Want more timely Centmin Mod News Updates?
Become a Member

Xenforo XF 2.2.2, cannot install style

Discussion in 'Forum software usage' started by duderuud, Dec 16, 2020.

  1. duderuud

    duderuud Member

    39
    10
    8
    Dec 5, 2020
    The Netherlands
    Ratings:
    +23
    Local Time:
    3:40 AM
    Nginx 1.21.4
    MariaDB 10.4
    I'm having trouble installing a theme on my new Centminmod install.

    In the GUI the import of the zip looks fine but there are no directories created in the /data/styles folder.
    Looks like a permission problem but I cannot find out what exactly.


    All the permissions should be ok (nginx:nginx is the owner of everything and all the files and folders have the permissions from here )

    Does anyone know what to look for? Or how I can debug this?
     
  2. eva2000

    eva2000 Administrator Staff Member

    47,490
    10,762
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,730
    Local Time:
    12:40 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    First backup your existing permissions for everything under /public with command below where yourdomain.com is your domain name
    Code (Text):
    getfacl -R -L --absolute-names /home/nginx/domains/yourdomain.com/public > /home/nginx/domains/yourdomain.com/backup/backup-permissions-$(date +"%d%m%y-%H%M%S").acl
    

    if you need to restore this backed up permissions use
    Code (Text):
    setfacl --restore=backup-/home/nginx/domains/yourdomain.com/backup/backup-permissions-XXXXXX-XXXXXX.acl
    

    where XXXXXX-XXXXXX is the day-month-year-hr-min-sec timestamp from the above backup command

    Then chown user and group permissions recursively for all directories and files below /public would take care of ownership of files
    Code (Text):
    chown -R nginx:nginx /home/nginx/domains/yourdomain.com/public
    

    That should take care of the user/group permissions but you still need properly permissions for directory and files

    check permissions for your /home/nginx/domains/yourdomain.com/public/data/styles directory
    Code (Text):
    getfacl -L --absolute-names /home/nginx/domains/yourdomain.com/public/data/styles
    

    and for your /home/nginx/domains/yourdomain.com/public/data directory
    Code (Text):
    getfacl -L --absolute-names /home/nginx/domains/yourdomain.com/public/data
    
     
  3. duderuud

    duderuud Member

    39
    10
    8
    Dec 5, 2020
    The Netherlands
    Ratings:
    +23
    Local Time:
    3:40 AM
    Nginx 1.21.4
    MariaDB 10.4
    # file: /home/nginx/domains/xxxx/public/data/styles
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::rwx
    other::rwx

    # file: /home/nginx/domains/xxxx/public/data
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::rwx
    other::rwx
     
  4. duderuud

    duderuud Member

    39
    10
    8
    Dec 5, 2020
    The Netherlands
    Ratings:
    +23
    Local Time:
    3:40 AM
    Nginx 1.21.4
    MariaDB 10.4
    Rebuilt the VPS yesterday and started again. For some reason all was working again.
    Today I visited the test website and the same problem as before resurfaced, images are not being shown.

    I think the autoprotect.sh has something to do with it.

    The newest version of XF uses the /data/styles directory for storing style files.

    Autoprotect has some code like this:
    Code:
    "
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'library' )" && -d "$(echo "$(dirname $PROTECTDIR)/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'internal_data' )" && -d "$(echo "$(dirname $PROTECTDIR)/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'install\/templates' )" && -d "$(echo "$(dirname $(dirname $PROTECTDIR))/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'install\/data' )" && -d "$(echo "$(dirname $(dirname $PROTECTDIR))/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'src' )" && -d "$(echo "$(dirname $PROTECTDIR)/styles/default/xenforo")" ]]; then
    echo -e "# Xenforo bypass $PROTECTDIR\n"
                elif [[ "$(echo $PROTECTDIR_PATH | grep 'wp-content\/uploads' )" && -d "$(echo "$(dirname $(dirname $PROTECTDIR))/wp-content/uploads")" && -f "/usr/loc$
    echo -e "# centmin.sh menu option 22 installed WP bypass $PROTECTDIR\n"
    
    
    Maybe autoprotect needs to be updated to reflect the latest version of XF? (For example, the library folder is unused in XF 2)
     
    Last edited: Dec 17, 2020
  5. eva2000

    eva2000 Administrator Staff Member

    47,490
    10,762
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,730
    Local Time:
    12:40 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    what is full contents of your autoprotect include file /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf where domain.com is your domain.com name? Post contents in CODE bbcode tags.

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  6. duderuud

    duderuud Member

    39
    10
    8
    Dec 5, 2020
    The Netherlands
    Ratings:
    +23
    Local Time:
    3:40 AM
    Nginx 1.21.4
    MariaDB 10.4
    Code (Text):
    # Xenforo bypass /home/nginx/domains/domain/public/library
    
    # Xenforo bypass /home/nginx/domains/domain/public/src
    


    Yes, it does:
    Code (Text):
     include /usr/local/nginx/conf/autoprotect/domain/autoprotect-domain.conf;
    


    Looks like autoprotect doesn't kick in...?
     
  7. duderuud

    duderuud Member

    39
    10
    8
    Dec 5, 2020
    The Netherlands
    Ratings:
    +23
    Local Time:
    3:40 AM
    Nginx 1.21.4
    MariaDB 10.4
    I think I know what the problem is. Cloudflare. When I disable the proxy images load without any problem.

    Next question is...why? Never had any issues with Cloudflare before. Must have something to do with Cloudflare's caching or rocket loader (which i enabled a few weeks ago).

    [Edit]
    It's two seperate problems. Displaying images is a Cloudflare issue but I still have problems installing a theme.

    Removing works, the subdirectory in /data/styles(<id>) is being removed. But installing it again doesn't, the files are not written to the /data/styles folder.

    Frustrating :(
     
    Last edited: Dec 17, 2020
  8. duderuud

    duderuud Member

    39
    10
    8
    Dec 5, 2020
    The Netherlands
    Ratings:
    +23
    Local Time:
    3:40 AM
    Nginx 1.21.4
    MariaDB 10.4
    Still running tests and it seems symlinks have something to do with it.

    My /data and /internal_data folder are symlinks to a share that is mounted.
    Maybe you need some special permissions for symlinks?

    Edit: Confirmed. A default install works fine, an install with symlinks to /data and /internal_data doesn't work. Strange, this works without problems on Ubuntu 20.04
     
    Last edited: Dec 18, 2020