I have installed nginx on Ubuntu 12.04. However, nginx does not seem to follow symlinks. I understand that there is a config change required for this but I am not able to find where to make the change. Any help appreciated.
1
- 1serverfault.com/a/848526/119666 was interesting to meRyan– Ryan2019-10-24 17:23:05 +00:00Commented Oct 24, 2019 at 17:23
Add a comment |
4 Answers
Have a look at the following config option from nginx docs:
Syntax:
disable_symlinks off; disable_symlinks on | if_not_owner [from=part];Default: disable_symlinks off;
Context: http, server, location
This directive appeared in version 1.1.15.
4 Comments
Ingwie Phoenix
O.o very strange. I am on 1.6.1 and am getting an "unknown directive" error with this. I was using it as
location / { disable_symlinks off; }. Any reason why this happens?
user1226868
You need to use this option in your
nginx.conf configuration, not your website configuration. Edit /etc/nginx/nginx.conf and place the disable_symlinks off; in the http block.
cnst
This is a pretty bad answer, because
off is already the default. In other words, by default, all symlinks are already followed; not following symlinks is an extra security feature (that's off by default).
Gustavo Pinsard
This is NOT a "pretty bad answer", as it shows and even provides a link to the docs. A default can change from distro to distro, so, assuming the default works in every case is what can be considered a bad practice.
In my case nginx was already configured to follow symbolic links. But the issue was the user nginx could not access my home files and therefore symbolic link to my home directory was not working.
Example
Suppose we have symbolic link /usr/share/nginx/www/mylink -> /home/u/html
cd /usr/share/nginx/www mkdir -p /home/u/html sudo ln -sv /home/u/html mylink # creates mylink -> /home/u/html Give permissions
Give the read and execute permissions using chmod and find:
chmod +rx /home/u chmod +rw /home/u/html find /home/u/html/php -type d -exec chmod +rx {} + find /home/u/html/php -type d -exec chmod +w {} + # optional Notes:
The permission
xis named execute. But when applied to a directory, this permission allows to recurse the directory tree (see Unix modes).The command
find ... -exec chmod ...recursively changes the permissions. We could also use the commandchmod -R +rx /home/myuser/htmlbut this last command also gives the execution permission to all regular files, and we do not want that. The option-type dexecutechmodto only directories.The last optional command gives write permission if your PHP scripts require to write data. Try to limit write permission to only required directories for security reasons.
Test
No need to restart ngnix, just press Ctrl+F5 in your browser.
Caution: It is not recommended to create symbolic links pointing to your home directory because a mistake on read/write access or a wrong symbolic link may expose your digital data...
Reference: Arch wiki on nginx
2 Comments
freeforall tousez
x is execute iirc, not search
Jonathan
I had the same problem. As you mentioned the best solution in terms of security is to move the files out of the user directory. A good place it /var/xxx. This solution is working for me and does make things feel more secure.
If you nginx work in docker and symlinks follow to path of your host, you need append volumes with need path.
$cat docker-compose.yml
... volumes: - /var/www/html/repo:/var/www/html/repo:ro #path with symlinks - /repo:/repo:ro #path with direction of symlinks ... $cat /etc/nginx/conf.d/default.conf
... location / { root /var/www/html/repo; ... 
Comments
if olibre's answer doesn't help edit the file /etc/nginx/sites-available/default and add this line where you've specified your server root directory.
autoindex on; save the file and restart server
/etc/init.d/nginx restart 
2 Comments
Fergie
autoindex gives permission to nginx to generate a list of files in a directory
redanimalwar
And source for the claim that this setting that does something different makes symlinks works?