I have a Django webpage running on Nginx-Uwsgi. I want to let the user download files of over 10GB. For this purpose, I am using X-Accel-Redirect.

The idea is that the user should go to http://XXX.XX.XX.XX/main/download and there it can download a file.

After several configurations, now I get a 403 HTTP error on the browser and the following trace on Nginx:

2021/11/11 16:11:45 [error] 29309#0: *1 open() "/home/myuser/direct/example.txt" failed (13: Permission denied), client: 2.136.173.243, server: _, request: "GET /main/download HTTP/1

My Nginx configuration is as follows:

events {
    worker_connections 10000;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    client_max_body_size 128M;
    proxy_max_temp_file_size 0;
    proxy_buffering off;
    server_names_hash_bucket_size 256;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    upstream django {
        server 127.0.0.1:8000;
    }

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location /download {
            internal;
            alias /home/myuser/direct;
            proxy_max_temp_file_size 0;
        }



        location /main {
            uwsgi_pass django;
            uwsgi_param Host $host;
            uwsgi_param X-Real-IP $remote_addr;
            uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
            uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;

            uwsgi_param QUERY_STRING $query_string;
            uwsgi_param REQUEST_METHOD $request_method;
            uwsgi_param CONTENT_TYPE $content_type;
            uwsgi_param CONTENT_LENGTH $content_length;
            uwsgi_param REQUEST_URI $request_uri;
            uwsgi_param PATH_INFO $document_uri;
            uwsgi_param DOCUMENT_ROOT $document_root;
            uwsgi_param SERVER_PROTOCOL $server_protocol;
            uwsgi_param HTTPS $https if_not_empty;
            uwsgi_param REMOTE_ADDR $remote_addr;
            uwsgi_param REMOTE_PORT $remote_port;
            uwsgi_param SERVER_PORT $server_port;
            uwsgi_param SERVER_NAME $server_name;
        }
   }

My Django function that calls /download is:

def download(request):
    response = HttpResponse()
    path = "/home/myuser/direct/example.txt"
    name = "example.txt"
    #response['Content_Type']='application/octet-stream'
    #response["Content-Disposition"] = "attachment; filename={0}".format(
    #        name.encode('utf-8'))
    response['Content-Length'] = os.path.getsize(path)
    response['X-Accel-Redirect'] = "/download/{0}".format(name)
    del response['Content-Type']
    del response['Content-Disposition']
    del response['Accept-Ranges']
    del response['Set-Cookie']
    del response['Cache-Control']
    del response['Expires']
    return response

I have also tried changing the user that appears on the nginx configuration to my user in case there were any trouble accessing /home, but I got the same error.

Therefore, my question is, how can I solve this error in order to allow Nginx serving files from /home that could be downloaded?

CodePudding user response：

The problem was that the nginx did not expect to read files from the provided directory. When this directory was changed to /var/wwww, it worked as expected.