Error on image uploads
-
I get the following error when I try to upload files, e.g. an profile image: "EACCES: permission denied, open '/tmp/1794af5df77491a5f0fe7ce133adbd36.png'".
The forum itself works. OS is CentOS 7, with nginx as proxy to apache. Nginx logs show nothing.
I tried to find a solution in similar topics with no success.
-
@harderer What are the permissions and ownership on your /tmp directory? Default CentOS 7 should look like this:
[root@forums ~]# ll / | grep tmp drwxrwxrwt 7 root root 8 Apr 17 13:37 tmp [root@forums ~]# ll /tmp/ total 1 srwx------ 1 mongod mongod 0 Mar 31 03:18 mongodb-27017.sock
-
@gotwf thanks for the response. My outputs are:
[**** ~]$ ll / | grep tmp drwxrwxrwt. 11 root root 4096 Apr 17 16:16 tmp [**** ~]$ ll /tmp/ total 44 -rw-r--r--. 1 root root 6930 Apr 17 11:46 1794af5df77491a5f0fe7ce133adbd36.png -rw-r--r--. 1 root root 5118 Apr 8 17:31 f26cb4b3744f40a603b1fae52a73027d.png srwx------. 1 mongod mongod 0 Mar 26 04:51 mongodb-27017.sock -rw-r--r--. 1 root root 8314 Apr 8 17:25 nWcJMgonU1Cnk-V1KoAlWlEx.png drwx------. 3 root root 4096 Dec 4 18:11 systemd-private-812d719b0a424754958b8bf4bb9d5b92-httpd.service-50vzhe drwx------. 3 root root 4096 Nov 8 16:44 systemd-private-812d719b0a424754958b8bf4bb9d5b92-mariadb.service-BtAGMh drwx------. 3 root root 4096 Mar 4 01:04 systemd-private-812d719b0a424754958b8bf4bb9d5b92-nginx.service-WVdtqV drwx------. 3 root root 4096 Nov 8 16:44 systemd-private-812d719b0a424754958b8bf4bb9d5b92-ntpd.service-8mVdHk
-
@harderer Just for diagnostics, get root or sudo and try:
~% sudo chmod 666 /tmp/1794af5df77491a5f0fe7ce133adbd36.png
And then see if it works for uploading that file. If so, then something is amiss somewhere with your permissions.
I am not a nodejs developer but maybe nodebb/nginx is failing on the attempt to delete that tmp file after uploading and/or moving to your uploads directory. Your nginx user should be nginx. NodeBB should running under a dedicated user and not root. Those "unprivileged" users are unable to delete your tmp file w/present permissions as it is owned by root. Maybe some dev can better illuminate uploads code file operations.
What users are you running your nodebb, nginx, etc. under? I see you are employing systemd to kick off various services but not nodebb. You can include nodebb into that mix if desired as outlined here https://docs.nodebb.org/configuring/running/
Note: My stuff jfw and I hence cannot capture anything getting stuck in /tmp. The suggest presumes the file upload will have the same name in /tmp, which may well not be the case. In which case, my diagnostic suggestion will still fail anyways.
Suspect something is amiss with your installation and/or file permissions and/or ownership but need a dev to weigh in on the upload logic to pinpoint cuz I am just a lowly syadmin and unfamiliar with the NodeBB code.
-
@gotwf said in Error on image uploads:
sudo chmod 666 /tmp/1794af5df77491a5f0fe7ce133adbd36.png
In this case I'm getting: "It seems you have lost the connection to **** - Forum, please wait while we try to reestablish it."(translated) in a yellow warning box on uploading.
And the nginx error.log then shows:
2020/04/17 17:46:35 [error] 5722#0: *905833 connect() failed (111: Connection refused) while connecting to upstream, client: ****:****:****:****:****:****:****:****, server: ****, request: "GET /socket.io/?EIO=3&transport=polling&t=N68qULU HTTP/1.1", upstream: "http://127.0.0.1:4567/socket.io/?EIO=3&transport=polling&t=N68qULU", host: "****", referrer: "https://****/user/****/edit"
I also tried it running nodebb as a systemd service. In this case I don't get the permission error with any tmp file, but still the same nginx error.
As for the users I'm not sure. I defined myself as the user in the nodebb systemd service file. nginx runs itself afaik.
