Get the most out of your Centmin Mod LEMP stack
Become a Member

Xenforo XF 2.2.2, cannot install style

Discussion in 'Forum software usage' started by duderuud, Dec 16, 2020.

  1. duderuud

    duderuud Active Member

    176
    60
    28
    Dec 5, 2020
    The Netherlands
    Ratings:
    +132
    Local Time:
    6:59 PM
    1.25 x
    10.6
    I'm having trouble installing a theme on my new Centminmod install.

    In the GUI the import of the zip looks fine but there are no directories created in the /data/styles folder.
    Looks like a permission problem but I cannot find out what exactly.

    All the permissions should be ok (nginx:nginx is the owner of everything and all the files and folders have the permissions from here )

    Does anyone know what to look for? Or how I can debug this?

     
  2. eva2000

    eva2000 Administrator Staff Member

    50,928
    11,808
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,267
    Local Time:
    3:59 AM
    Nginx 1.25.x
    MariaDB 10.x
    First backup your existing permissions for everything under /public with command below where yourdomain.com is your domain name
    Code (Text):
    getfacl -R -L --absolute-names /home/nginx/domains/yourdomain.com/public > /home/nginx/domains/yourdomain.com/backup/backup-permissions-$(date +"%d%m%y-%H%M%S").acl
    

    if you need to restore this backed up permissions use
    Code (Text):
    setfacl --restore=backup-/home/nginx/domains/yourdomain.com/backup/backup-permissions-XXXXXX-XXXXXX.acl
    

    where XXXXXX-XXXXXX is the day-month-year-hr-min-sec timestamp from the above backup command

    Then chown user and group permissions recursively for all directories and files below /public would take care of ownership of files
    Code (Text):
    chown -R nginx:nginx /home/nginx/domains/yourdomain.com/public
    

    That should take care of the user/group permissions but you still need properly permissions for directory and files

    check permissions for your /home/nginx/domains/yourdomain.com/public/data/styles directory
    Code (Text):
    getfacl -L --absolute-names /home/nginx/domains/yourdomain.com/public/data/styles
    

    and for your /home/nginx/domains/yourdomain.com/public/data directory
    Code (Text):
    getfacl -L --absolute-names /home/nginx/domains/yourdomain.com/public/data
    
     
  3. duderuud

    duderuud Active Member

    176
    60
    28
    Dec 5, 2020
    The Netherlands
    Ratings:
    +132
    Local Time:
    6:59 PM
    1.25 x
    10.6
    # file: /home/nginx/domains/xxxx/public/data/styles
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::rwx
    other::rwx

    # file: /home/nginx/domains/xxxx/public/data
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::rwx
    other::rwx
     
  4. duderuud

    duderuud Active Member

    176
    60
    28
    Dec 5, 2020
    The Netherlands
    Ratings:
    +132
    Local Time:
    6:59 PM
    1.25 x
    10.6
    Rebuilt the VPS yesterday and started again. For some reason all was working again.
    Today I visited the test website and the same problem as before resurfaced, images are not being shown.

    I think the autoprotect.sh has something to do with it.

    The newest version of XF uses the /data/styles directory for storing style files.

    Autoprotect has some code like this:
    Code:
    "
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'library' )" && -d "$(echo "$(dirname $PROTECTDIR)/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'internal_data' )" && -d "$(echo "$(dirname $PROTECTDIR)/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'install\/templates' )" && -d "$(echo "$(dirname $(dirname $PROTECTDIR))/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'install\/data' )" && -d "$(echo "$(dirname $(dirname $PROTECTDIR))/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'src' )" && -d "$(echo "$(dirname $PROTECTDIR)/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'wp-content\/uploads' )" && -d "$(echo "$(dirname $(dirname $PROTECTDIR))/wp-content/uploads")" && -f "/usr/loc$
    echo -e "# centmin.sh menu option 22 installed WP bypass $PROTECTDIR\n"
    
    
    Maybe autoprotect needs to be updated to reflect the latest version of XF? (For example, the library folder is unused in XF 2)
     
    Last edited: Dec 17, 2020
  5. eva2000

    eva2000 Administrator Staff Member

    50,928
    11,808
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,267
    Local Time:
    3:59 AM
    Nginx 1.25.x
    MariaDB 10.x
    what is full contents of your autoprotect include file /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf where domain.com is your domain.com name? Post contents in CODE bbcode tags.

