+Kanboard with Nginx, HTTPS, SPDY and PHP-FPM
+This installation example will help you to have the following features:
+- Latest stable nginx version
+- HTTPS only with a valid certificate
+- [SPDY protocol]( activated
+- PHP 5.5 with php-fpm
+- Recommended security parameters
+- File uploads with a 10MB file size limit
+This procedure is written for **Ubuntu 14.04 LTS** but it should be similar for any Linux distribution.
+For this setup, we suppose that only Kanboard is installed on the server.
+It can be a small virtual machine by example.
+Kanboard detect automatically the utilization of HTTPS and enable some extra features:
+- [HTTP Strict Transport Security](
+- [Secure Cookie Flag](
+PHP 5.5 Installation
+sudo apt-get install php5-fpm php5-cli php5-sqlite
+You can also install `php5-mysql` if you prefer to use Kanboard with Mysql or MariaDB.
+Customize your `/etc/php5/fpm/php.ini`:
+; Security settings
+expose_php = Off
+; Log errors
+error_reporting = E_ALL
+display_errors = Off
+log_errors = On
+html_errors = Off
+error_log = syslog
+; File uploads
+upload_max_filesize = 10M
+post_max_size = 10M
+Restart PHP background processes:
+sudo service php5-fpm restart
+Nginx Installation
+We want the latest stable version of nginx to be able to use the SPDY protocol.
+Hopefully, there is PPA for Ubuntu (unofficial):
+sudo add-apt-repository ppa:nginx/stable
+sudo apt-get install nginx
+Generate a SSL certificate
+We want a SSL certificate that work everywhere, not a self-signed certificate.
+You can buy a cheap one at [Namecheap]( or anywhere else.
+Here the different steps to configure your certificate:
+# Generate a private key
+openssl genrsa -des3 -out kanboard.key 2048
+# Create a key with no password for Nginx
+openssl rsa -in kanboard.key -out kanboard.key.nopass
+# Generate the Certificate Signing Request, enter your domain name for the field 'Common Name'
+openssl req -new -key kanboard.key.nopass -out kanboard.csr
+# Copy and paste the content of the CSR to the Namecheap control panel and finalize the procedure
+cat kanboard.csr
+# After that, you receive by email your certificate, then concat everything into a single file
+cat kanboard.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > kanboard.pem
+Copy the certificates in a new directory:
+mkdir /etc/nginx/ssl
+cp kanboard.pem /etc/nginx/ssl
+cp kanboard.key.nopass /etc/nginx/ssl
+chmod 400 /etc/nginx/ssl/*
+Configure Nginx
+Now, we can customize our installation, start to modify the main configuration file `/etc/nginx/nginx.conf`:
+user www-data;
+worker_processes auto;
+pid /run/;
+events {
+ worker_connections 1024;
+http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ server_tokens off;
+ # SSL shared cache between workers
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+ # We disable weak protocols and ciphers
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+ # We enable the Gzip compression for some mime types
+ gzip on;
+ gzip_disable "msie6";
+ gzip_vary on;
+ gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+Create a new virtual host for Kanboard `/etc/nginx/sites-available/kanboard`
+server {
+ # We also enable the SPDY protocol
+ listen 443 ssl spdy;
+ # Our SSL certificate
+ ssl on;
+ ssl_certificate /etc/nginx/ssl/kanboard.pem;
+ ssl_certificate_key /etc/nginx/ssl/kanboard.key.nopass;
+ # You can change the default root directory here
+ root /usr/share/nginx/html;
+ index index.php;
+ # Your domain name
+ server_name localhost;
+ # The maximum body size, useful for file uploads
+ client_max_body_size 10M;
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ error_page 404 /404.html;
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+ # PHP-FPM configuration
+ location ~ \.php$ {
+ try_files $uri =404;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_index index.php;
+ include fastcgi.conf;
+ }
+ # Deny access to the directory data
+ location ~* /data {
+ deny all;
+ return 404;
+ }
+ # Deny access to .htaccess
+ location ~ /\.ht {
+ deny all;
+ return 404;
+ }
+Now it's time to test our setup
+# Disable the default virtual host
+sudo unlink /etc/nginx/sites-enabled/default
+# Add our default virtual host
+sudo ln -s /etc/nginx/sites-available/kanboard /etc/nginx/sites-enabled/kanboard
+# Check the config file
+sudo nginx -t
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+nginx: configuration file /etc/nginx/nginx.conf test is successful
+# Restart nginx
+sudo service nginx restart
+Kanboard Installation
+You can install Kanboard in a subdirectory or not, it's up to you.
+cd /usr/share/nginx/html
+sudo wget
+sudo unzip
+sudo chown -R www-data:www-data kanboard/data
+sudo rm
+Now, you should be able to use Kanboard with your web browser.
