SMF2.1:Server settings: Difference between revisions From Online Manual

Jump to: navigation, search
(minor grammar fix in Caching section)
(Enhanced grammar and removed contractions.)
 
(6 intermediate revisions by one other user not shown)
Line 6: Line 6:


==General==
==General==
*'''Forum Title''' - The name of your forum. You'll see this name in the titlebar of all your forum pages. It is also used as the name of the sender of email notifications as well as in the footer of each email message sent by your forum.
*'''Forum Title''' - The name of your forum. You will see this name in the titlebar of all your forum pages. It is also used as the name of the sender of email notifications as well as in the footer of each email message sent by your forum.
*'''Enable Maintenance Mode''' - Sets whether the forum is in maintenance mode. If ticked Maintenance mode will be activated, and then only administrators can use the forum as usual. Other users get a special message which can be composed below. The database may still be accessed for user authentication (to tell if the member is an administrator).
*'''Enable Maintenance Mode''' - Sets whether the forum is in maintenance mode. If ticked Maintenance mode will be activated, meaning that only administrators can access and use the forum. Other users see a special message which can be composed below. The database may still be accessed for user authentication (to discern whether the member is an administrator).
*'''Subject for display''' - Title for the ''Maintenance Mode'' message. This will be shown to users only if Maintenance mode is on.
*'''Subject for display''' - Title for the ''Maintenance Mode'' message. This will be shown to users only if Maintenance mode is on.
*'''Message for display''' - Description of why the forum is in maintenance mode. It will be shown to all visitors when Maintenance mode is enabled.
*'''Message for display''' - Description of why the forum is in maintenance mode. It will be shown to all visitors when Maintenance mode is enabled.
*'''Webmaster Email Address''' - Email address from which to send all topic notifications, personal message notifications, newsletters, etc. This address also receives database error warnings, should they occur.
*'''Webmaster Email Address''' - Email address from which to send all topic notifications, personal message notifications, and newsletters. This address also receives database error warnings, should they occur.
*'''Enable compressed output''' - This option will compress output to lower bandwidth consumption, but it requires zlib to be installed.
*'''Enable compressed output''' - This option will compress output to lower bandwidth consumption, but it requires zlib to be installed.
*'''Disable evaluation of templates''' - By default, templates are evaluated instead of just included. This helps with showing more useful debug information in case a template contains an error. On large forums however, this customized inclusion process may be significantly slower. Therefore, advanced users may wish to disable it.
*'''Disable hostname lookups''' - This disables host name lookups, which on some servers are very slow. Note that this will make banning less effective.
*'''Disable hostname lookups''' - This disables host name lookups, which on some servers are very slow. Note that this will make banning less effective.
*'''Forum SSL mode''' - If your server is not already secure, i.e. SSL (or using https), you can force it to be secure with this setting. However, note that changing this setting will change your forum's primary URL.
*'''Forum SSL mode''' - SSL mode became availabe in SMF with version 2.0.14 and up. If your server is not already secure, i.e. SSL (or using https), you can force it to be secure with this setting. However, note that changing this setting will change your forum's primary URL. Also note that most servers are sold with SSL these days.  
*'''Enable Image Proxy''' - This option enables the image proxy that will proxy images posted within [img] tags and linked forum avatars. This option is required for full HTTPS to avoid receiving mixed content warnings from browsers.
*'''Enable Image Proxy''' - This option enables the image proxy that will proxy images posted within [img] tags and linked forum avatars. This option is required for full HTTPS to avoid receiving mixed content warnings from browsers.
*'''Image Proxy Secret''' - An alphanumeric value that should kept secret. It protects your forum from hotlinking images and can be changed to render current hotlinked images useless.
*'''Image Proxy Secret''' - An alphanumeric value that should kept secret. It protects your forum from hotlinking images and can be changed to render current hotlinked images useless.
Line 21: Line 20:


