, or do all sort of fine-tuning. If you don’t need to do these things, then maybe these “SAAS” services are what you need. They just aren’t really SAAS, since you can’t give your site this degree of customization, because there is no way to do this other than to use phpBB. And if you use phpBB you will need to be able to upload and edit files on your phpBB instance.

Conclusion

With a better understanding of the cloud service types, you should now understand why phpBB is so rarely placed in the cloud. At its root, it’s because phpBB is not a cloud-first product, and probably never will be. In a future post, I’ll look into deploying phpBB using IAAS to give you some idea of what you might be getting into.

 

Should I host phpBB in the cloud?

So I’ve been playing with cloud providers, most recently looking at the Google Cloud in context with a WordPress group that I belong to. But over the years I’ve also studied Amazon Web Services, the original cloud provider. There are other cloud providers but really the only other major player is Microsoft Azure. Host on another cloud and you may find out that it won’t last in the long term, or is not a real cloud service. My goal is to eventually demonstrate how to run phpBB in the cloud, starting with the Google Cloud that I am currently exploring, and bring you along for the ride.

Characteristics of cloud services

There are lots of definitions of cloud services and cloud computing. From the perspective of someone who owns and manages a forum, all you probably really want to know about it what makes these services different than your typical web host like Siteground or GoDaddy. You will get lots of answers. Last year I helped move a big forum to Amazon’s EC2 cloud service. I got some preliminary answer from that work. Some differences:

  • Cloud services are scalable. If you have a host like GoDaddy and you outgrow the resources you are allowed to use inside the scope of your contract, you will get a little leeway. But generally you will be asked to move up to a higher class of hosting. This contrasts with cloud services. Its architecture lets your site grow seamlessly, at least if you set it up right, scaling up by a factor of 100 or more as needed, and maybe dropping back down after demand eases. So if you expect to have a forum that will get suddenly very, very popular, hosting with a cloud service should be a big selling point. Whereas, moving to a higher class of hosting at GoDaddy is potentially a lot of hassle.
  • You don’t get handholding with cloud services. Don’t expect to have a support hotline or a phone number that you can call to reach someone to help you struggle with technical issues. You either brings these skills with you or pay someone to leverage them for you.
  • Cloud services are not for cheapskates. It’s not that cloud services are inherently more expensive than traditional hosts. In many cases, cloud hosting is the better buy because you pay for what you use. Cloud services are elastic to scale on demand, so sometimes your costs will go way up for a given month. That’s because you are getting a lot more traffic or are using a lot more space or require additional virtual CPUs. Very tech savvy people who have small sites might be able to host for free in “micro instances” of these cloud services. Here’s a video that shows how a tech savvy person can spin up a site on a cloud service for less than a dollar a month, providing you know your site’s usage will be minimal. But you really have to know what you are doing. 

Why to not use a cloud service

  • You’re not a techie and want to stay that way. If you are paying $20 a month to Siteground, for example, it will seem like a rip off if you can do the same thing for $1 a month on the Google Cloud and it fits in a micro instance. But in most cases, it’s not. With web hosts, someone else is managing the infrastructure, providing 24/7 support and they provide a host of tools like cPanel to easily do things like manage files, create backups and create email addresses. You are free to concentrate more on what matters: your site and its content, and leave the heavy lifting to a company which is probably doing it for hundreds of people using the same machine you are. Someone else worries about security patches, system upgrades and site vulnerabilities. Yes, often if you manage a phpBB forum, you do have to put your hands into the soil, so to speak. You might have to create email addresses or tweak something in a database, generally in a control panel like cPanel or Plesk. But that’s a whole lot easier than trying to upgrade a Linux kernel or managing an email server’s firewall rules.
  • You prefer fixed costs. You don’t like surprises, particularly financial surprises. With a contract and a good web host, you know what you are paying for, for how long, and what you can expect while you host with the provider.
  • You don’t need to worry about your site getting quickly popular. Your forum is not the next Instagram. It may grow some during the year and there may be some spikes in traffic here and there, but it’s manageable.
  • You like having tech support on speed dial. Hosts of course vary in the quality of the technical support they provide, but knowing you can call a technical person on the phone or chat with them online about some weird problem you are having is comforting.

With phpBB in particular, while it can be made to work in the cloud, it is not a cloud-first product. In truth, cloud-services are mostly for developers and large organizations. Generally they want the reliability and high “up time” that cloud services provide. Organizations use cloud services to mitigate their risks and lower costs; maintaining their own servers and technical support staff is expensive. Most of these organizations though do have developers. They are writing or maintaining systems or services to handle lots of needs, and most of these are proprietary, not using off the shelf software like phpBB. The exception is the Software as a Service model. Some companies like salesforce.com offer their solutions as services you can rent, and put their services in either a public or a private cloud of their own.

In my next post, I’ll look at the other two models cloud services offer, Platform as a Service and Infrastructure as a Service and explain why neither is a great match for phpBB. That said, sometimes you might want to put phpBB on one of these service types anyhow. We’ll explore why and the tradeoffs involved.

