Permissions for uploads folder?

lega4 · July 12, 2024, 7:21pm

First I tried to run Discourse with semi-default settings and it worked quite fine, I was able to upload files as well as do other stuff.

Then I realized the path in app.yml was /var/discourse and I updated it to /var/www/discourse, stopped and destroyed the container, removed the previous folder completely. And I have it up and running again… but I noticed now I cannot upload files any more.

What kind of permissions does uploads folder need? I can do some changes manually, but I’d like to know what exactly and whether it’s fine in general (shouldn’t the launcher take care of setting right permissions, especially when launched from scratch?)

IN the logs I have nginx errors like

2024/07/12 19:11:23 [crit] 76#76: *160552 stat() “/var/www/discourse/public/uploads/default/original/1X/971c712ff3f1758abc63ac777ad708042cc41ddf.png” failed (13: Permission denied), client: 172.17.0.1, server: _, request: “GET /phorum/uploads/default/original/1X/971c712ff3f1758abc63ac777ad708042cc41ddf.png HTTP/1.0”, host: “myhost.com”, referrer: “https://myhost.com/phorum/admin/site_settings/category/branding”

Permissions on uploads are like:

drwxr--r--+ 3 discourse www-data 21 Jul 12 11:47 uploads

pfaffman · July 12, 2024, 7:42pm

That’s whats recommended.

The /var/www/discourse path is the path to discourse inside the container. /var/discourse is the normal path for Discourse_docker outside the container.

Since you just started, I would likely recommend that you just start over and don’t rename anything this time.

My guess is that you didn’t update the path in your app.yml and so it’s trying to access something that doesn’t exist.

lega4 · July 12, 2024, 7:44pm

I have many other projects on this server and they’re all are nicely located in my /var/www folder, so I prefer to keep it like this And I don’t care how it is inside the container.

But I did update it? In mounts, or where else should it go?

Jagster · July 12, 2024, 7:49pm

Sorry, can’t help. But I’m totally sure you don’t have Nginx there Situation is same with docker container.

lega4 · July 12, 2024, 7:50pm

Sorry, I’m not getting, which nginx? The logs are from Discourse nginx, my SSL-terminating nginx is above it.

Jagster · July 12, 2024, 7:53pm

Exacly my point. Because your reverse proxy nginx isn’t in that path why should docker container be.

But a container lives its own life and path to container should not affect what its Nginx does. Did you change something else too?

Jagster · July 12, 2024, 8:02pm

I checked what I have:

lrwxrwxrwx 1 root root 15 Jul 12 10:10 uploads -> /shared/uploads

And as an example one image on /var/www/discourse/public/uploads/default/original/1X looks like that:

-rw-r--r-- 1 discourse www-data 7100 May 19 2022 08335563eac3a393e60a902d4d38cffdfa6d967d

That much I know. Because otherwise Docker is one very huge mystery for me

lega4 · July 12, 2024, 8:08pm

So basically world-writable? Isn’t it considered bad for security?

pfaffman · July 12, 2024, 8:09pm

You really don’t want to run the risk of serving your secrets in your app.yml to the world.

Jagster · July 12, 2024, 8:10pm

Inside docker? I don’t think so. And… I don’t care because all of that is planned and made by CDCK and I trust they know what they do

lega4 · July 12, 2024, 8:12pm

Sure, but I’m not serving anything

Permissions are the same regardless whether inside/outside. And uploads folder is mounted.

lega4 · July 13, 2024, 9:58am

Okay, nothing worked, so I ended up changing permissions for uploads folder to 755 and it’s fine now. After rebuild it seems the uploads themselves were okay (from the engine side), however nginx was not able to read those.

Jagster · July 13, 2024, 11:27am

I don’t totally understand why you are doing all this. It is your choise to put container in the path that will be wordwide visible if you do a small mistake, but that is your choise. But everything else… why?

To have a reverse proxy front of Discourse is really trivial and otherwise your setup would be a standard install without all that hazzle. Sure, if you want to play and that is your hobby, but quite soon someone will pop-up and say you can get support only for standard install and the biggest issue is anyone actually doesn’t know what you have done. Or why.

lega4 · July 13, 2024, 11:30am

What “this”? I have relatively standard setup And I’m trying to fix the issue.

pfaffman · July 13, 2024, 11:36am

If you want you can upload a file and see what it’s permissions are and copy that.

Maybe upload a few and then do

 find uploads -ls |less

Jagster · July 13, 2024, 11:39am

You are fixing an issue you got when you started to do something else what a standard one needs. Even with reverse proxy.

That’s why you are quite far away standard Because there is two options

you have a bug in your hands that no one else has
you did something funny

Perhaps it is a bug. And you have confirmed it making a standard install using safe (in so many ways) path and at same time connecting your reverse proxy proper way. Because if it is still broken I can bet the issue is in virtual host and/or ports. But if it works… then we are back on option ”funny” — where no one knows what you did.

Do you see the problem here?

Either way — using a reverse proxy leads to no support… that’s policy here. But yet another users can and quite often will help,

system · August 12, 2024, 11:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Errors encountered when uploading images support	13	1871	April 5, 2021
Backup failure when temp backup file is moved to backups/default directory installation backups	5	344	January 29, 2024
Max upload size error support	8	290	August 30, 2024
Unable to upload the backup for restore on a new instance support	5	616	April 11, 2021
Blank Page After installing Discourse on Subfolder installation	9	1499	September 5, 2018

Permissions for uploads folder?

Related Topics