Serving static content with Yunohost, and potential security issues

Hi!

I’m trying to configure nginx so that, when connecting to https://aaabbb.nohost.me/sharedfolder, the user sees a classic “Index of” page with the files contained in /var/www/html/sharedfolder.

Unfortunately, I’m completely new to nginx, and more generally to server administration. I’m trying to follow the nginx docs, but clearly I’m doing something wrong and I cant’ understand what.

I tried creating a sharedfolder.conf file within /etc/nginx/conf.d/default.d with this content:

location /sharedfolder/ {
try_files $uri $uri/ =404;
alias /var/www/html/sharedfolder/;
}

This file should be included in the server directive of /etc/nginx/conf.d/yunohost_admin.conf, which itself is included in the http directive of /etc/nginx/nginx.conf.

To avoid permission troubles, I set permissions for the shared folder to 777.

The problem is that, when I try connecting to https://aaabbb.nohost.me/sharedfolder, I still get sent back to the Yunohost authentication panel.

Apart from making this work, I also have another, more important question. Are there security issues in setting up public folders like this? I realize of course that the content of the folder would be public, since that’s my goal, but I’m wondering if this exposes the server to other vulnerabilities.

Thank you very much for any input on the matter!

Let me not directly answer your question. We have an app for that, My Webapp, check it out.

PSA: never do that.

The app I mentioned above will allow you to give seamless access to visitors via the permissions panel.

1 Like

Thank you very much for the quick reply!

I’m assuming that My Webapp (which I can’t find in the application list) is the same as Custom Webapp. I just tried it and it does exactly what I need.

Thank you for the PSA about permissions, as well. I guess I’m exactly the kind of user for which “auto-configurating” applications are important :D.

Custom Webapp is deprecated. You should use my_webapp_ynh instead

1 Like

It’s alright, my_webapp_ynh is named Custom Webapp in the manifest and thus in the catalog. :wink:

Sorry, my confusion once again: that’s exactly the app I installed, but I was identifying it based on the name that appears on the administration panel (instead of the package name). I didn’t realise that there used to be an application properly named “custom webapp”.
Fortunately, no need to change anything! Apart from that folder that I set with 777 permissions, ugh!
Thanks again!

Screenshot_20211230_184141

1 Like

Annnd I realise that I was confusing Custom_Webapp/my_webapp with multi_webapp_ynh :sweat_smile:

1 Like

There’s way too many apps on this thing :smiley:

305? Needs. Moar. Appz.

1 Like

What about using the h5ai app made specifically for this usecase ? :stuck_out_tongue:

2 Likes

It looks amazing, I just tried the developer’s demo. I will definitely use this for its compressed download feature.

Thank you so much! So many helpful people!

3 Likes