Serving protected files with Django and Nginx X-accel-redirect -

i'm trying nginx , django play serve downloadable protected files. cannot work. here's nginx config:

location ~ ^.*/protected-test/ { alias /<path-to-my-protected-files-on-server>/; internal; } 

the relevant urls.py viewing file(s):

url(r'^static_files/downloads/protected-test/(?p<filename>.+)$', 'download_or_view', {'download_dir': '%s%s' % (settings.media_root, 'downloads/protected-test/'), 'content_disposition_type': 'inline', 'protected': 'true'}, name='protected_files') 

my view:

def download_or_view(request, content_disposition_type, download_dir, filename=none, protected=false):  '''allow file downloaded or viewed,based on request type ,      content disposition value.'''  if request.method == 'post':     full_path = '%s%s' % (download_dir, request.post['filename'])     short_filename = str(request.post['filename']) else:     full_path = '%s%s' % (download_dir, filename)     short_filename = str(filename)  serverfile = open(full_path, 'rb') contenttype, encoding = mimetypes.guess_type(short_filename) response = httpresponse(serverfile, mimetype=contenttype)  if protected:     url = _convert_file_to_url(full_path)     response['x-accel-redirect'] = url.encode('utf-8')  response['content-disposition'] = '%s; filename="%s"' % (content_disposition_type, smart_str(short_filename)) response['content-length'] = os.stat(full_path).st_size  return response 

i have 2 values in settings file:

nginx_root = (os.path.join(media_root, 'downloads/protected-test')) nginx_url = '/protected-test' 

_convert_file_to_url() takes full file path and, using 2 settings values above, turns url (i thought) nginx allow:

<domain-name>/protected-test/<filename> 

so, if try access:

<domain-name>/static_files/downloads/protected-test/<filename> 

in browser window, doesn't allow (404). good.

but - if try access url form download, want allow, redirect in browser to:

<domain-name>/protected-test/<filename> 

and it's 404 well.

i've tried many different configurations brain hurts. :-)

should not reading file open(), , let nginx serve it? if remove line, returns file dreaded 0 bytes. why still 404 on redirected url??

should not reading file open(),

that's correct. script shouldn't opening file. tell nginx file exists , let open file , serve it.

i believe want return empty response after setting appropriate headers

return httpresponse('', mimetype=contenttype) 

in php setup nginx accel redirect doing:

//set content type , caching headers //... header("x-accel-redirect: ".$filenametoproxy); exit(0); 

i.e. exiting after setting header.

for continuing 404 problem, you've got error in nginx conf, need post rest sure. external url appears like:

static_files/downloads/protected-test/(?p<filename>.+)$ 

this matched on:

location ~ ^.*/protected-test/ {     alias /<path-to-my-protected-files-on-server>/;     internal; } 

giving 404.

there no need (and it's quite confusing) have same word protected-test in both external url , internal url. i'd recommend not doing i.e. have external url like:

/static_files/downloads/(?p<filename>.+)$ 

then have internal location block be:

location ~ ^/protected-test {     alias /<path-to-my-protected-files-on-server>;     internal; } 

and when setup x-accel-redirect header, swap between two:

external_path = "/static_files/downloads"; nginx_path = "/protected-test"; filenametoproxy = str_replace(external_path, nginx_path, full_path); header("x-accel-redirect: ".$filenametoproxy); 

rather having word protected-test on both sides of request.