Error on image uploads



  • I get the following error when I try to upload files, e.g. an profile image: "EACCES: permission denied, open '/tmp/1794af5df77491a5f0fe7ce133adbd36.png'".

    The forum itself works. OS is CentOS 7, with nginx as proxy to apache. Nginx logs show nothing.

    I tried to find a solution in similar topics with no success.


  • Community Rep

    @harderer What are the permissions and ownership on your /tmp directory? Default CentOS 7 should look like this:

    [root@forums ~]# ll / | grep tmp
    drwxrwxrwt    7 root root      8 Apr 17 13:37 tmp
    
    [root@forums ~]# ll /tmp/
    total 1
    srwx------ 1 mongod mongod 0 Mar 31 03:18 mongodb-27017.sock
    
    
    


  • @gotwf thanks for the response. My outputs are:

    [**** ~]$ ll / | grep tmp
    drwxrwxrwt.  11 root root  4096 Apr 17 16:16 tmp
    
    [**** ~]$ ll /tmp/
    total 44
    -rw-r--r--. 1 root   root   6930 Apr 17 11:46 1794af5df77491a5f0fe7ce133adbd36.png
    -rw-r--r--. 1 root   root   5118 Apr  8 17:31 f26cb4b3744f40a603b1fae52a73027d.png
    srwx------. 1 mongod mongod    0 Mar 26 04:51 mongodb-27017.sock
    -rw-r--r--. 1 root   root   8314 Apr  8 17:25 nWcJMgonU1Cnk-V1KoAlWlEx.png
    drwx------. 3 root   root   4096 Dec  4 18:11 systemd-private-812d719b0a424754958b8bf4bb9d5b92-httpd.service-50vzhe
    drwx------. 3 root   root   4096 Nov  8 16:44 systemd-private-812d719b0a424754958b8bf4bb9d5b92-mariadb.service-BtAGMh
    drwx------. 3 root   root   4096 Mar  4 01:04 systemd-private-812d719b0a424754958b8bf4bb9d5b92-nginx.service-WVdtqV
    drwx------. 3 root   root   4096 Nov  8 16:44 systemd-private-812d719b0a424754958b8bf4bb9d5b92-ntpd.service-8mVdHk
    

  • Community Rep

    @harderer Just for diagnostics, get root or sudo and try:

    ~% sudo chmod 666 /tmp/1794af5df77491a5f0fe7ce133adbd36.png
    
    

    And then see if it works for uploading that file. If so, then something is amiss somewhere with your permissions.

    I am not a nodejs developer but maybe nodebb/nginx is failing on the attempt to delete that tmp file after uploading and/or moving to your uploads directory. Your nginx user should be nginx. NodeBB should running under a dedicated user and not root. Those "unprivileged" users are unable to delete your tmp file w/present permissions as it is owned by root. Maybe some dev can better illuminate uploads code file operations.

    What users are you running your nodebb, nginx, etc. under? I see you are employing systemd to kick off various services but not nodebb. You can include nodebb into that mix if desired as outlined here https://docs.nodebb.org/configuring/running/

    Note: My stuff jfw and I hence cannot capture anything getting stuck in /tmp. The suggest presumes the file upload will have the same name in /tmp, which may well not be the case. In which case, my diagnostic suggestion will still fail anyways. 😜

    Suspect something is amiss with your installation and/or file permissions and/or ownership but need a dev to weigh in on the upload logic to pinpoint cuz I am just a lowly syadmin and unfamiliar with the NodeBB code.



  • @gotwf said in Error on image uploads:

    sudo chmod 666 /tmp/1794af5df77491a5f0fe7ce133adbd36.png

    In this case I'm getting: "It seems you have lost the connection to **** - Forum, please wait while we try to reestablish it."(translated) in a yellow warning box on uploading.

    And the nginx error.log then shows:

    2020/04/17 17:46:35 [error] 5722#0: *905833 connect() failed (111: Connection refused) while connecting to upstream,
    client: ****:****:****:****:****:****:****:****, server: ****, request: "GET /socket.io/?EIO=3&transport=polling&t=N68qULU HTTP/1.1", upstream: "http://127.0.0.1:4567/socket.io/?EIO=3&transport=polling&t=N68qULU", host: "****", referrer: "https://****/user/****/edit"
    

    I also tried it running nodebb as a systemd service. In this case I don't get the permission error with any tmp file, but still the same nginx error.

    As for the users I'm not sure. I defined myself as the user in the nodebb systemd service file. nginx runs itself afaik.

    Edit: The suggestion worked well, the tmp file name was identical when I uploaded the same file.


