nginx ignores view permissions when serving media files from django

问题

I have the following setup:

nginx.conf

# the upstream component nginx needs to connect to
upstream django {
    server unix:///tmp/project.sock; # for a file socket
    # server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}

# configuration of the server
server {
    # the port your site will be served on
    listen      8000;
    # the domain name it will serve for
    server_name .example.com; # substitute your machine's IP address or FQDN
    charset     utf-8;

    # max upload size
    client_max_body_size 75M;   # adjust to taste

    # Django media
    location /media  {
        internal;
        root /Users/halsdunes/Desktop/project/backend;  # your Django project's media files - amend as required
    }

    location /static {
        root /Users/halsdunes/Desktop/project/backend; # your Django project's static files - amend as required
    }

    # Finally, send all non-media requests to the Django server.
    location / {
        uwsgi_pass  django;
        include     /Users/halsdunes/Desktop/project/backend/backend/uwsgi_params; # the uwsgi_params file you installed
    }
}

directmessages/urls.py

from django.conf.urls import url
from directmessages.views import message_image_serve

urlpatterns = [
    url(r'^message_images/user_(?P<user1_id>\d+)/user_(?P<user2_id>\d+)/(?P<uuid>[0-9a-f-]+).jpg$', message_image_serve, name='message_image_service'),
]

with the root url.py like this:

url(r'^media/', include('directmessages.urls')),

directmessages/views.py

@api_view(['GET'])
@permission_classes((IsAuthenticated,))
def message_image_serve(request, user1_id, user2_id, uuid):

    user_id = request.user.id

    if not user_id in (int(user1_id), int(user2_id)):
        raise Http404

    path = 'message_images/user_%s/user_%s/%s.jpg' % (user1_id, user2_id, uuid)

    response = serve(request, path, document_root=settings.MEDIA_ROOT)
    response['X-Accel-Redirect'] = safe_join(settings.MEDIA_ROOT, path)

    return response

My assumption is that because of the configuration, nginx is bypassing the Django view entirely and serving up the image. However, this isn't quite what I want. In reality, I'd rather if it:

• Checked the django view to make sure that the permissions are correct
• Have nginx serve the actual image file if the validation passes

How can I make this happen?

回答1:

You need to give that view a different URL, which is not captured by nginx's media serving. Django will then respond with the X-Accel-Redirect header which will cause nginx to serve the file in the response.

来源：https://stackoverflow.com/questions/45774811/nginx-ignores-view-permissions-when-serving-media-files-from-django