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  6. duderuud

    duderuud Active Member

    176
    60
    28
    Dec 5, 2020
    The Netherlands
    Ratings:
    +132
    Local Time:
    6:59 PM
    1.25 x
    10.6
    Code (Text):
    # Xenforo bypass /home/nginx/domains/domain/public/library
    
    # Xenforo bypass /home/nginx/domains/domain/public/src
    


    Yes, it does:
    Code (Text):
     include /usr/local/nginx/conf/autoprotect/domain/autoprotect-domain.conf;
    


    Looks like autoprotect doesn't kick in...?
     
  7. duderuud

    duderuud Active Member

    176
    60
    28
    Dec 5, 2020
    The Netherlands
    Ratings:
    +132
    Local Time:
    6:59 PM
    1.25 x
    10.6
    I think I know what the problem is. Cloudflare. When I disable the proxy images load without any problem.

    Next question is...why? Never had any issues with Cloudflare before. Must have something to do with Cloudflare's caching or rocket loader (which i enabled a few weeks ago).

    [Edit]
    It's two seperate problems. Displaying images is a Cloudflare issue but I still have problems installing a theme.

    Removing works, the subdirectory in /data/styles(<id>) is being removed. But installing it again doesn't, the files are not written to the /data/styles folder.

    Frustrating :(
     
    Last edited: Dec 17, 2020
  8. duderuud

    duderuud Active Member

    176
    60
    28
    Dec 5, 2020
    The Netherlands
    Ratings:
    +132
    Local Time:
    6:59 PM
    1.25 x
    10.6
    Still running tests and it seems symlinks have something to do with it.

    My /data and /internal_data folder are symlinks to a share that is mounted.
    Maybe you need some special permissions for symlinks?

    Edit: Confirmed. A default install works fine, an install with symlinks to /data and /internal_data doesn't work. Strange, this works without problems on Ubuntu 20.04
     
    Last edited: Dec 18, 2020
  9. MaximilianKohler

    MaximilianKohler Member

    106
    1
    18
    Jun 23, 2023
    Ratings:
    +11
    Local Time:
    9:59 AM
    I was having the same issue and the permissions commands fixed it for me. Thank you eva!!

    I was trying to import styles and was getting this error:
    Code:
    ErrorException: [E_WARNING] mkdir(): Permission denied in src/XF/Util/File.php at line 309
    
        XF::handlePhpError()
        mkdir() in src/XF/Util/File.php at line 309
        XF\Util\File::createDirectory() in src/XF/Util/File.php at line 331
        XF\Util\File::writeFile() in src/XF/DesignerOutput.php at line 424
        XF\DesignerOutput->writeSpecialFile() in src/XF/DesignerOutput/StyleProperty.php at line 97
        XF\DesignerOutput\StyleProperty->rebuildPropertyLessCache() in src/XF/DesignerOutput/StyleProperty.php at line 86
        XF\DesignerOutput\StyleProperty->XF\DesignerOutput\{closure}() in src/XF.php at line 377
        XF::triggerRunOnce() in src/XF/Mvc/Dispatcher.php at line 158
        XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
        XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2487
        XF\App->run() in src/XF.php at line 524
        XF::runApp() in admin.php at line 13
    They were being imported and activated but the
    folder is empty.
    does not exist.

    My
    file contains:
    Code:
    # Xenforo bypass /home/nginx/domains/forum.mysite.com/public/src
    # Xenforo bypass /home/nginx/domains/forum.mysite.com/public/internal_data
    # Xenforo bypass /home/nginx/domains/forum.mysite.com/public/library
    My
    file does contain