How to follow symlink in www folder

Howdy Ho!

I’ve learnt that I can use the www folder inside my homeassistant installation to present information out to the world.

Is there a way to allow the http service to follow symbolic links?

When I try to access homeassistantaddress:port/local/file, I get a 404 for symbolic links at this stage.

Not sure if this is the best place for this question.

1 Like

You need to have a web server of some sort running, and in the configuration file you should have something like:

Options +FollowSymLinks

It’s a little vague, but I can be more specific if I knew what websever you are running.

He’s talking about the built-in HASS web server. It automatically serves content from the www directory in your config directory.

Yeah, I was just trying to avoid opening another port on my server.

However, if you think there’s no other way, I’m happy to setup apache on it.

Any luck on this?

No sorry… I ended up just opening a new port for a new apache server.
I noticed that hass is using aiohttp but I didn’t find where I can enable follow symlinks.

I figured out a work-around. I’m not sure what the repercussions are exactly but so far it appears to work.


--- /tmp/static.py      2017-07-05 
+++ homeassistant/components/http/static.py   2017-07-05 
@@ -23,8 +23,8 @@
             # PyLint is wrong about resolve not being a member.
             # pylint: disable=no-member
             filepath = self._directory.joinpath(filename).resolve()
-            if not self._follow_symlinks:
-                filepath.relative_to(self._directory)
+            #if not self._follow_symlinks:
+            #    filepath.relative_to(self._directory)
         except (ValueError, FileNotFoundError) as error:
             # relatively safe
             raise HTTPNotFound() from error

2 Likes

I’ve tested and this working. The problem is this will be erased when upgrading HA :confused:

you can use python to serve file with a very little memory footprint (5MB)
launch this command in the directory you want to serve:

python -m SimpleHTTPServer 8000

https://docs.python.org/2/library/simplehttpserver.html

The following also works and may be more robust against changes in the underlying aiohttp library, because even that library is now instructed to follow symlinks

+++ ~/.local/lib/python3.8/site-packages/homeassistant/components/http/static.py
@@ -25,6 +25,7 @@ class CachingStaticResource(StaticResource):
                 # where the static dir is totally different
                 raise HTTPForbidden()
             filepath = self._directory.joinpath(filename).resolve()
+            self._follow_symlinks=True
             if not self._follow_symlinks:
                 filepath.relative_to(self._directory)
1 Like

I came across this issue too.
The fixes above are very temporary, and will get blown away on a HASS update.
I’ve made a pull request for a more permanent solution:

Thanks. Why did not not work out?

On discussion with the HA team, it was considered a security risk.

Can an HA Server’s owner decide if an OPTIONAL feature is a security risk, or does someone-else (devs) have to choose it for him? :sweat_smile: :man_facepalming:

There are others configuration attributes (like “trusted_networks” or “allow_bypass_login”) that has been implemented even if risky…and those are well used from many ppl :sweat_smile: