Open wlcx opened 1 year ago
We need to add NGINX to the Pixelfed group I guess.
Le mer. 31 mai 2023 à 09:58, Sam W @.***> a écrit :
Describe the bug
The Pixelfed nixos module results in a configuration where the web server is unable to read the uploaded user images.
Media files are uploaded as the pixelfed user, with file mode 0700
Nginx is then unable to serve those files - e.g
May 31 08:47:57 pixelfed nginx[456]: 2023/05/31 08:47:57 [crit] 456#456: *123 stat() "/nix/store/7bm468m2n4f0pljngwv6ad58283m6l6a-pixelfed-pixelfed/public/storage/m/_v2/568711314458775553/c537ce87c-f5971d/SQE7yPyNuyOo/K3yL7HIA4HazNkCmvJENwANOay7klGFqM6SJFUnZ.jpg" failed (13: Permission denied), client: 192.168.101.2, server:
, request: "GET /storage/m/_v2/568711314458775553/c537ce87c-f5971d/SQE7yPyNuyOo/K3yL7HIA4HazNkCmvJENwANOay7klGFqM6SJFUnZ.jpg HTTP/1.1", host: " " This comes up in issues on the pixelfed repo, e.g pixelfed/pixelfed#3801 https://github.com/pixelfed/pixelfed/issues/3801 - the common solution seems to be to run the pixelfed php fpm and the web server as the same user.
I am running Pixelfed in a nixos container, but I don't think this should affect anything? Steps To Reproduce
Steps to reproduce the behavior:
- Configure a pixelfed instance
- Upload a post
- Try to view that post (federated or locally)
Notify maintainers
@RaitoBezarius https://github.com/RaitoBezarius
— Reply to this email directly, view it on GitHub https://github.com/NixOS/nixpkgs/issues/235147, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACMZRFTWYPBOMOJJ2UDUMLXI323TANCNFSM6AAAAAAYVB6JZE . You are receiving this because you were mentioned.Message ID: @.***>
Looks like this might be fixed in 0.11.8! https://github.com/pixelfed/pixelfed/commit/22da2647c7f28f7e1d6a588f4549c3326aee9356
We need to add NGINX to the Pixelfed group I guess.
It already is by default, the issue is that files/directories get created with no group read permission. But as per above comment, looks like a version bump might fix this :)
This is still an issue for me, even after the bump to 0.11.8 here: https://github.com/NixOS/nixpkgs/pull/238307
My theory is that Pixelfed still sets incorrect permissions for images created in app/public. The fix that @wlcx linked to https://github.com/pixelfed/pixelfed/commit/22da2647c7f28f7e1d6a588f4549c3326aee9356 only fixes the permissions for images stored as "local", and not as "public": https://github.com/pixelfed/pixelfed/blob/dev/config/filesystems.php#L61
The the pixelfed-module seems to store the images in storage/app/public/.../ which is why I think that they are getting the incorrect permissions.
That is at least my thoughts on it without doing too much digging around.
Yeah I think I'm seeing this too.
I tried adding "FILESYSTEM_DRIVER" = "local" to the pixelfed settings, as detailed in https://docs.pixelfed.org/technical-documentation/config/#filesystem_driver
But it had no effect at all. It's also a bit confusing since "local" is the default, but the path where the images are stored makes it seem like "public" is used.
Can confirm still reproduces on 0.11.11 (i.e. as of nixos-23.11). storage
is 0750, as is storage/m
, but storage/m/_v2
is 0700, as are its subdirectories and files.
Argh, I missed the reopening. I will take a look again when I can.
Describe the bug
The Pixelfed nixos module results in a configuration where the web server is unable to read the uploaded user images.
I am running Pixelfed in a nixos container, but I don't think this should affect anything?
Steps To Reproduce
Steps to reproduce the behavior:
Notify maintainers
@RaitoBezarius