==Database==
==Database==
This whole section needs to be updated to 2.1
'''<pre style="color: red">  **This section still needs to be updated - all the way down to Cookies and Sessions.**</pre>'''
*'''Database Server''' - Hostname or IP of the database server. If the database server is on the same machine as the web server, it's safe (and considerably more efficient!) to use 'localhost' for this setting. Otherwise, either an IP address or a web address (hostname) is required.  If a port number is required, use the appropriate format for your database server. So, if your database server is at dbinstance1.dbserver.com on port 3030
*'''Database Server''' - Hostname or IP of the database server. If the database server is on the same machine as the web server, it's safe (and considerably more efficient!) to use 'localhost' for this setting. Otherwise, either an IP address or a web address (hostname) is required.  If a port number is required, use the appropriate format for your database server. So, if your database server is at dbinstance1.dbserver.com on port 3030
** MySQL databases: dbinstance1.dbserver.com:3030
** MySQL databases: dbinstance1.dbserver.com:3030
Line 43: Line 42:
*'''Cookie Name''' - Name of the cookie to set for authentication purposes. Changing this value will cause everyone to be logged out.
*'''Cookie Name''' - Name of the cookie to set for authentication purposes. Changing this value will cause everyone to be logged out.
*'''Default login cookies length (in minutes)''' - The amount of time, in minutes, that the login form will use if no other amount is selected.
*'''Default login cookies length (in minutes)''' - The amount of time, in minutes, that the login form will use if no other amount is selected.
*'''Enable local storage of cookies''' - ''(SSI won't work well with this on.)'' SMF uses cookies to store login information on the client computer. Cookies can be stored globally (myserver.com) or locally (myserver.com/path/to/forum). Check this option if you're experiencing problems with users getting logged out automatically. Globally stored cookies are less secure when used on a shared webserver (like Tripod). Local cookies don't work outside the forum directory so, if your forum is stored at www.myserver.com/forum, pages like www.myserver.com/index.php cannot access the account information. Especially when using SSI.php, global cookies are recommended.
*'''Enable local storage of cookies''' - ''(SSI will not work well with this on.)'' SMF uses cookies to store login information on the client computer. Cookies can be stored globally (myserver.com) or locally (myserver.com/path/to/forum). Check this option if you are experiencing problems with users getting logged out automatically. Globally stored cookies are less secure when used on a shared webserver (like Tripod). Local cookies do not work outside the forum directory so, if your forum is stored at www.myserver.com/forum, pages like www.myserver.com/index.php cannot access the account information. Especially when using SSI.php, global cookies are recommended.
*'''Use subdomain independent cookies''' - ''(turn off local cookies first!)'' Makes log in cookies available across subdomains. For example, if...<br>Your site is at http://www.simplemachines.org/ and your forum is at <nowiki>http://forum.simplemachines.org/</nowiki>, using this option will allow you to access the forum's cookie on your site. Do not enable this if there are other subdomains (like hacker.simplemachines.org) not controlled by you.
*'''Use subdomain independent cookies''' - ''(turn off local cookies first!)'' Makes log in cookies available across subdomains. For example, if...<br>Your site is at http://www.simplemachines.org/ and your forum is at <nowiki>http://forum.simplemachines.org/</nowiki>, using this option will allow you to access the forum's cookie on your site. Do not enable this if there are other subdomains (like hacker.simplemachines.org) not controlled by you.
*'''Force cookies to be secure''' - ''(This only applies if you are using HTTPS - don't use otherwise!)'' Enabling this option will force the cookies created for users on your forum to be marked as secure. Only enable this option if you are using HTTPS throughout your site as it will break cookie handling otherwise!
*'''Force cookies to be secure''' - ''(This only applies if you are using HTTPS - don't use otherwise!)'' Enabling this option will force the cookies created for users on your forum to be marked as secure. Only enable this option if you are using HTTPS throughout your site as it will break cookie handling otherwise!
Line 49: Line 48:
*'''Force cookies to be sent only to first parties''' - The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context. For further information, please refer to [https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite MDN].
*'''Force cookies to be sent only to first parties''' - The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context. For further information, please refer to [https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite MDN].
*'''Use database driven sessions''' - This option makes use of the database for session storage - it is best for load balanced servers, but helps with all timeout issues and can make the forum faster.
*'''Use database driven sessions''' - This option makes use of the database for session storage - it is best for load balanced servers, but helps with all timeout issues and can make the forum faster.
*'''Allow browsers to go back to cached pages''' - Turning this on will decrease the bandwidth your forum uses, and make it so clicking back will not reload the page - the downside is that the (new) icons won't update, among other things. (unless you click to that page instead of going back to it.)
*'''Allow browsers to go back to cached pages''' - Turning this on will decrease the bandwidth your forum uses, and make it so clicking back will not reload the page - the downside is that the (new) icons will not update, among other things. (unless you click to that page instead of going back to it.)
*'''Seconds before an unused session timeout''' - This is the number of seconds for sessions to last after they haven't been accessed. If a session is not accessed for too long, it is said to have "timed out". Anything higher than 2400 is recommended.
*'''Seconds before an unused session timeout''' - This is the number of seconds for sessions to last after they have not been accessed. If a session is not accessed for too long, it is said to have "timed out". Anything higher than 2400 is recommended.
*'''Two-Factor Authentication''' - Admins can add a second level of security to their forum by enabling [https://en.wikipedia.org/wiki/Two_factor_authentication Two Factor Authentication]. 2FA forces users to add a enter a machine-generated code after the regular login. Admins need to configure 2FA for themselves before they can require it for other users!
*'''Two-Factor Authentication''' - Admins can add a second level of security to their forum by enabling [https://en.wikipedia.org/wiki/Two_factor_authentication Two Factor Authentication]. 2FA forces users to add a enter a machine-generated code after the regular login. Admins need to configure 2FA for themselves before they can require it for other users!


