digital object upload (https) produces 500 Server Error

[Elizabeth Thomson]

Hello Atom Community,

We recently configured SSL on our AtoM instance and now enforce https across all pages.

Since doing this we notice that uploading a digital object produces a 500 Server Error page. The log entry is below.

2018/05/08 17:52:56 [error] 29308#0: *85392 FastCGI sent in stderr: "PHP message: Failed to set permissions on /path-to-uploads/b/e/7/be7d197db504097cb24a52f177be83c4a32ca8169aad325be87c2c5e8758a5b2/rbd_MSG1145_1-ledger1830s_141.jpg" while reading response header from upstream, client: 132.206.204.136, server: XXXXXX, request: "POST /index.php/account-book/addDigitalObject HTTP/1.1", upstream: "fastcgi://unix:/run/php5-fpm.atom.sock:", host: "XXXXXX", referrer: "https://XXXXXX/index.php/account-book/addDigitalObject"

But when I check permissions on the directory I can see that the file is there, with apparently the correct permissions !

$ ls -la /path-to-uploads/b/e/7/be7*

-rwxrwxr-x. 1 nginx nginx 5967 May  8 17:52 rbd_MSG1145_1-ledger1830s_141.jpg

We are sym-linking our uploads directory from a placeholder under webroot to a directory outside the web services document root, but this has not been an issue in the past.

I'm not 100% sure the problem is related to implementation of SSL, but afaik that is the only thing that has changed on our system.

We are running AtoM 2.4.0 on RHEL 7 with mySQL 5.6, PHP 5.5 and nginx 1.12.2

Can anyone shed any light?

best regards,

[Dan Gillean]

Hi Elizabeth, 

I might have to get some input from our developers  - though since we don't test or maintain documentation specific to RHEL or CentOS, the suggestions we can offer might be limited. 

First, though - I'm not sure if this is particular to your installation environment and the way you are symlinking, but usually, the uploads directory - and all subdirectories of the root AtoM installation directory - should be owned by the www-data user when following our default installation instructions, not the nginx user. 

It's possible that you accidentally changed the permissions while configuring SSL in your webserver? If you want to retry things with the permissions set to the www-data user, you can do so with the following command: 

• sudo chown -R www-data:www-data /usr/share/nginx/atom
  

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056

@accesstomemory

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-users+unsubscribe@googlegroups.com.
To post to this group, send email to ica-atom-users@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/172c07cf-65f4-4f1e-8991-89cfc594988f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Elizabeth Thomson]

Hi Dan,

Thanks for your reply.

I found the line in the code that throws the error and it seems that in fact, permissions are not being set.

The code tries to set permissions as 0644, but actual permissions on the file are 0775.

I suspect this is an SELinux problem so I will ask our central IT team.

Many thanks!

To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.