X3Photo Gallery Forums

fatlyz · 24 May 2015, 15:13

Hi Karl, after installing X3 on my server, I have found a few issues:

1. Permission check
In check/index.php, line 859, the condition of permission check is to check directory '.':

'condition' => is_writable('.'),

So it keeps failing permission check if directory 'check' is not writable, even if root and 'contents' directories are writable. (I think this has nothing to do with nginx.)

2. Rewrite
Since nginx doesn't support .htaccess rewrite rules, rewrite in X3 seems turned off. But even rewrite is turned off, the urls of thumbnails in panel didn't change, they looked like this:

: Screen Shot 2015-05-24 at 13.36.09.png (19.67 KiB) Viewed 4363 times

I converted some rules in .htaccess and temporarily solved this issue, links like
https://gallery.yunzhu.li/examples/gallery/vertical/ and
https://gallery.yunzhu.li/render/w100-c ... -cream.jpg
are now working. However X3 still navigates to /?/... and I guess it's because X3 looks for the apache module 'mod_rewrite' which doesn't exist on my server.

I also found some rules that deny access to directories and files, I guess maybe this can cause potential security issues?
I hope the release version will have better support with nginx

, at least not security issues.

This is the current nginx configuration for X3 on my server:

    # Imagevue
    # Rewrite any calls to *.html, *.json, *.xml, *.atom, *.rss, *.rdf or *.txt if a folder matching * exists
    if (!-f $request_filename) {
        set $rule_0 1$rule_0;
    }
    if ($uri !~ "public/") {
        set $rule_0 2$rule_0;
    }
    if (!-f $document_root/public/$1.$2) {
        set $rule_0 3$rule_0;
    }
    if ($rule_0 = "321") {
        rewrite /(.+).(html|json|xml|atom|rss|rdf|txt)$ /$1/ last;
    }

    # Rewrite any calls to /render to the image parser
    if ($uri ~ "render/") {
        rewrite ^/render/. /app/parsers/slir/ last;
    }

    # Rewrite any calls to /* or /app to the index.php file
    if ($uri ~ "/app/$") {
        rewrite ^/app/ /index.php last;
    }

    # Rewrite any calls to /* or /app to the index.php file
    if (!-f $request_filename) {
        set $rule_3 1$rule_3;
    }
    if (!-d $request_filename) {
        set $rule_3 2$rule_3;
    }
    if ($rule_3 = "21"){
        rewrite ^/(.*)/$ /index.php?/$1/ last;
    }

    # Rewrite any file calls to the public directory
    if (!-f $request_filename) {
        set $rule_4 1$rule_4;
    }
    if (!-d $request_filename) {
        set $rule_4 2$rule_4;
    }
    if ($uri !~ "public/") {
        set $rule_4 3$rule_4;
    }
    if ($rule_4 = "321"){
        rewrite ^/(.+)$ /public/$1 last;
    }

    # Prevent access to .txt & .yml files
    location ~ ".(txt|yml)$" {
        deny all;
    }

    # Increase cookie security
    # Add fastcgi_param PHP_VALUE "session.cookie_httponly true"

25 May 2015, 00:35

Hi. Thanks for getting back to us regarding nginx. We admit some of the server-eccentric features are heavily focused around Apache since this is the majority by clear margin. We will definitely focus on making it nginx-friendly, but to be honest we don't have much experience and therefore it has been sidelined for now.

fatlyz wrote:
Code
'condition' => is_writable('.'),
So it keeps failing permission check if directory 'check' is not writable, even if root and 'contents' directories are writable. (I think this has nothing to do with nginx.)

We DO actually check if the /check/ folder is writeable, because that allows the /check/ page to figure out what permissions need to be set for the X3 content folder before actually changing permissions manually. Sometimes its the default 755 (which it should be), but other times 777 is necessary.

fatlyz wrote:2. Rewrite
Since nginx doesn't support .htaccess rewrite rules, rewrite in X3 seems turned off. But even rewrite is turned off, the urls of thumbnails in panel didn't change, they looked like this:

Unfortunately the thumbnail rewrite is relatively important so currently we hardwired the rewritten url into the panel.

fatlyz wrote:However X3 still navigates to /?/... and I guess it's because X3 looks for the apache module 'mod_rewrite' which doesn't exist on my server.

Yes. I need to take a look into why exactly it automatically navigates to /?/, but it is definitely because it thinks rewrite is disabled. I will add to my pending list.

fatlyz wrote:I also found some rules that deny access to directories and files, I guess maybe this can cause potential security issues?

Not 100% sure what rules you are referring to, but yes there are some rules for denies access to some application folders and also yml data files. These rules are not really necessary, but we prefer to add some default protection to files that have no reason to be accessed from public www. If the rules are not there, it doesn't matter ...

fatlyz wrote:I hope the release version will have better support with nginx , at least not security issues.

We definitely will improve support, but not sure what we can squeeze into the forthcoming "public release".

fatlyz wrote:This is the current nginx configuration for X3 on my server:

Appreciate that you take the time to share your current code. I am sure others will find it useful, and we will also once we find the time to focus 100% on server-specific versions of X3.

fatlyz · 25 May 2015, 13:23

Thanks for the reply!

It's good to know that there's no security issues for now with rewrite disabled

I think to publish a nginx configuration and add a "switch" to enable rewrite in X3 may be a relatively easy solution to this.

24 Mar 2017, 02:18

Hi @fatlyz. May I ask, did you have any success with X3 on NGINX? I am currently looking for someone with NGINX server to test and deploy an official NGINX configuration for X3.

02 Apr 2017, 07:03

We have created a NGINX config snippet to get X3 working on NGINX server, if anyone cares to try it:
https://gist.github.com/mjau-mjau/6dc19 ... e566a8457b

X3Photo Gallery Forums

Issues using with nginx5 posts

Issues using with nginx

Re: Issues using with nginx

Re: Issues using with nginx

Re: Issues using with nginx

Re: Issues using with nginx