Solving phpBB forum permission issues

I have noted before that phpBB’s permission system is awesome. In one way though it’s a bit defective: it’s hard to troubleshoot issues with permissions, particularly forum permissions.

In this post, I’ll delve into solving forum permission issues. The general problem is that a user typically belongs to more than one group and different groups can have different forum permissions. If you are unfamiliar with the basic phpBB groups, you might want to read this post first. You can also create groups of your own and set forum permissions to those groups.

To solve these issues, you generally you need to start with a test case. This part at least is pretty easy because you usually have a user whose permissions are not working correctly, so you just need their username. You also need one or more forums where their permissions are off. You also need to know what permission isn’t working right, such as permissions to create new topics or reply to topics.

If you dig into phpBB’s documentation, it becomes a little clearer. On permissions, the documentation says:

  • YES will allow a permission setting unless it is overwritten by a NEVER.
  • NO will disallow a permission setting unless it is overwritten by a YES.
  • NEVER will completely disallow a permission setting for a user. It cannot be overwritten by a YES.

So essentially when the NEVER permission is set, it becomes a blocker overriding any other permissions.

Seeing all forum permissions for a user, forum and permission type

How do you see these forum permissions? You need a tool. The good news is that phpBB has just such a tool. The bad news is that they bury it. In fact, it could not be harder to find. In this example, I will use my development forum to see forum permissions for myself.

  1. Go into the Administration Control Panel
  2. Select the Permissions tab
  3. On the left sidebar, go way down to the bottom. You want View forum-based permissions. Click the link.
  4. Pick the forum or forums you want. In this example, I chose the “Your first forum” forum created by default when you create your board. I then pressed SUBMIT.
  5. Now I pick the user. There are various ways to do this with the interface for both users and groups. In this case I choose myself, with a username of “Mark D Hamill”. I entered the username in the “Find a member” field and pressed the View permissions button below the field. This brings up the Viewing permissions page. The colors you see on the permission tabs may vary from mine where the green boxes in each of the tabs basically say “This user or group has YES for ALL permissions under this tab”. Red means “This user or group has NEVER set for all permissions under this tab”. Blue means “This user or group has a mixture of permissions for the permissions in this tab.”
View permissions page
View permissions page
  1. I now want to check out a particular permission. You may have to hunt for the permission you want to check for the user and forum as it may be on a different tab. There is a tiny little icon to the left of each forum permission. That’s what you need to click on. In this case I want to see how permissions are determined for the Can start new topics permission.
Selecting a permission to check
Selecting a permission to check
  1. This generally brings up a popup window. If you don’t see a popup window, you may have to tell your browser to allow popups for the domain. Finally this brings up a useful screen:
Viewing a particular permission
Viewing a particular permission

Now you can see what’s going on for this particular user’s forum permission. Since I am both an administrator and a global moderator, I belong to both those groups, each of which has a group forum permissions too. By default, NO access is allowed to the forum for a user, so it is the first permission. But it is set to YES for Administrators, so the logic continues and the next group is tested. It is set to YES for Global moderators too, so the net permission is still YES. It is set to YES for registered users in this forum too, so it’s still YES. Finally, it looks for any user-specific forum permissions. None were granted, so this permission is NO, but since it is NO and not NEVER the overall YES permission still applied.

Fixing the underlying permission issue

With this tool, you should be able to determine where the root of the permissions issue lie from the variance from an expected permission from the actual permission. It’s usually a group permission that needs changing. The most likely solutions are:

  • A NO permission should be NEVER
  • A NEVER permission is blocking everything so it should be changed to NO
  • A NO or NEVER permission is incorrect and should be YES

So adjust the group or user permissions for the forum privilege accordingly. You can use this tool to check to see if the result is correct, or use the feature in the Administration Control Panel to test out a user’s forum permissions.

Usually in these cases, you cannot use the built-in forum roles. Rather you have to click on the Advanced link for each forum and group and change permissions that way instead.

In some cases, you can adjust the permissions for a forum role and have them trickle down accordingly, avoiding the need to use the advanced link when setting forum permissions. I’ll leave you to investigate this option if you want instead. It can get a little hairy to change these because it affects all forums where these permission roles are used.

Setting user-specific forum permissions is always a bad idea. Remove them if you can, and place these forum permissions in groups you create instead. Add people to these groups as necessary to get the desired behavior.

The newly registered users group permission quirk

There are some things that are definitely peculiar about phpBB’s permission system. Newly registered users are also in the registered users group. To start, this makes no sense. In the case of this user, “tester66”, because he is in the newly registered users group, the forum’s permissions for newly registered users does not allow them to start new topics. But because they actually are in the registered users group too, they can start new topics, the exact opposite of what you would expect! Note that in most cases, while a newly registered user can start a topic, it will be moderated before posting is allowed. This is because by default a newly registered users first three posts require moderation.

Newly registered users permission quirk
Newly registered users permission quirk

How do you solve this problem? You have to set the permission to NEVER for the newly registered users group by using the group forum permissions function. In it you select the Advanced link to fine tune the permission. After changing the permission, you can see the result:

Fixing the newly registered users group quirk
Fixing the newly registered users group quirk