Issue in mutli tenant enviourment with uploaded files

I,m facing issue with uploaded imges and files in mutli tenant enviourment.
what i did, i create two websites

  1. site1.com
  2. site2.com
    site1.com is my default site.

both sites are running perfactlly with there domain name parallely.
And Item images & users images are uploaded in there relative folder(/files) in site

but only default site images/files are viewed(displayed or accessiable ) on website.
http://site1.com/files/002.jpeg

while on other site (site2.com) images/files are not visiable on website
http://site2.com/files/002.jpeg

Can you share the nginx config?

cat /etc/nginx/conf.d/frappe.conf

server_names_hash_bucket_size 64;

upstream frappe {
server 127.0.0.1:8000 fail_timeout=0;
}

server {
listen 80 default ;
client_max_body_size 4G;
server_name frappe_default_site;

    keepalive_timeout 5;
    sendfile on;
    root /home/bench/frappe-bench/sites;

    location /private/ {
        internal;
        try_files /$uri =424;
    }

    location /assets {
        try_files $uri =404;
    }

    location / {
        try_files /site1.com/public/$uri @magic;
    }

    location @magic {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Frappe-Site-Name site1.com;
                    proxy_set_header Host $host;
        proxy_set_header X-Use-X-Accel-Redirect True;
        proxy_read_timeout 120;
        proxy_redirect off;
        proxy_pass  http://frappe;
    }
}

server {
listen 80 ;
client_max_body_size 4G;
server_name www.site1.com www.site2.com site1.com site2.com ;

    keepalive_timeout 5;
    sendfile on;
    root /home/bench/frappe-bench/sites;

    location /private/ {
        internal;
        try_files /$uri =424;
    }

    location /assets {
        try_files $uri =404;
    }

    location / {
        try_files /$host/public/$uri @magic;
    }

    location @magic {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $host;
        proxy_set_header X-Use-X-Accel-Redirect True;
        proxy_read_timeout 120;
        proxy_redirect off;
        proxy_pass  http://frappe;
    }
}

Looks okay. Is the 002.jpeg in sites/site2.com/public/files?

yes.
It’s in both sites/site1.com/public/files and sites/site2.com/public/files

but not accessible on site2.com, on site1.com it’s ok

This a a big issue in multitenant - I have the same situation whereby only the original site will have uploaded images/files accessible/visible. Any site subsequently created and the public files are not accessible. Permissions are fine so it must be a configuration issue.

I was able to replicate this. Simon and Jai, can you confirm that you get a permission denied in nignx log?

The problem
If you run bench new-site as root, it drops privileges to frappe user and creates the site. It seems that this happens with umask of 002 and thus the user nginx is not able to read the file.

Workaround
Manually change the permissions of the site

cd frappe-bench/sites
chmod o+rx {sitename}

Will fix this in bench

yes i’m getting permission denied in nignx log.

And after using this command my issue is resolved.

But why it’s not effecting default site privileges ? while i run bench new-site as root.

Because when you run a command as root, bench changes the user to frappe and umask to 077. Will make the umask 022.