  • Community Rep

    What user is configured for your nodebb systemd config:

    [Service]
    Type=forking
    User=nodebb
    

    No insult intended stating the obvious but ensure that User above is the same user you are running nodebb as. I recommend creating a dedicated user, e.g. nodebb, for such duties over your daily driver mortal login.

    It seems nodebb IS running but let us just double check port 4567 to be sure NodeBB is listening on port 4567:

    [root@forums ~]# netstat -na | grep 4567
    tcp        0      0 127.0.0.1:46052         127.0.0.1:4567          ESTABLISHED
    
    


  • My full config currently says:

    [Unit]
    Description=NodeBB
    Documentation=https://docs.nodebb.org
    After=system.slice multi-user.target mongod.service
    
    [Service]
    Type=forking
    User=harderer
    
    StandardOutput=syslog
    StandardError=syslog
    SyslogIdentifier=nodebb
    
    WorkingDirectory=/var/www/nodebb
    PIDFile=/var/www/nodebb/pidfile
    ExecStart=/home/harderer/.nvm/versions/node/v12.13.0/bin/node /var/www/nodebb/loader.js
    Restart=always
    
    [Install]
    WantedBy=multi-user.target
    

    And the netstat gives me:

    [harderer@andromeda bin]$ netstat -na | grep 4567
    tcp        0      0 0.0.0.0:4567            0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:52390         127.0.0.1:4567          ESTABLISHED
    tcp        0      0 127.0.0.1:4567          127.0.0.1:52470         TIME_WAIT
    tcp        0      0 127.0.0.1:4567          127.0.0.1:52472         TIME_WAIT
    tcp        0      0 127.0.0.1:4567          127.0.0.1:52390         ESTABLISHED
    

    And I'm not insulted for double-checking my steps, as I'm not a learned system admin 🙂

    Edit: added full systemd config


  • Community Rep

    @harderer And to confirm, ownership of /var/www/nodebb is harderer? E.g.;

    [root@forums ~]# ll /opt/ | grep nodebb
    drwxr-xr-x 12 nodebb nodebb        38 Mar 31 03:19 nodebb
    
    

    Seems we have ruled out most of the low hanging fruit. I have to run. If you cannot get this sorted in meantime we probably need to review your config.json and nginx config to troubleshoot further.

    On related note: What instructions did you follow to install NodeBB?

    @scottalanmiller wrote up a somewhat now dated guide for Installing NodeBB on CentOS 7 that I more or less followed. He's since updated that somewhere for CentOS 8. That guy seems to be a guru nodebb systems side but life gets busy and I've not noted him around for a while now. Scott was very helpful to me when I needed to just git 'er done after being away from Linux for a while. Maybe try PM'ing him and hope he has notifications set to wake him up?

    Sorry we've yet to get this figured. Got to run.



  • For nodebb I got:

    [harderer@andromeda ~]$ ll /var/www/ | grep nodebb
    drwxr-xr-x. 12 harderer harderer 4096 Apr 17 19:15 nodebb
    

    And I followed this official nodebb guide for installation. Maybe I should add, that I use nginx as a proxy to Apache?

    And no problem for going on, thanks a lot already for looking into it! 🙂

    Edit: This is my current nginx config:

    upstream forum {
        server 127.0.0.1:4567;
    }
    
    server {
        listen 80;
        listen [::]:80;
        server_name forum.******.de www.forum.******.de;
    
        return 301 https://$host$request_uri;
    }
    
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
    
        server_name forum.******.de www.forum.******.de;
    
        ssl_certificate /etc/letsencrypt/live/forum.******.de/fullchain.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/forum.******.de/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/forum.******.de/privkey.pem;
    
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
        # disables all weak ciphers
        ssl_ciphers 'AES128+EECDH:AES128+EDH';
    
        ssl_prefer_server_ciphers on;
    
        location /.well-known/ {
            allow all;
        }
    
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
    
            proxy_pass http://127.0.0.1:4567;
        }
    
        location /socket.io/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy false;
    
            proxy_pass http://forum;
            proxy_redirect off;
    
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }
    

  • Community Rep

    Really quickly: The NodeBB folks favor Ubuntu. The CentOS guide you linked is pretty dated, as evidenced by some now defunct links. I did not use that one so cannot speak to it. It may perhaps be more expedient to move what you have to some backup dir and do over following Scott's guide. I know that works. Moreover, Centos 7 default repos bundle really dated packages. Recommend you set up nodejs and nginx repos if not already.

    If you have gui access on that box, I would be curious as to what happens if you bypass the proxy and jack straight into NodeBB on port 4567? If not and you want to try this from an external network, I recommend configuring firewall such that only YOUR ip is allowed to hit that port.

    If it then works, then something is amiss with nginx config (wh/I do not have time to review just now.). If not, then more likely NodeBB conf issue.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 6
  • 1
  • 1
| |