==Security==
==Security==
 
'''<pre style="color: red">  **This section still needs to be updated - including several undescribed items at the bottom of the list.**</pre>'''
*'''Failed login threshold''' - After this number of failed login attempts, members are redirected the password reminder page.
*'''Failed login threshold''' - After this number of failed login attempts, members are redirected the password reminder page.
*'''Days to keep login history''' - This is the number of days to keep the login history in the member profile. The default is 30 days. Setting for zero disables the login history.
*'''Days to keep login history''' - This is the number of days to keep the login history in the member profile. The default is 30 days. Setting for zero disables the login history.
Line 73: Line 72:


==Caching==
==Caching==
'''<pre style="color: red">  **This section still needs to be updated.**</pre>'''
On this page you can set-up caching of your forum.
On this page you can set-up caching of your forum.


Line 81: Line 82:
*'''Caching Level''' - Sets the caching level between 1 and 3.  No caching is also an option, but this is not recommended.
*'''Caching Level''' - Sets the caching level between 1 and 3.  No caching is also an option, but this is not recommended.
*'''Memcache settings''' - If you are using memecached you need to provide the server details. This should be entered as a list, with a comma separating each item, as is shown in the following example: server1,server2,server:port,server4. Note that if no port is specified, SMF will use port 11211. SMF will attempt to perform rough/random load balancing across the specified servers.
*'''Memcache settings''' - If you are using memecached you need to provide the server details. This should be entered as a list, with a comma separating each item, as is shown in the following example: server1,server2,server:port,server4. Note that if no port is specified, SMF will use port 11211. SMF will attempt to perform rough/random load balancing across the specified servers.
==Data Export==
'''<pre style="color: red">  **This is a new section for 2.1 which needs to be written by someone who understands what this feature does.**</pre>'''


