<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Aug 3, 2021 at 11:37 PM Maxim Dounin <<a href="mailto:mdounin@mdounin.ru">mdounin@mdounin.ru</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello!<br>
<br>
On Tue, Aug 03, 2021 at 09:13:06PM +0530, Kaushal Shriyan wrote:<br>
<br>
> On Mon, Aug 2, 2021 at 11:18 PM Maxim Dounin <<a href="mailto:mdounin@mdounin.ru" target="_blank">mdounin@mdounin.ru</a>> wrote:<br>
> <br>
> > On Mon, Aug 02, 2021 at 09:12:59PM +0530, Kaushal Shriyan wrote:<br>
> ><br>
> > > I am running nginx version: nginx/1.20.1 on CentOS Linux release 7.9.2009<br>
> > > (Core). When I am accessing<br>
> > ><br>
> > <a href="https://dsmadeveloperportal.mydomain.com/sites/default/files/2020-08/dsmaAccount%20and%20Transaction%20API%20Specification_2_1.yml" rel="noreferrer" target="_blank">https://dsmadeveloperportal.mydomain.com/sites/default/files/2020-08/dsmaAccount%20and%20Transaction%20API%20Specification_2_1.yml</a><br>
> > ,<br>
> > > I am encountering 404 Not Found while accessing it. On the server, the<br>
> > > file is there<br>
> > ><br>
> > > #ls -l<br>
> > ><br>
> > "/var/www/html/dacdeveloperportal/web/sites/default/files/2020-08/dsmaAccount<br>
> > > and Transaction API Specification_2_1.yml"<br>
> > > -rwxrwxrwx 1 nginx nginx 418867 Aug 2 05:21<br>
> > ><br>
> > /var/www/html/dacdeveloperportal/web/sites/default/files/2020-08/dsmaAccount<br>
> > > and Transaction API Specification_2_1.yml<br>
> ><br>
> > [...]<br>
> ><br>
> > > root /var/www/html/dsmadeveloperportal/web;<br>
> ><br>
> > Note this does not match the file location, "dsma" vs "dac".<br>
> ><br>
> > Note well that additional useful information can be found in nginx<br>
> > error log. Looking into error log usually greatly simplifies<br>
> > debugging problems like this.<br>
<br>
[...]<br>
<br>
> Thanks for the email. Apologies for sharing the incorrect file path, there<br>
> was a typo error in the file path. Please ignore it.<br>
> The correct file path is as below:-<br>
<br>
[...]<br>
<br>
> 2021/08/03 09:55:07 [debug] 3405#3405: *6 http uri: "/sites/default/files/2021-08/Account and Transaction API Specification_2_1.yml"<br>
<br>
[...]<br>
<br>
> 2021/08/03 09:55:07 [debug] 3405#3405: *6 test location: ~ "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"<br>
> 2021/08/03 09:55:07 [debug] 3405#3405: *6 using configuration "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"<br>
> 2021/08/03 09:55:07 [debug] 3405#3405: *6 http cl:-1 max:1048576<br>
> 2021/08/03 09:55:07 [debug] 3405#3405: *6 rewrite phase: 3<br>
> 2021/08/03 09:55:07 [debug] 3405#3405: *6 http finalize request: 404, "/sites/default/files/2021-08/Account and Transaction API Specification_2_1.yml?" a:1, c:1<br>
<br>
As it is immediately clear from the debug log, the request is <br>
matched by the regexp location in your configuration which is <br>
expected to match all requests to ".yml" files and return the 404 <br>
error. Quoting the configuration:<br>
<br>
> # Protect files and directories from prying eyes.<br>
> location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {<br>
> deny all;<br>
> return 404;<br>
> }<br>
<br>
The most simple solution would be to remove this location - given <br>
the complexity, it is expected to be a constant source of issues <br>
like this.<br>
<br>
Alternatively, you can modify the location to allow all ".yml" <br>
files or this particular file. This is not something I can <br>
recommend though.<br></blockquote><div><br></div><div>Thanks Maxim and it worked like a charm. Is there a way to set the default permission to 700 whenever the user uploads the file in the nginx docroot? Is there an Nginx config that can set the file permission to 700 once the user uploads?</div><div><br></div><div>Please comment. Thanks in advance.</div><div><br></div><div>Best Regards,</div><div><br></div><div>Kaushal</div><div> </div></div></div>