1

I think this is very popular question, however I can't find information I interested in, hope you help me. I new to server administration things, so don't throw stones at me:) I install nginx to my debian virtual server, and already install php, mysql and all I was need to. But when I start use my php scripts I found that I can't upload files through html form.

I made some test page and I see that, after form was submitted I can see the $_FILES['tmp_name'], but PHP function move_uploaded_file doesn't work. It doesn't moved the file.

So that's why I start googling and find lot of info about nginx_upload module and so on. Is it posible to config nginx to upload a file, or I must install nginx_upload module to do so?

What I must to do for allow upload files to my nginx server. Thank you.

Dima Deplov
  • 113
  • 1
  • 5
  • 1
    This likely has more to do with permissions on the directory you're trying to move the files to. – ceejayoz Feb 12 '13 at 19:29
  • @ceejayoz where can i find where that temp directory is located? In php.ini or somewhere else? – Dima Deplov Feb 12 '13 at 19:32
  • It's not the temporary directory, it's your final destination that matters, which is up to you. – ceejayoz Feb 12 '13 at 19:40
  • What's the return value of [`move_uploaded_file()`](http://www.php.net/manual/en/function.move-uploaded-file.php)? Is there a warning printed in the PHP or webserver logs? Does [`$_FILES['fieldname']['errors']`](http://www.php.net/manual/en/features.file-upload.errors.php) contain anything? – mgorven Feb 12 '13 at 21:03
  • @mgorven the return value of move_uploaded_file is false I think (in my code this function is in if state, so i think it false because the else block is executed). $_FILES['fieldname']['errors'] after file loads, contain 0 – Dima Deplov Feb 12 '13 at 22:53

2 Answers2

2

Since $_FILES['fieldname']['errors'] contains 0 (which is UPLOAD_ERR_OK), the actual upload has succeeded. What's failing is the attempt to move the temporary file to the location you specified, which is why move_uploaded_file() is returning false. You're doing something like this:

move_uploaded_file($_FILES['fieldname']['tmp_name'], '/srv/www/uploads')

The most likely problem is that PHP doesn't have write permission to the directory you specified as the second parameter. Find out what user PHP is running as (probably something like www-data), and make sure that that user has write permission:

chown -R www-data /srv/www/uploads
chmod -R u=rwX,g=rwX,o=rX /srv/www/uploads
mgorven
  • 30,615
  • 7
  • 79
  • 122
  • Am I get it write: If i make new folder that will allow to save files from form, I need to use this directive (chown and chmod) from command line? – Dima Deplov Feb 12 '13 at 23:39
  • @flinth Yes, those are example CLI commands. – mgorven Feb 12 '13 at 23:56
  • Okay, I got that, thanks for your replays. I have another question about permissions. When php script running from the web, it runs from user www-data? next, I give permission for user www-data that member of group www-data to write to folder where uploaded files will be stored, and that why we don't give right to 'others' write to a file, am I got it write? Thanks. – Dima Deplov Feb 13 '13 at 11:28
  • anyway, you answer is work for me, explanation on the question above is desirable :) Thanks. – Dima Deplov Feb 13 '13 at 16:15
  • You saved us! Thank you! – Kamran Gasimov Aug 12 '22 at 22:30
0

There are special modules required to handle progress bars, and such, through nginx. There is nothing special required if the progressive update feature is not required.

You will most likely need to create a dedicated upload directory with different permissions. chmod 1770 /path/to/upload_dir will do in most circumstances.

Official documentation will likely shy away from recommending one way over the other because of the rather serious security implications of allowing uploads to the same server that PHP is reading files from to execute. If they recommend one way, and it turns out to be vulnerable, they may feel liable.

Once you have it working, please test and verify that you can't upload a .php file and then call it through a simple URL.

Dan Garthwaite
  • 2,962
  • 1
  • 19
  • 31
  • where I can set that "upload directory" in nginx? In nginx config file? Or in php.ini I'm really float with it. I found client_body_temp_path directive is it what i'm looking for? thank you for your answer. – Dima Deplov Feb 12 '13 at 20:14
  • 1
    Mode `777` is almost never appropriate. – mgorven Feb 12 '13 at 20:58
  • But I do agree you don't need the upload module if you don't intend to have progress bar feedback on the uploading – Yogi Feb 13 '13 at 00:38
  • @mgorven Edited answer to remove 777, but retain simplicity of relying on directory sticky bit. – Dan Garthwaite Sep 10 '13 at 15:29