==Load Balancing==
==Load Balancing==
'''<pre style="color: red">  **This section still needs to be updated.**</pre>'''
Please note: the settings below are to be edited with care. Setting any of them too low may render your forum unusable!
Please note: the settings below are to be edited with care. Setting any of them too low may render your forum unusable!
*'''Enable load balancing by load averages''' - by enabling this setting, SMF will begin checking the load of your server. Once the load reaches the thresholds you set in the following settings, SMF will begin showing an error message instead of the appropriate page. When the load lessens, the page will be usable again.
*'''Enable load balancing by load averages''' - by enabling this setting, SMF will begin checking the load of your server. Once the load reaches the thresholds you set in the following settings, SMF will begin showing an error message instead of the appropriate page. When the load lessens, the page will be usable again.
Line 91: Line 98:
*'''Threshold to disabling showing user posts''' - stops the forum from allowing users to view all member's posts at this threshold.
*'''Threshold to disabling showing user posts''' - stops the forum from allowing users to view all member's posts at this threshold.
*'''Threshold to disabling the forum completely''' - completely shuts down the forum. It will immediately show an error page and nobody will be able to do anything.
*'''Threshold to disabling the forum completely''' - completely shuts down the forum. It will immediately show an error page and nobody will be able to do anything.
==PHP Info==
'''<pre style="color: red">  **This section needs to be written for 2.1 update.
Specifically a brief comment about what benefit an admin can have for all this info, would be helpful.
Also please see https://www.php.net/manual/en/function.phpinfo.php for more detailed information.**</pre>'''


{{ {{Localized|As an administrator 2.1}}}}
{{ {{Localized|As an administrator 2.1}}}}

Latest revision as of 19:28, 17 December 2023

Under construction-48.png Work in progress, expect frequent changes. Under construction-48.png

Please see SMF1.1:Server settings, SMF2.0:Server settings or SMF2.1:Server settings depending on the version of SMF you are using.

The Server Settings section of the Administration Center allows you to change the basic settings for your forum. Be very careful with these settings, as they may render the forum dysfunctional if a setting is changed to an invalid value.

General

  • Forum Title - The name of your forum. You will see this name in the titlebar of all your forum pages. It is also used as the name of the sender of email notifications as well as in the footer of each email message sent by your forum.
  • Enable Maintenance Mode - Sets whether the forum is in maintenance mode. If ticked Maintenance mode will be activated, meaning that only administrators can access and use the forum. Other users see a special message which can be composed below. The database may still be accessed for user authentication (to discern whether the member is an administrator).
  • Subject for display - Title for the Maintenance Mode message. This will be shown to users only if Maintenance mode is on.
  • Message for display - Description of why the forum is in maintenance mode. It will be shown to all visitors when Maintenance mode is enabled.
  • Webmaster Email Address - Email address from which to send all topic notifications, personal message notifications, and newsletters. This address also receives database error warnings, should they occur.
  • Enable compressed output - This option will compress output to lower bandwidth consumption, but it requires zlib to be installed.
  • Disable hostname lookups - This disables host name lookups, which on some servers are very slow. Note that this will make banning less effective.
  • Forum SSL mode - SSL mode became availabe in SMF with version 2.0.14 and up. If your server is not already secure, i.e. SSL (or using https), you can force it to be secure with this setting. However, note that changing this setting will change your forum's primary URL. Also note that most servers are sold with SSL these days.
  • Enable Image Proxy - This option enables the image proxy that will proxy images posted within [img] tags and linked forum avatars. This option is required for full HTTPS to avoid receiving mixed content warnings from browsers.
  • Image Proxy Secret - An alphanumeric value that should kept secret. It protects your forum from hotlinking images and can be changed to render current hotlinked images useless.
  • Maximum file size of images to cache - Maximum image size that the image proxy will cache. This means that larger images will be not be cached. Cached images are stored in your SMF cache folder, so make sure you have enough free space.
  • Allow Stat Collection - If enabled, this will allow Simple Machines to visit your site once a month to collect basic statistics. This will help us make decisions as to which configurations to optimize the software for. For more information please visit our info page.

