Hi. I have a working diaspora pod running on a digitalocean droplet ( ubuntu 20.04LTS).I’m using nginx to serve up my diaspora instance. I added the following to my nginx.conf:
location /uploads/images/ {
alias /home/diaspora/diaspora/public/uploads/images/;
try_files $uri $uri/ =404;
}
to point to the correct directory.
I have modified the permissions on the images directory to chown to www-data, and set rw permissions as:
~/diaspora/public/uploads/images$ ls -al
total 8
drwxrwxr-x 2 www-data www-data 4096 Jan 20 00:56 .
drwxrwxr-x 4 www-data www-data 4096 Jan 19 21:01 ..
At one point in this, I was able to save new images ( via profile picture changes ), but the diaspora webpage was unable to load them. Then I was able ( after I added the chown/chmod to the images directory + update to the nginx.conf) to read the images but not save any(!).
Do I need to make complementary changes to ImageMagick’s policy.xml… I’m wondering if that is potentially where I’m getting stopped… I’m using the vanilla policy.xml.
Thanks in advance.
Your nginx config customization is not needed. The config from the wiki sets the root directory to the public/ dir, and also has a try_files directive to serve those. This needs to work anyway, because there are other files in the public/ directory that need to be served, not just the uploads/images/ subdirectory.
The whole diaspora folder needs to be owned by the user that runs diaspora. If it’s not, it might not be able to write image files because it can’t write to the folder.
The www-data user needs to have read-access to all files. This is already done by default, because all directories have 755 permissions and all files have 644 permissions by default. This already means that everyone can read all files and “execute” all directories (which is important because the act of switching into a directory is covered by “execute”). The only thing you might have to touch is the /home/diaspora/ folder itself, which might have a 700 permission by default. If so, this can easily be changed with a chmod 755 /home/diaspora.
The only IM policy.xml you should need is the one shipped with the project. Which you don’t even need to copy anywhere else because we set the right environment variables to make sure this policy file gets used (there is a security-aspect to this).
If uploads fail regardless, there’s a log file within the log/ directory, which will tell you why it failed.
You mean read-access. The diaspora user is the one that needs write-access (which it has when it’s the owner, as you wrote above, so the rest is correct).