Edit: The suggestion worked well, the tmp file name was identical when I uploaded the same file.
-
What user is configured for your nodebb systemd config:
[Service] Type=forking User=nodebb
No insult intended stating the obvious but ensure that User above is the same user you are running nodebb as. I recommend creating a dedicated user, e.g. nodebb, for such duties over your daily driver mortal login.
It seems nodebb IS running but let us just double check port 4567 to be sure NodeBB is listening on port 4567:
[root@forums ~]# netstat -na | grep 4567 tcp 0 0 127.0.0.1:46052 127.0.0.1:4567 ESTABLISHED
-
My full config currently says:
[Unit] Description=NodeBB Documentation=https://docs.nodebb.org After=system.slice multi-user.target mongod.service [Service] Type=forking User=harderer StandardOutput=syslog StandardError=syslog SyslogIdentifier=nodebb WorkingDirectory=/var/www/nodebb PIDFile=/var/www/nodebb/pidfile ExecStart=/home/harderer/.nvm/versions/node/v12.13.0/bin/node /var/www/nodebb/loader.js Restart=always [Install] WantedBy=multi-user.target
And the netstat gives me:
[harderer@andromeda bin]$ netstat -na | grep 4567 tcp 0 0 0.0.0.0:4567 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:52390 127.0.0.1:4567 ESTABLISHED tcp 0 0 127.0.0.1:4567 127.0.0.1:52470 TIME_WAIT tcp 0 0 127.0.0.1:4567 127.0.0.1:52472 TIME_WAIT tcp 0 0 127.0.0.1:4567 127.0.0.1:52390 ESTABLISHED
And I'm not insulted for double-checking my steps, as I'm not a learned system admin
Edit: added full systemd config
-
@harderer And to confirm, ownership of /var/www/nodebb is harderer? E.g.;
[root@forums ~]# ll /opt/ | grep nodebb drwxr-xr-x 12 nodebb nodebb 38 Mar 31 03:19 nodebb
Seems we have ruled out most of the low hanging fruit. I have to run. If you cannot get this sorted in meantime we probably need to review your config.json and nginx config to troubleshoot further.
On related note: What instructions did you follow to install NodeBB?
@scottalanmiller wrote up a somewhat now dated guide for Installing NodeBB on CentOS 7 that I more or less followed. He's since updated that somewhere for CentOS 8. That guy seems to be a guru nodebb systems side but life gets busy and I've not noted him around for a while now. Scott was very helpful to me when I needed to just git 'er done after being away from Linux for a while. Maybe try PM'ing him and hope he has notifications set to wake him up?
Sorry we've yet to get this figured. Got to run.
-
For nodebb I got:
[harderer@andromeda ~]$ ll /var/www/ | grep nodebb drwxr-xr-x. 12 harderer harderer 4096 Apr 17 19:15 nodebb
And I followed this official nodebb guide for installation. Maybe I should add, that I use nginx as a proxy to Apache?
And no problem for going on, thanks a lot already for looking into it!
Edit: This is my current nginx config:
upstream forum { server 127.0.0.1:4567; } server { listen 80; listen [::]:80; server_name forum.******.de www.forum.******.de; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name forum.******.de www.forum.******.de; ssl_certificate /etc/letsencrypt/live/forum.******.de/fullchain.pem; ssl_trusted_certificate /etc/letsencrypt/live/forum.******.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/forum.******.de/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disables all weak ciphers ssl_ciphers 'AES128+EECDH:AES128+EDH'; ssl_prefer_server_ciphers on; location /.well-known/ { allow all; } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; } location /socket.io/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy false; proxy_pass http://forum; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
-
Really quickly: The NodeBB folks favor Ubuntu. The CentOS guide you linked is pretty dated, as evidenced by some now defunct links. I did not use that one so cannot speak to it. It may perhaps be more expedient to move what you have to some backup dir and do over following Scott's guide. I know that works. Moreover, Centos 7 default repos bundle really dated packages. Recommend you set up nodejs and nginx repos if not already.
If you have gui access on that box, I would be curious as to what happens if you bypass the proxy and jack straight into NodeBB on port 4567? If not and you want to try this from an external network, I recommend configuring firewall such that only YOUR ip is allowed to hit that port.
If it then works, then something is amiss with nginx config (wh/I do not have time to review just now.). If not, then more likely NodeBB conf issue.