Database

  **This section still needs to be updated - all the way down to Cookies and Sessions.**
  • Database Server - Hostname or IP of the database server. If the database server is on the same machine as the web server, it's safe (and considerably more efficient!) to use 'localhost' for this setting. Otherwise, either an IP address or a web address (hostname) is required. If a port number is required, use the appropriate format for your database server. So, if your database server is at dbinstance1.dbserver.com on port 3030
    • MySQL databases: dbinstance1.dbserver.com:3030
    • PostgreSQL: dbinstance1.dbserver.com port=3030
  • Database Username - Name of the user connecting to the database.
  • Database Password - Password for access to the database server.
  • Database Name - The name of the database. This database must exist, and must have SMF's tables and data in it.
  • Database Tables Prefix - The prefix of the database tables. During installation, SMF will add about 30 tables to the database. Each of which will use the prefix that was configured during the installation procedure. For example, if the prefix is 'smf_', the tables will be given the names 'smf_attachments', 'smf_boards', 'smf_messages', etc. If you want to install another forum or software package in the same database, simply chose a different prefix, and the tables won't interfere with each other.
  • Use a persistent connection - Enable or disable persistent connections for connecting to the database. A persistent connection keeps the connection active to increase performance (although in many cases the gain is minimal). If you aren't on a dedicated server, this may cause you problems with your host.
  • Send emails on Database connection error - Enables or disables sending an email to the administrator on a database connection or query error. This function is limited to sending only one email per every three days.
  • Database username to use in SSI mode - Optional setting to use a different database user and password when you are using SSI.php.
  • Database password to use in SSI mode - Optional setting to use a different database user and password when you are using SSI.php.
  • Automatically fix broken tables - This will automatically fix broken tables and resume like nothing happened. This can be useful, because the only way to fix it is to REPAIR the table, and this way your forum won't be down until you notice. It does email you when this happens.
  • Maximum users online when optimizing (0 for no max.) -
  • Forum URL - The URL to your forum's directory, without the trailing slash (/). This URL is used throughout SMF - all dynamically generated URLs (except those with their own settings) are based on this setting.
  • SMF Directory - This sets the directory where SMF is installed. It's used to locate files like Settings.php, SSI.php, agreement.txt, and the Packages directory. No trailing slash (/) should be added.
  • Sources Directory - The path to where the source files are stored. No trailing slash (/) is allowed. It does not need to be the same as the above path. You can have your SMF Directory in one place and Sources Directory in another place if you want. For security, you may wish to place your Sources directory in a location that is not accessible by the web server.
  • Cache Directory - The path to the directory that is used to store cached files generated by SMF.

Cookies and Sessions

  • Cookie Name - Name of the cookie to set for authentication purposes. Changing this value will cause everyone to be logged out.
  • Default login cookies length (in minutes) - The amount of time, in minutes, that the login form will use if no other amount is selected.
  • Enable local storage of cookies - (SSI will not work well with this on.) SMF uses cookies to store login information on the client computer. Cookies can be stored globally (myserver.com) or locally (myserver.com/path/to/forum). Check this option if you are experiencing problems with users getting logged out automatically. Globally stored cookies are less secure when used on a shared webserver (like Tripod). Local cookies do not work outside the forum directory so, if your forum is stored at www.myserver.com/forum, pages like www.myserver.com/index.php cannot access the account information. Especially when using SSI.php, global cookies are recommended.
  • Use subdomain independent cookies - (turn off local cookies first!) Makes log in cookies available across subdomains. For example, if...
    Your site is at http://www.simplemachines.org/ and your forum is at http://forum.simplemachines.org/, using this option will allow you to access the forum's cookie on your site. Do not enable this if there are other subdomains (like hacker.simplemachines.org) not controlled by you.
  • Force cookies to be secure - (This only applies if you are using HTTPS - don't use otherwise!) Enabling this option will force the cookies created for users on your forum to be marked as secure. Only enable this option if you are using HTTPS throughout your site as it will break cookie handling otherwise!
  • Force cookies to be made accessible only through the HTTP protocol - Cookies won't be accessible by scripting languages, such as JavaScript. This setting can help to reduce identity theft through XSS attacks. This can cause issues with third party scripts but should be on wherever possible.
  • Force cookies to be sent only to first parties - The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context. For further information, please refer to MDN.
  • Use database driven sessions - This option makes use of the database for session storage - it is best for load balanced servers, but helps with all timeout issues and can make the forum faster.
  • Allow browsers to go back to cached pages - Turning this on will decrease the bandwidth your forum uses, and make it so clicking back will not reload the page - the downside is that the (new) icons will not update, among other things. (unless you click to that page instead of going back to it.)
  • Seconds before an unused session timeout - This is the number of seconds for sessions to last after they have not been accessed. If a session is not accessed for too long, it is said to have "timed out". Anything higher than 2400 is recommended.
  • Two-Factor Authentication - Admins can add a second level of security to their forum by enabling Two Factor Authentication. 2FA forces users to add a enter a machine-generated code after the regular login. Admins need to configure 2FA for themselves before they can require it for other users!

