1

In all the tutorials one may come across for setting up X-Accel-Redirect for nginx, there is always a bit about indicating a certain location is private, like so:

location /protected/ {
  internal;
  root   /some/path;
}

The files I'm sending to my users are in RAILS_ROOT/private_uploads. This is not inside the public folder, meaning that there are no URLs that point to directly to the files in this folder.

So am I correct in assuming I can ignore that bit of nginx config for my setup? If not, what config would I need?

I'm using Passenger, btw, and my config is really basic:

server {
  listen 80;
  server_name mydomain.com;
  root RAILS_ROOT/public;
  passenger_enabled on;
}
tybro0103
  • 48,327
  • 33
  • 144
  • 170
  • When you say "I can ignore that bit of nginx config for my setup", what do you mean? – Teemu Leisti Jun 22 '14 at 18:34
  • That it's not necessary for my Rails setup. – tybro0103 Jun 22 '14 at 19:32
  • Well, if you want to accelerate the downloads of your private files in your `private_uploads` directory, it certainly is necessary. The fact that no URLs point directly to it (nor should they) is beside the point. – Teemu Leisti Jun 22 '14 at 19:38
  • Hmmm, well that's what I'm trying to figure out, but I'm not so sure. My app is still setting the X-Accel-Redirect header when it does a send_file, and I've verified nginx is handling the download. It appears to me marking a location as "internal" is for security purposes, is it not? But since all incoming paths go through Rails and are authenticated there, it seems to me like I don't need to do that... does this make any sense? – tybro0103 Jun 22 '14 at 20:44

0 Answers0