问题
I'm running into an issue using xsendfile with my Rails 3 app.
I'm using capistrano to manage deployments and in each release, there is a symbolic link to the shared/assets dir (e.g. /var/www/site/releases/1234/assets => /var/www/site/shared/assets). The problem is that that XSendFile doesn't seem to follow the symbolic links. In my apache logs, I'm seeing the following error:
The given path was above the root path: xsendfile: unable to find file: /var/www/site/releases/20110406205607/assets/pdfs/2/original/test.pdf
I have the XSendFilePath config set as
XSendFilePath /var/www/site/shared/assets
If I switch the config to:
XSendFilePath /var/www/site/releases
Then everything works fine. So I have a couple of questions:
1) Is there a way to make the XSendFilePath follow the symbolic link?
2) Is there a security risk with setting the XSendFilePath to my releases dir? In other words, do I open up access to all of that dir?
回答1:
Are you creating the link using an after "deploy:finalize_update" task similar to this:
task :storage_link, :except => { :no_release => true } do
run "ln -nFs #{deploy_to}/shared/assets #{latest_release}/assets"
end
This makes XSendFilePath see the link as /var/www/site/current/assets which puts it inside of the root path.
Also make sure the user running your app owns and has write permissions on /var/www/site/shared/assets.
来源:https://stackoverflow.com/questions/5573853/mod-xsendfile-with-symbolic-links