Security

  **This section still needs to be updated - including several undescribed items at the bottom of the list.**
  • Failed login threshold - After this number of failed login attempts, members are redirected the password reminder page.
  • Days to keep login history - This is the number of days to keep the login history in the member profile. The default is 30 days. Setting for zero disables the login history.
  • Disable administration security - This disables the extra admin login, for changing admin settings. It is not recommended to disable this.
  • Disable moderation security - This disables the extra moderator login. It is enabled by default (meaning that the extra moderator login is disabled).
  • Require reactivation after email change - Enabling this sends another account activation email, when a member changes their email address.
  • Require admin approval when member deletes account - If this is enabled, an admin must approve for a member to delete their own account.
  • Required strength for user passwords - With this an admin can set how strong their members' passwords should be. The High setting is recommended.
  • Allow password hash conversion - If this is enabled, SMF will attempt to detect passwords stored in other formats and convert them to the format SMF uses. Typically this is used when other kinds of forums have been converted to SMF; but it may have other uses as well. Disabling this prevents a user from logging in using their password after a conversion and they would need to reset their password.
  • Enable reporting of personal messages - This allows members to report abuses of the Personal Messages system, to admins.
  • Allow CORS (Cross Origin Resource Sharing)
  • Allow sending credentials over CORS
  • Additional CORS domains
  • Additional CORS headers
  • Frame Security Options
  • Reverse Proxy IP Header
  • Reverse Proxy Servers IPs

Caching

  **This section still needs to be updated.**

On this page you can set-up caching of your forum.

You should only enable caching if you know what you are doing, and if SMF detects that you have an accelerator installed. In Admin Center > Maintenance > Server Settings > Caching, you will see which accelerators you have installed. If you have none installed it will say "No Caching Detected!".

To set up an accelerator, select the cache level you want next to Caching Level. Also enter the Memcache settings into the next part. If you need more information, please contact your host regarding accelerators.

  • Caching Level - Sets the caching level between 1 and 3. No caching is also an option, but this is not recommended.
  • Memcache settings - If you are using memecached you need to provide the server details. This should be entered as a list, with a comma separating each item, as is shown in the following example: server1,server2,server:port,server4. Note that if no port is specified, SMF will use port 11211. SMF will attempt to perform rough/random load balancing across the specified servers.

Data Export

  **This is a new section for 2.1 which needs to be written by someone who understands what this feature does.**

Load Balancing

  **This section still needs to be updated.**

Please note: the settings below are to be edited with care. Setting any of them too low may render your forum unusable!

  • Enable load balancing by load averages - by enabling this setting, SMF will begin checking the load of your server. Once the load reaches the thresholds you set in the following settings, SMF will begin showing an error message instead of the appropriate page. When the load lessens, the page will be usable again.
  • Threshold to disabling automatic database optimization - stops the forum from doing database optimizations at this threshold.
  • Threshold to disabling search - stops the forum from allowing searching at this threshold.
  • Threshold to disabling all unread topics - stops the forum from allowing members to view their unread topics at this threshold.
  • Threshold to disabling unread replies - stops the forum from allowing members to view their unread replies at this threshold.
  • Threshold to disabling showing user posts - stops the forum from allowing users to view all member's posts at this threshold.
  • Threshold to disabling the forum completely - completely shuts down the forum. It will immediately show an error page and nobody will be able to do anything.

PHP Info

  **This section needs to be written for 2.1 update. 
Specifically a brief comment about what benefit an admin can have for all this info, would be helpful. 
Also please see https://www.php.net/manual/en/function.phpinfo.php for more detailed information.**


Main

Configuration

Forum

Members

Maintenance

Miscellaneous




Advertisement: