Issue in mutli tenant enviourment with uploaded files

jaiprakash · January 17, 2015, 5:52am

I,m facing issue with uploaded imges and files in mutli tenant enviourment.
what i did, i create two websites

site1.com
site2.com
site1.com is my default site.

both sites are running perfactlly with there domain name parallely.
And Item images & users images are uploaded in there relative folder(/files) in site

but only default site images/files are viewed(displayed or accessiable ) on website.
http://site1.com/files/002.jpeg

while on other site (site2.com) images/files are not visiable on website
http://site2.com/files/002.jpeg

pdvyas · January 18, 2015, 5:35pm

Can you share the nginx config?

cat /etc/nginx/conf.d/frappe.conf

jaiprakash · January 19, 2015, 3:46am

server_names_hash_bucket_size 64;

upstream frappe {
server 127.0.0.1:8000 fail_timeout=0;
}

server {
listen 80 default ;
client_max_body_size 4G;
server_name frappe_default_site;

    keepalive_timeout 5;
    sendfile on;
    root /home/bench/frappe-bench/sites;

    location /private/ {
        internal;
        try_files /$uri =424;
    }

    location /assets {
        try_files $uri =404;
    }

    location / {
        try_files /site1.com/public/$uri @magic;
    }

    location @magic {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Frappe-Site-Name site1.com;
                    proxy_set_header Host $host;
        proxy_set_header X-Use-X-Accel-Redirect True;
        proxy_read_timeout 120;
        proxy_redirect off;
        proxy_pass  http://frappe;
    }
}

server {
listen 80 ;
client_max_body_size 4G;
server_name www.site1.com www.site2.com site1.com site2.com ;

    keepalive_timeout 5;
    sendfile on;
    root /home/bench/frappe-bench/sites;

    location /private/ {
        internal;
        try_files /$uri =424;
    }

    location /assets {
        try_files $uri =404;
    }

    location / {
        try_files /$host/public/$uri @magic;
    }

    location @magic {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $host;
        proxy_set_header X-Use-X-Accel-Redirect True;
        proxy_read_timeout 120;
        proxy_redirect off;
        proxy_pass  http://frappe;
    }
}

pdvyas · January 19, 2015, 6:06am

Looks okay. Is the 002.jpeg in sites/site2.com/public/files?

jaiprakash · January 19, 2015, 6:28am

yes.
It’s in both sites/site1.com/public/files and sites/site2.com/public/files

but not accessible on site2.com, on site1.com it’s ok

Simon_Halliday · January 21, 2015, 1:19am

This a a big issue in multitenant - I have the same situation whereby only the original site will have uploaded images/files accessible/visible. Any site subsequently created and the public files are not accessible. Permissions are fine so it must be a configuration issue.

pdvyas · January 21, 2015, 9:18am

I was able to replicate this. Simon and Jai, can you confirm that you get a permission denied in nignx log?

The problem
If you run bench new-site as root, it drops privileges to frappe user and creates the site. It seems that this happens with umask of 002 and thus the user nginx is not able to read the file.

Workaround
Manually change the permissions of the site

cd frappe-bench/sites
chmod o+rx {sitename}

Will fix this in bench

jaiprakash · January 21, 2015, 10:55am

yes i’m getting permission denied in nignx log.

And after using this command my issue is resolved.

But why it’s not effecting default site privileges ? while i run bench new-site as root.

pdvyas · January 22, 2015, 1:19pm

Because when you run a command as root, bench changes the user to frappe and umask to 077. Will make the umask 022.