Question

Symlink: Access with NGINX to root folder files

Posted April 5, 2020 1.3k views
Nginx

Hello dear community. Im just going to be clear.

I’ve just installed nginx running on Debian 10. However, Im running a game server which is located at root directory and Im trying to access to one of the folder of the game server (Located at root Example: /root/gameserver/shareFolder).
However, I have been reading and triying to find a way to access there via a Symlink, however it was not possible unless I use the following command

sudo chmod a+X /root

As far as I read is not a good choice to use/keep that command.

On the one hand I have tried to change the folder ownership but sadly it drops 404 Error or 403. On the other I have also tried to create a location in a .config file.

I know I can move the game server folder and files to another secure directory, but, which one should be the correct one? And which one can access with nginx user to a symlink of it?

First of all I’m so sorry if I didnt explained pretty well. Im not an expert coder and english is not my strong suit.
Thanks in advance, regards.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @Oversito,

The explanation of the problem is perfect!

I would recommend moving the game server installation to the /var/www/ folder, for example, you can move it to /var/www/gameserver.

To be on the safe side, I would recommend taking a snapshot of your Droplet before making the change, that way if anything breaks, you would be able to revert to the working version.

Hope that this helps!
Regards,
Bobby

  • Thanks for answering @bobbyiliev .

    It is secure to have a game server running at /var/www directory ? As I told, I just want to create a symlink to get access to a specific folder of the game server(Only read rights)

    Why? I want to use that symlink to get a faster download for the client game files.

    And the last thing, when was implemented this changes to nginx ? I used to use a symlink to root directory and there wasnt any problem (Im talking like 3 years ago)

    Newly thanks for answering and best regards.

    • Hi there @Oversito,

      Yes the /var/www folder should work as expected as your webserver would have the rights to access the folder.

      Another thing you might want to consider is creating a low privileged user and moving the game server to that user’s home directory, so it would look something like this:

      /home/your_user/server
      

      That way you will not have to compromise the security of your /root directory.

      You can take a look at this article here on how to create a low privileged user:

      https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04

      Hope that this helps!
      Regards,
      Bobby

      by Justin Ellingwood
      When you first create a new Ubuntu 18.04 server, there are a few configuration steps that you should take early on as part of the basic setup. This will increase the security and usability of your server and will give you a solid foundation for subsequent...
      • @bobbyiliev
        I see… However, I did some test creating a directory at /home path. obyously changing the folder ownership to www-data (nginx user) but when I create the symlink it drops me 403 when I try to access to that symlink url.
        Am I forced to create the user and the user directory to have the symlink working correctly ?
        Thanks in advance, best regards.

        • Hi there @Oversito,

          I think that what might be causing the problem for you is that Apache 2.4.x added a new security feature. The feature is requiring an authorized user identity to access a directory. It is turned on by DEFAULT. If you check your Apache config, you should see the following directive:

          Require all denied
          

          So to disable that, what you could do is in your Apache Vhost, you should have something like this:

            <Directory "/home/your_user/server_dir">
              Options Indexes FollowSymLinks
              AllowOverride All
              Order allow,deny
              Allow from all
              Require all granted
            </Directory>
          

          Let me know how it goes!
          Regards,
          Bobby

          • Thanks for answering @bobbyiliev
            Well, I have just reinstalled everything to have a clean installation and I did everything. Looks like /home path is a good choice to run the game server and keep the files sync with the web server.

            However, Im having the few issues that I partially solved. First of all I want to leave constance that Im working with NGINX and the 403 error that Im getting is might caused by autoindex.

            Well, If I add the directive autoindex on; to /location, files from symlink are listed.

                location / {
                    autoindex on;
                    try_files $uri $uri/ =404;
                }
            

            But… I wont list every directories from the web-server, so I tried to do remove autoindex from that location and set just the directive to the path where the symlink goes. Sadly, this doesn’t works.

                location /home/myuser/testfiles/ {
                    autoindex on;
                }
            

            Im not running Apache, it is not even running. Thats why I didnt do any modification to the Apache’s folder.

            The last thing that I would like to ask is. How can I limit the access to the symlink folder ? Should I add just the following directive to location / {

            allow 127.0.0.1;
            

            Thanks in advance. best regards buddy.

          • Hi there @Oversito,

            Thanks for the clarification, this is an interesting case.

            Have you tried disabling symlinks with the following:

            disable_symlinks on
            

            Let me know how it goes!
            Regards,
            Bobby

Submit an Answer