Sometimes we need to serve files directly from application, especially when file access is restricted by account permissions. Using readfile() to achieve this can successfully kill our web server – even without huge load.

To avoid performance problems we can use nginx X-Accel-Redirect feature, and serve files from application through nginx server.

Example: Serving gallery photos

Configure nginx
We have to configure new location, and define it as internal.

location /gallery/ {
  internal;
  root   /absolute/path;
}

Gallery files should be located in /absolute/path/gallery, so example image should be located in /absolute/path/gallery/EXAMPLEIMAGE_FILEBASENAME.JPG
Serve file
Now we can do whatever we want before sending file to user. I prepare little example, to show what can be done.

# /gallery/getimage/3
$image = new Image($this->request->getParam('id'));
$user = $this->getLoggedUser();
 
header('Content-type: image/jpeg');
if ($user->hasRight($image)) {
    header("X-Accel-Redirect: /gallery/".$image->getFilename());
} else {
    header("X-Accel-Redirect: /gallery/".self::DEFAULT_IMAGE_FILENAME);
}

So if user has right to see gallery image, will get it. Otherwise default image is served. Serving files now is safe, efficient and really straightforward.

More information about X-Accel-Redirect can be found here