starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-05 16:49:47 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

setting STORAGE_TYPE to local_secure or local_secure_restricted breaks images #4998

New Issue
Closed
opened 2026-02-05 09:32:30 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2026-02-05 09:32:30 +03:00
Owner
Copy Link

Originally created by @vmario89 on GitHub (Oct 11, 2024).

Attempted Debugging

  • I have read the debugging page

Searched GitHub Issues

  • I have searched GitHub for the issue.

Describe the Scenario

When changing the production environment file .env to use secured image storage location, some images will never work:

  • Logo and favicon are fine (after setting them again)
  • avatars are broken (newly created ones and the old ones, after moving!)
  • drawio images are broken (newly created ones and the old ones, after moving!)
  • attachments are working

before that migration from (local), everything was fine

i read the docs 10 times, searched 2 hours on the web, checked alot of stuff like

  • dir owers
  • dir permissions
  • existings dirs
  • nginx config
  • .env config
  • resetting cache
  • using private browser sessions
  • using different browser
  • checking the browser dev console

my nginx setup (redacted):

server {
	server_name wiki.redacted.org;
	listen 443 ssl;
	listen [::]:443 ssl;

	include /etc/nginx/ssl-config.conf;

	add_header X-Frame-Options SAMEORIGIN always;
	add_header X-Xss-Protection "1; mode=block" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header Referrer-Policy same-origin always;
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header Permissions-Policy "fullscreen=(self), geolocation=*, camera=()";

	error_log /var/log/nginx/wiki.redacted.org.error.log;

	client_max_body_size 50M; #adjusted for larger uploads like photos or PDFs

	index index.php index.html;

	root /var/www/vhosts/wiki.redacted.org/public;
	
	location / {
  		try_files $uri $uri/ /index.php?$query_string;
	}

    location ~ \.php$ {
    	fastcgi_split_path_info ^(.+\.php)(/.+)$;
      	include fastcgi_params;
      	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      	fastcgi_param PATH_INFO $fastcgi_path_info;
    	fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; 
    }

	location /uploads {
    	autoindex off;
	}
}

server {
    listen 80;
    listen [::]:80;
    server_name wiki.redacted.org;
    location / {
        return 301 https://wiki.redacted.org$request_uri;
        }
}

my .env:

APP_KEY=redacted
APP_URL=https://wiki.redacted.org

DB_HOST=localhost
DB_DATABASE=bookstack
DB_USERNAME=bookstack
DB_PASSWORD=redacted

MAIL_DRIVER=smtp
MAIL_FROM_NAME="redacted"
MAIL_FROM=wiki.noreply@redacted.org
MAIL_HOST=smtp.redacted.org
MAIL_PORT=587
MAIL_USERNAME=redacted@redacted.org
MAIL_PASSWORD=redacted
MAIL_ENCRYPTION=tls

######## non-standard options
APP_ENV=production
APP_LANG=de
APP_AUTO_LANG_PUBLIC=true
APP_TIMEZONE=Europe/Berlin
APP_DEBUG=true

# https://www.bookstackapp.com/docs/admin/security/
# https://www.bookstackapp.com/docs/admin/upload-config/#local-secure---restricted
STORAGE_TYPE=local_secure_restricted
STORAGE_IMAGE_TYPE=local_secure_restricted
STORAGE_ATTACHMENT_TYPE=local_secure_restricted
# 50 MB Upload
FILE_UPLOAD_SIZE_LIMIT=50
ALLOW_ROBOTS=true
SESSION_SECURE_COOKIE=true
ALLOWED_IFRAME_HOSTS="https://redacted.org https://redacted.de"
ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.redacted.org https://*.redacted.de https://redacted.org https://redacted.de"
LOG_FAILED_LOGIN_MESSAGE="Failed login for %u"
#ALLOW_UNTRUSTED_SERVER_FETCHING=false

IP_ADDRESS_PRECISION=2

AVATAR_URL=https://seccdn.libravatar.org/avatar/${hash}?s=${size}&d=identicon

CACHE_DRIVER=memcached
SESSION_DRIVER=memcached
MEMCACHED_SERVERS=127.0.0.1:11211:100

REDIS_SERVERS=127.0.0.1:6379:0

# Session lifetime in minutes
SESSION_LIFETIME=240

EXPORT_PAGE_SIZE=a4

APP_DEFAULT_DARK_MODE=false
APP_VIEWS_BOOKS=list
APP_VIEWS_BOOKSHELVES=grid
APP_VIEWS_BOOKSHELF=grid
DRAWIO=true

i messed a lot with different options, disabled and enabled ...

what am i doing wrong? Bookstack never tries to use the storage/uploads/images dir. Instead it still looks for public/uploads/images

i tried this with different roles and users also. i also messed with php artisan commands to clear caches, etc.

Exact BookStack Version

v24.10

Log Content

php-fpm log is fine. no issues here.

nginx error log file:
2024/10/11 11:32:12 [error] 40924#40924: *473689 open() "/var/www/vhosts/wiki.redacted.org/public/uploads/images/user/2024-10/thumbs-80-80/2zlc5xeLywF24gfi-signet-256x256.png" failed (2: No such file or directory), client: 79.198.142.149, server: wiki.redacted.org, request: "GET /uploads/images/user/2024-10/thumbs-80-80/2zlc5xeLywF24gfi-signet-256x256.png HTTP/2.0", host: "wiki.redacted.org", referrer: "https://wiki.redacted.org/my-account/profile"

