Using Carrierwave and Capistrano with Rails

Question

I'm having trouble getting carrierwave and capistrano to play nice with each other.

To start, I'm using this method to use both a public directory, and a private controller-handled directory for downloads. Tl;dr, carrierwave's root is actually Rails.root, and not public. However, I got around this for urls (since Rails does not use public literally in the url) by defining a base class that sets the public root, for all non-private files.

Anyways, I finally started to try and push code to production. All went well! My uploads showed just fine. However, when I pushed another deploy, I lost all of my images in the public directory.

This is a well documented case for capistrano - it only involves setting :linked_dirs. In my case, I used the following line.

set :linked_dirs,  %w{public/assets public/uploads downloads}

Where public/assets were my general css/js files, public/uploads were my multimedia files, and downloads were my protected files.

Unfortunately, this did not solve my problem. For whatever reason, all images are getting a 404 despite showing to be listed in the correct path.

Weirder still, the protected downloads folder works just fine! Perhaps this has something to do with setting the root in Carrierwave? At this point I'm tempted to just pick up paperclip for my public files, and carrierwave for private ones.

I've been at this for a good 7 hours and I still can't figure out what to do.

my deploy.rb file

my problematic image uploader file

my working product file uploader file

my nginx.conf file

Answer 1

Looking at the other question & answer you posted, you've set restrictive permissions on the CarrierWave upload directory and files:

# Broken permissions
CarrierWave.configure do |config|
  config.permissions = 0600
  config.directory_permissions = 0700
  config.storage = :file
end

0600 and 0700 permissions only grant access to the user that owns the file or directory. This is because both the third & fourth bits, "group" and "everyone", are set to 0.

nginx, Puma, and Capistrano probably aren't all running under the same user, which means these user-only permissions block nginx from reading the files (causing 403 errors after upload) and block Capistrano from linking the public/uploads directory (causing 404 errors after new deploys).

Instead, use more open permissions, such as what's listed on the CarrierWave README:

# Fixed permissions
CarrierWave.configure do |config|
  config.permissions = 0666
  config.directory_permissions = 0777
  config.storage = :file
end