Private files - 404 Not found nginx

Frappe Framework
1

I was trying the latest feature of private files,

  1. I attached a file and set it private while uploading.
  2. Open the file via file manager and shared it with me with read and write access
  3. when I click download [site/private/files/File.png] I get 404 Not Found nginx error
  4. I did bench setup nginx and sudo service nginx reload, yet there is same error.

PrivateFile-404NotFound.png517Ă—542 21.1 KB

1 Like
2

Could not replicate in my local

3

My config/nginx.conf on DigitalOcean Droplet


server_names_hash_bucket_size 64;

upstream frappe {
    server 127.0.0.1:8000 fail_timeout=0;
}

upstream socketio-server {
    server 127.0.0.1:3000 fail_timeout=0;
}









server {
		listen 80  default ;
		client_max_body_size 4G;
					server_name frappe_default_site;
		
		keepalive_timeout 5;
		sendfile on;
		root /home/erpnext/frappe-bench/sites;

		location /private/ {
			internal;
			try_files /$uri =424;
		}

		location /assets {
			try_files $uri =404;
		}

		location /socket.io {
			proxy_pass http://socketio-server;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
						proxy_set_header X-Frappe-Site-Name site.in;
						proxy_set_header Origin $scheme://$http_host;
			proxy_set_header Host $host;
		}

		location / {
			try_files /site.in/public/$uri @magic;
		}

		location @magic {
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
						proxy_set_header X-Frappe-Site-Name site.in;
						proxy_set_header Host $host;
			proxy_set_header X-Use-X-Accel-Redirect True;
			proxy_read_timeout 120;
			proxy_redirect off;
			proxy_pass  http://frappe;
		}
	}

even entering “site.in/private/” in url (with trailing forward slash) results into Nginx 404
entering “site.in/private” in url (no trailing forward slash) results in frappe “Page missing or moved”

4

Special characters may cause issues. did you try a basic file name? like test.pdf?

5

tried same with “file.png”,
yet it is same error - Not Found nginx

What could be wrong?

6

As backups also saved under private/ I tried to download backups with desk#backups the url shows site.in/backups/20151209_86163319_database.sql.gz. On clicking it goes to a blank page.

Console:

GET http://site.in/backups/20151209_86163319_database.sql.gz 424 (OK)
Navigated to http://site.in/backups/20151209_86163319_database.sql.gz

I changed url to site.in/private/backups/20151209_86163319_database.sql.gz resulting to 404 Not Found

Console:

GET http://site.in/private/backups/20151209_86163319_database.sql.gz 404 (Not Found)
Navigated to http://site.in/private/backups/20151209_86163319_database.sql.gz
7

@revant_one

Thanks for reporting this!

bench update
bench setup nginx
sudo service nginx reload
9

I believe backup folder should stay unreachable as it is now. Backups contain sensitive information including income to personal data.

10

@ferohers backup folder is only accessible via the browser to the system manager

11

Hi all,

first of all nice job so far… I start to love ERPnext

similar error here,

after update and checking out the new is_privat in files I get back an 500 error

2015/12/09 23:56:12 [error] 12920#0: *115 rewrite or internal redirection cycle 
while redirect to named location "@magic", client: 192.168.178.20, 
server: erpdev, request: "GET /private/files/Desert.jpg HTTP/1.1", 
upstream: "http://127.0.0.1:8000/private/files/Desert.jpg", host: "erp:81",
referrer: "http://erp:81/desk"
2015/12/10 00:23:07 [error] 12917#0: *271 rewrite or internal redirection cycle
while redirect to named location "@magic", client: 192.168.178.20, 
server: erpdev, request: "GET /private/files/Chrysanthemum.jpg HTTP/1.1", 
upstream: "http://127.0.0.1:8000/private/files/Chrysanthemum.jpg", host: "erp:81", 
referrer: "http://erp:81/desk"

its a fresh site install

any ideas?

Thank you

12

After updating nginx config with bench setup nginx and reloading nginx sudo service nginx reload I am also getting 500 Internal Server Error

Console:

Failed to load resource: the server responded with a status of 500 (Internal Server Error)
file.png:1 GET http://site.in/private/files/file.png 500 (Internal Server Error)
Navigated to http://site.in/private/files/file.png```

error.log

2015/12/10 06:30:02 [error] 12945#0: *422 rewrite or internal redirection cycle while redirect to named location "@magic", client: 123.123.123.123., server: frappe_default_site, request: "GET /private/files/file.png HTTP/1.1", upstream: "http://127.0.0.1:8000/private/files/file.png", host: "site.in"

Update:
Logging out and trying to access the file gives appropriate 403 (Forbidden Error).
Only when logged in and trying to access the file.png I get the 500 (Internal Server Error)

13

@revant_one Thanks again! We have fixed this.

bench update
bench setup nginx
sudo service nginx reload
2 Likes
14

Everything working as expected!

Thanks!

15

Logging in shows private files and logging out shows 403 as expected.

All users when logged in are able to see all private files. Is it as expected?

16

I think this should be expected… at least all desk users should be able to see the files
maybe there could be a nother option for “personal” files that only for the owner
and a group based criteria but me for example Im happy as it is now
if all desk users can see the file when logged in and all guests and websiteusers cant

17

@revant_one @spa

The user will be able to see the file if:

  1. user has permission on the parent doc
  2. user has explicit permission on the file via share

Else, they won’t be able to access the file.

1 Like
18

@anand

makes perfect sense so far

Thank you!

19

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.