403 Error When Access Files In WP-Content Folder

EgorRevenga

Hi! I'm using WordOps 3.10.2 on my VDS. WordPress site with subdomain and LE cert. Everything works fine except file download functionality. I have some archives for users of our site located in /wp-content/uploads/year/month but links doesn't work as well, I see 403 error screen. Check it out for example: https://samesound.ru/wp-content/uploads/2018/06/Frequency_chart_SAMESOUNDRU-hires-1-0-19.zip

How can I fix this problem?

VirtuBox

Hello EgorRevenga,
to harden site security, WordOps deny access to all archives extensions by default in /etc/nginx/common/wpcommon-php72.conf with PHP 7.2 or /etc/nginx/common/wpcommon-php73.conf with PHP 7.3.

You can edit this file and remove zip extension from the block

    location ~* \.(php|gz|log|zip|tar|rar|xz)$ {
        #Prevent Direct Access Of PHP Files & BackupsFrom Web Browsers
        deny all;
    }

To make sure this file will not be overwritted by wo stack upgrade, just create an empty file with

# for PHP 7.2
touch /etc/nginx/common/wpcommon-php72.conf.custom

# for PHP 7.3
touch  /etc/nginx/common/wpcommon-php73.conf.custom

EgorRevenga

VirtuBox after edit wpcommon-php.conf file what should I do? restart nginx or update site?
Thanks for your help.

EgorRevenga

nsgoyat VirtuBox can you help me with my wpcommon-php72 and php73 file. Recently I've installed site with "wo site install site.ru --php73" but my site working with wpcommon-php72.conf. Is it correct?

nsgoyat

EgorRevenga Restarting the nginx is required. No site update.

EgorRevenga

nsgoyat just edit wpcommon-php73.conf and do "service nginx restart" but nothing changes - 403

nsgoyat

Can you send the vhost file for your website i.e the lines included in /etc/nginx/example.com.conf

EgorRevenga

nsgoyat don't see file /etc/nginx/mydomain.com.conf, only nginx.conf (see attachment)

EgorRevenga

nsgoyat oh I see the difference
my site working with wpcommon-php72 but I was installed my site with --php73 (it's strange).
After edit wpcommon-php72 and restart nginx everything works well

VirtuBox

Hello EgorRevenga,
Let me perform some tests to see if I can reproduce this issue.

nsgoyat

EgorRevenga In the meantime, you an simply run wo site update command to make sure your site is running PHP 7.3

EgorRevenga

nsgoyat

2019-11-14 15:54:35,141 (INFO) wo : Initializing WordOps Database
2019-11-14 15:54:38,555 (DEBUG) wo : [95mSetting apt_packages variable for Nginx[0m
2019-11-14 15:54:39,695 (DEBUG) wo : [95mFinding string SCRIPT_FILENAME to file /etc/nginx/fastcgi_params[0m
2019-11-14 15:54:39,696 (DEBUG) wo : [95m'Namespace' object has no attribute 'web'[0m
2019-11-14 15:54:39,697 (INFO) wo : [94mRunning pre-update checks[0m
2019-11-14 15:54:39,697 (DEBUG) wo : [95mchecking NGINX configuration ...[0m
2019-11-14 15:54:39,723 (INFO) wo : [92mRunning pre-update checks[0m
2019-11-14 15:54:39,723 (DEBUG) wo : [95m'webroot'[0m
2019-11-14 15:54:39,723 (INFO) wo : [94m[91mCheck the log for details: tail /var/log/wo/wordops.log and please try again[0m

nsgoyat

EgorRevenga Exactly what command did you use when you got this output?
I meant wo site update example.com --php73

EgorRevenga

nsgoyat after "wo site update mysite.com --php73" I see "php7.3 is already enabled for given site"

EgorRevenga

nsgoyat wordpress tells me about php version PHP 7.2.24-1+ubuntu18.04.1+deb.sury.org+1

nsgoyat

EgorRevenga edit /etc/nginx/sites-available/example.com.conf
Search for php72 and replace it with php73

Restart nginx.

VirtuBox

EgorRevenga please try wo site update site.tld --php73=off then wo site update site.tld --php73

EgorRevenga

VirtuBox thanks it works! my problems solved

EgorRevenga

VirtuBox after update to php-74 my downloads not working again. Just remove zip and rar extensions from wpcommon-php74.conf and restart nginx but nothing changes.
I see some changes in locations-wo.conf. How can I changes locations-wo to keep everything working after update wordops?

tyrro

EgorRevenga According to FAQ page: https://wordops.net/f-a-q/

To disable configuration update on a file, you just have to create an empty file with the same name and the extension .custom

For example, if you want to customize the file /etc/nginx/conf.d/fastcgi.conf, you just have to create an empty file /etc/nginx/conf.d/fastcgi.conf.custom. This can be done with the command :

touch /etc/nginx/conf.d/fastcgi.conf.custom

If WordOps detect a .custom file, it will create another file with the .orig extension. This way, you will be able to update manually your custom configurations.