Migrate to Secure Images #1718

New Issue

Closed

opened 2026-02-05 01:42:19 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 01:42:19 +03:00

Owner

Copy Link

Originally created by @mikeyz24 on GitHub (May 6, 2020).

I followed the instructions in the doc for Securing Images but after making the changes any images I upload as a cover page or part of page content are not showing up.

I can confirm that the image file is being saved to the storage/uploads/images folder and it has the correct permissions and ownership.

When looking at the source code of a page for example, the link that is being saved for the image is in this format: <a href="http://bookstack/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png">

Taking a look inside the DB in the IMAGES table, the entry for this image looks as follows:

id: 134
name: image-1588789464792.png
url: http://bookstack/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png
created_at: 2020-05-06 14:24:25
updated_at: 2020-05-06 14:24:25
created_by: 3
updated_by: 3
path: /uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png
type: gallery
uploaded_to: 83

If I try to visit the link http://bookstack/storage/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png I get a 404 error. What should the correct path be with Secure Images setting enabled? Do i have to make some changes in the NGINX config file to point it at the correct location or is this a bug?

Originally created by @mikeyz24 on GitHub (May 6, 2020). I followed the instructions in the doc for Securing Images but after making the changes any images I upload as a cover page or part of page content are not showing up. I can confirm that the image file is being saved to the storage/uploads/images folder and it has the correct permissions and ownership. When looking at the source code of a page for example, the link that is being saved for the image is in this format: `<a href="http://bookstack/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png">` Taking a look inside the DB in the IMAGES table, the entry for this image looks as follows: ``` id: 134 name: image-1588789464792.png url: http://bookstack/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png created_at: 2020-05-06 14:24:25 updated_at: 2020-05-06 14:24:25 created_by: 3 updated_by: 3 path: /uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png type: gallery uploaded_to: 83 ``` If I try to visit the link `http://bookstack/storage/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png` I get a 404 error. What should the correct path be with Secure Images setting enabled? Do i have to make some changes in the NGINX config file to point it at the correct location or is this a bug?

OVERLORD added the 🐕 Support label 2026-02-05 01:42:19 +03:00

OVERLORD closed this issue 2026-02-05 01:42:21 +03:00

OVERLORD commented 2026-02-05 01:42:24 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Dec 17, 2020):

Hi @mikeyz24,

Sorry for my lack of response here. The image links themselves should remain the same after changing to STORAGE_TYPE=local_secure. Requests for these should automatically get routed through the application as long as a matching file does not exist in the public folder.

If I try to visit the link http://bookstack/storage/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png I get a 404 error.

That's what I'd expect since no image links should have storage in the path. I'd need to know what you'd get if visiting http://bookstack/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png directly while logged in.

@ssddanbrown commented on GitHub (Dec 17, 2020): Hi @mikeyz24, Sorry for my lack of response here. The image links themselves should remain the same after changing to `STORAGE_TYPE=local_secure`. Requests for these should automatically get routed through the application as long as a matching file does not exist in the `public` folder. > If I try to visit the link http://bookstack/storage/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png I get a 404 error. That's what I'd expect since no image links should have `storage` in the path. I'd need to know what you'd get if visiting `http://bookstack/uploads/images/gallery/2020-05/lU9FrfnU0EtFr4PR-image-1588789464792.png` directly while logged in.

OVERLORD commented 2026-02-05 01:42:31 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jan 26, 2021):

Since there's been no further follow-up I'll close this off.

@ssddanbrown commented on GitHub (Jan 26, 2021): Since there's been no further follow-up I'll close this off.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1718