🌍
English
Pages: 1
Hello/Hi/Greetings,
I am using Piwigo 11.
I have a problem like this.
On Admin panel -> Batch Manager -> Edit Photo (pencil)
When i change url protection none to images -> "$conf['original_url_protection'] = 'images';" -> include/config_default.inc.php
Pic 1
https://prnt.sc/xa0zt0
Pic 2
https://prnt.sc/xa1adn
The picture is not display.
If I don't make any changes on url protection, the image is displaying in "Edit Photo" page. But this time, anyone who is not logged in to the site can open image links.
Has anyone experienced and solved this before?
include/config_default.inc.php Changes
$conf['question_mark_in_urls'] = false; $conf['php_extension_in_urls'] = false; $conf['category_url_style'] = 'id-name'; $conf['picture_url_style'] = 'id-file'; $conf['original_url_protection'] = 'images'; $conf['derivative_url_style'] = 2;
nginx Config
upstream cbs {
server unix:/var/run/php/cbs.sock;
}
server {
if ($host = www.default.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.default.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name www.default.com
return 404; # managed by Certbot
}
server {
listen 443 ssl http2; # managed by Certbot;
listen [::]:443 ssl http2;
server_name www.default.com
# Path to the root of your installation
root /var/www/vhosts/default.com/;
#index index.php;
error_log /var/log/nginx/default.com/error.log error;
access_log /var/log/nginx/default.com/access.log;
#ssl on;
ssl_certificate /etc/letsencrypt/live/default.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/default.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/default.com/chain.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 1440m;
ssl_buffer_size 8k;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
#ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:>
#ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
# Add headers to serve security related headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;';
add_header Referrer-Policy no-referrer always;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json ap>
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
# for piwigo-openstreetmap
rewrite ^/osmmap((/|$).*)$ /osmmap.php$1 last;
}
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
try_files $script_name = 404;
include fastcgi_params;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME /var/www/vhosts/default.com$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_pass cbs;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/.well-known/acme-challenge/* {
allow all;
}
location ~ ^/favicon.ico$ {
log_not_found off;
access_log off;
expires max;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# piwigo distribution files
location ~ ^/(README|doc)$ {
deny all;
}
# prevent direct acces to uploaded images, derivates and logs
location ~ ^/(_data/(i|logs)|upload)/ {
deny all;
}
# prevent any hotlinks and direct access to alias URIs (/i/upload/...)
# which are not from Piwigo itself (happens when exporting from lightroom via ws.php)
set $check_referal "";
# very restrictive
valid_referers *.domain.tld;
# if you want google etc to be able to show your images:
#valid_referers ~google\.com ~bing\.com *.domain.tld
if ($invalid_referer) {
set $check_referal "invalid";
}
if ($http_user_agent !~ "Piwigo") {
set $check_referal "${check_referal}+not_piwigo";
}
}Environment
Piwigo 11.0.0 Check for upgrade
Operating system: Linux
PHP: 7.4.3 (Show info) [2021-01-20 02:58:00]
MySQL: 8.0.22-0ubuntu0.20.04.3 [2021-01-20 02:58:00]
Graphics Library: External ImageMagick 6.9.10-23
Piwigo URL: http://
Last edited by denizhosgor (2021-01-20 10:53:34)
Offline
It does not appear because I did not include the admin user in the group who can access the album.
Offline
Pages: 1