1

I think this is very popular question, however I can't find information I interested in, hope you help me. I new to server administration things, so don't throw stones at me:) I install nginx to my debian virtual server, and already install php, mysql and all I was need to. But when I start use my php scripts I found that I can't upload files through html form.

I made some test page and I see that, after form was submitted I can see the $_FILES['tmp_name'], but PHP function move_uploaded_file doesn't work. It doesn't moved the file.

So that's why I start googling and find lot of info about nginx_upload module and so on. Is it posible to config nginx to upload a file, or I must install nginx_upload module to do so?

What I must to do for allow upload files to my nginx server. Thank you.

Improve this question
5
  • 1
    This likely has more to do with permissions on the directory you're trying to move the files to. Commented Feb 12, 2013 at 19:29
  • @ceejayoz where can i find where that temp directory is located? In php.ini or somewhere else? Commented Feb 12, 2013 at 19:32
  • It's not the temporary directory, it's your final destination that matters, which is up to you. Commented Feb 12, 2013 at 19:40
  • What's the return value of move_uploaded_file()? Is there a warning printed in the PHP or webserver logs? Does $_FILES['fieldname']['errors'] contain anything? Commented Feb 12, 2013 at 21:03
  • @mgorven the return value of move_uploaded_file is false I think (in my code this function is in if state, so i think it false because the else block is executed). $_FILES['fieldname']['errors'] after file loads, contain 0 Commented Feb 12, 2013 at 22:53

2 Answers 2

Reset to default
2

Since $_FILES['fieldname']['errors'] contains 0 (which is UPLOAD_ERR_OK), the actual upload has succeeded. What's failing is the attempt to move the temporary file to the location you specified, which is why move_uploaded_file() is returning false. You're doing something like this:

move_uploaded_file($_FILES['fieldname']['tmp_name'], '/srv/www/uploads')

The most likely problem is that PHP doesn't have write permission to the directory you specified as the second parameter. Find out what user PHP is running as (probably something like www-data), and make sure that that user has write permission:

chown -R www-data /srv/www/uploads chmod -R u=rwX,g=rwX,o=rX /srv/www/uploads
Improve this answer
4
  • Am I get it write: If i make new folder that will allow to save files from form, I need to use this directive (chown and chmod) from command line? Commented Feb 12, 2013 at 23:39
  • @flinth Yes, those are example CLI commands. Commented Feb 12, 2013 at 23:56
  • Okay, I got that, thanks for your replays. I have another question about permissions. When php script running from the web, it runs from user www-data? next, I give permission for user www-data that member of group www-data to write to folder where uploaded files will be stored, and that why we don't give right to 'others' write to a file, am I got it write? Thanks. Commented Feb 13, 2013 at 11:28
  • anyway, you answer is work for me, explanation on the question above is desirable :) Thanks. Commented Feb 13, 2013 at 16:15
0

There are special modules required to handle progress bars, and such, through nginx. There is nothing special required if the progressive update feature is not required.

You will most likely need to create a dedicated upload directory with different permissions. chmod 1770 /path/to/upload_dir will do in most circumstances.

Official documentation will likely shy away from recommending one way over the other because of the rather serious security implications of allowing uploads to the same server that PHP is reading files from to execute. If they recommend one way, and it turns out to be vulnerable, they may feel liable.

Once you have it working, please test and verify that you can't upload a .php file and then call it through a simple URL.

Improve this answer
4
  • where I can set that "upload directory" in nginx? In nginx config file? Or in php.ini I'm really float with it. I found client_body_temp_path directive is it what i'm looking for? thank you for your answer. Commented Feb 12, 2013 at 20:14
  • 1
    Mode 777 is almost never appropriate. Commented Feb 12, 2013 at 20:58
  • But I do agree you don't need the upload module if you don't intend to have progress bar feedback on the uploading Commented Feb 13, 2013 at 0:38
  • @mgorven Edited answer to remove 777, but retain simplicity of relying on directory sticky bit. Commented Sep 10, 2013 at 15:29

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.