Hosting Environment

  • Ubuntu 22 Linux on a netcup vServer
  • conventional setup WITHOUT Docker
  • PHP8.3-FPM
  • nginx
Originally created by @vmario89 on GitHub (Oct 11, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario When changing the production environment file .env to use secured image storage location, some images will never work: * Logo and favicon are fine (after setting them again) * avatars are broken (newly created ones and the old ones, after moving!) * drawio images are broken (newly created ones and the old ones, after moving!) * attachments are working before that migration from (local), everything was fine i read the docs 10 times, searched 2 hours on the web, checked alot of stuff like * dir owers * dir permissions * existings dirs * nginx config * .env config * resetting cache * using private browser sessions * using different browser * checking the browser dev console my nginx setup (redacted): ``` server { server_name wiki.redacted.org; listen 443 ssl; listen [::]:443 ssl; include /etc/nginx/ssl-config.conf; add_header X-Frame-Options SAMEORIGIN always; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy same-origin always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header Permissions-Policy "fullscreen=(self), geolocation=*, camera=()"; error_log /var/log/nginx/wiki.redacted.org.error.log; client_max_body_size 50M; #adjusted for larger uploads like photos or PDFs index index.php index.html; root /var/www/vhosts/wiki.redacted.org/public; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; } location /uploads { autoindex off; } } server { listen 80; listen [::]:80; server_name wiki.redacted.org; location / { return 301 https://wiki.redacted.org$request_uri; } } ``` my .env: ``` APP_KEY=redacted APP_URL=https://wiki.redacted.org DB_HOST=localhost DB_DATABASE=bookstack DB_USERNAME=bookstack DB_PASSWORD=redacted MAIL_DRIVER=smtp MAIL_FROM_NAME="redacted" MAIL_FROM=wiki.noreply@redacted.org MAIL_HOST=smtp.redacted.org MAIL_PORT=587 MAIL_USERNAME=redacted@redacted.org MAIL_PASSWORD=redacted MAIL_ENCRYPTION=tls ######## non-standard options APP_ENV=production APP_LANG=de APP_AUTO_LANG_PUBLIC=true APP_TIMEZONE=Europe/Berlin APP_DEBUG=true # https://www.bookstackapp.com/docs/admin/security/ # https://www.bookstackapp.com/docs/admin/upload-config/#local-secure---restricted STORAGE_TYPE=local_secure_restricted STORAGE_IMAGE_TYPE=local_secure_restricted STORAGE_ATTACHMENT_TYPE=local_secure_restricted # 50 MB Upload FILE_UPLOAD_SIZE_LIMIT=50 ALLOW_ROBOTS=true SESSION_SECURE_COOKIE=true ALLOWED_IFRAME_HOSTS="https://redacted.org https://redacted.de" ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.redacted.org https://*.redacted.de https://redacted.org https://redacted.de" LOG_FAILED_LOGIN_MESSAGE="Failed login for %u" #ALLOW_UNTRUSTED_SERVER_FETCHING=false IP_ADDRESS_PRECISION=2 AVATAR_URL=https://seccdn.libravatar.org/avatar/${hash}?s=${size}&d=identicon CACHE_DRIVER=memcached SESSION_DRIVER=memcached MEMCACHED_SERVERS=127.0.0.1:11211:100 REDIS_SERVERS=127.0.0.1:6379:0 # Session lifetime in minutes SESSION_LIFETIME=240 EXPORT_PAGE_SIZE=a4 APP_DEFAULT_DARK_MODE=false APP_VIEWS_BOOKS=list APP_VIEWS_BOOKSHELVES=grid APP_VIEWS_BOOKSHELF=grid DRAWIO=true ``` i messed a lot with different options, disabled and enabled ... what am i doing wrong? Bookstack never tries to use the storage/uploads/images dir. Instead it still looks for public/uploads/images i tried this with different roles and users also. i also messed with php artisan commands to clear caches, etc. ### Exact BookStack Version v24.10 ### Log Content php-fpm log is fine. no issues here. **nginx error log file:** `2024/10/11 11:32:12 [error] 40924#40924: *473689 open() "/var/www/vhosts/wiki.redacted.org/public/uploads/images/user/2024-10/thumbs-80-80/2zlc5xeLywF24gfi-signet-256x256.png" failed (2: No such file or directory), client: 79.198.142.149, server: wiki.redacted.org, request: "GET /uploads/images/user/2024-10/thumbs-80-80/2zlc5xeLywF24gfi-signet-256x256.png HTTP/2.0", host: "wiki.redacted.org", referrer: "https://wiki.redacted.org/my-account/profile"` > ### Hosting Environment - Ubuntu 22 Linux on a netcup vServer - conventional setup WITHOUT Docker - PHP8.3-FPM - nginx
OVERLORD added the 🐕 Support label 2026-02-05 09:32:30 +03:00
OVERLORD commented 2026-02-05 09:32:33 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Oct 11, 2024):

Hi @vmario89,
Can you temporarily try commenting-out/removing this part of your nginx config?:

	location /uploads {
    	autoindex off;
	}

Then see if images start working.
Remeber to reload/restart nginx after making the changes.

@ssddanbrown commented on GitHub (Oct 11, 2024): Hi @vmario89, Can you temporarily try commenting-out/removing this part of your nginx config?: ``` location /uploads { autoindex off; } ``` Then see if images start working. Remeber to reload/restart nginx after making the changes.
OVERLORD commented 2026-02-05 09:32:36 +03:00
Author
Owner
Copy Link

@vmario89 commented on GitHub (Oct 11, 2024):

damn that simple snippet fixed it! I thank you very much!

@vmario89 commented on GitHub (Oct 11, 2024): damn that simple snippet fixed it! I thank you very much!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 🐕 Support
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#4998
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?