I attempting to setup a Nginx server up with a Gunicorn WSGI server running Django behind..
The setup all seems to runs except i have a permissions issue. I have setup aliases to /media and a /static directory for serving up static content however a 403 error is generated unless the files are owned by the nginx user.
Files uploaded by the Gunicorn user will obviously be owned by that specific user which will cause a problem. I could add the nginx user to the gunicorn user group however i do not want to give nginx blanket permissions to these files.
What is the suggested method for uploading or generating files via Gunicorn/Wsgi/Django but allow nginx to serve them without adding a security issue.
Thanks in advance,
Best Answer
Blanket permissions to these files are not required. Nginx needs just a read permission. My nginx user account is
www-data
, gunicorn runs withwww_flask
privileges. Nginx serves all files uploaded from flask without problems.File permissions
ls -lRr /webroot
nginx config
Flask upload example from tutorial
/home/www_flask/evironments/flask/myapp/myapp.py