Page 1 of 1

thumbnails are not displayed.

PostPosted: Thu Apr 10, 2014 6:52 pm
by davs

I tried to install bolt cms. Everything works fine.. except the tumbnails aren't appearing.
But when I click on the error thumbnail the image is there. Here is the URL to my website:

Has someone an idea what I'm doing wrong?

Here are my config files:

nginx conf
Code: Select all
server {
   return 301 $scheme://$request_uri;

server {
    listen 80;
    add_header X-Frame-Options DENY;
    add_header Strict-Transport-Security max-age=63072000;
    add_header X-Content-Type-Options nosniff;

    root /var/www/;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name ;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    location ~* /thumbs/(.*)$ {
        try_files $uri $uri/ /app/classes/timthumb.php?$query_string;

    location /app/classes/upload {
        try_files $uri $uri/ /app/classes/upload/index.php?$query_string;

    location ~*
\.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
        access_log off;
            expires 30d;
            add_header Pragma public;
            add_header Cache-Control "public, mustrevalidate,
        location = /robots.txt { access_log off; log_not_found off; }
        location = /favicon.ico { access_log off; log_not_found off; }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        # With php5-fpm:
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

    location ~ /\.ht {
        deny all;

    location /app {
         deny all;
        location ~ /vendor {
            deny all;
        location ~ \.db$ {
            deny all;



Code: Select all
# Database setup. The driver can be either sqlite, mysql or postgres. For
# SQLite, only the databasename is required, while MySQL and PostgreSQL also
# require username, password and perhaps a hostname.
# If you're trying out Bolt, just keep it set to SQLite for now.
  driver: mysql
  username: ****
  password: ****
  databasename: ****

# The name of the website
sitename: A sample site
payoff: The amazing payoff goes here

# The theme to use. Be sure to copy the {theme_path}/base-2013 folder, and change the
# name here accordingly. Don't edit the templates in theme/base-2013, because
# they _will_ get updated in next releases
theme: base-2013

# The locale that'll be used by the application. If no locale is set the
# fallback locale is 'en_GB'. For available options, see:
locale: en_GB
#timezone: UTC

# Set maintenance mode true or false
# While in maintenance mode, only users of level editor or higher can access the site.
# All other visitors are presented with a notice that the site is currently offline.
# The default template file can be found in /app/theme_defaults/ and overridden with
# this option using your own theme.
maintenance_mode: false
maintenance_template: maintenance_default.twig

# The hour of the day for the internal cron task scheduler to run daily, weekly,
# monthly and yearly jobs.  Default: 3 (3 am)
cron_hour: 3

# If your site is reachable under different urls (say, both
# as well as, it's a good idea to set one of these as the canonical,
# so it's clear which is the primary address of the site. Don't include the
# http:// protocol prefix. Enable the following line to define a canonical url.

# Bolt can insert a <link rel="shortcut icon"> for all pages on the site. Note
# that the location given is relative to the currently selected theme. If you
# want to set the icon yourself, just don't enable the following line.
#favicon: images/favicon-bolt.ico

# The default content to use for the homepage, and the template to render it with.
homepage: page/1
homepage_template: index.twig

# The default content for the 404 page. Uses the 'record_template' template by default.
# Make sure this is set to an existing record, otherwise visitors will get an error-page
# when the request a non-existing page.
# Note: If you are logged on, and debug is set to 'true', you will NOT see the 404 page!!
notfound: page/not-found

# The default template and amount of records to use for listing-pages on the site.
# Can be overridden for each contenttype, and for each record, if it has a
# 'templateselect' field.
record_template: record.twig

# The default template and amount of records to use for listing-pages on the site.
# Can be overridden for each contenttype.
# Note: sorting on TAXONOMY-pages will give unexpected results, if it has a pager
# If you need sorting on those, make sure you display all the records on one page.
listing_template: listing.twig
listing_records: 6
listing_sort: datepublish DESC

# Template for showing the search results. If not defined, uses the settings
# for listing_template and listing_records
search_results_template: listing.twig
search_results_records: 10

# The list of enabled extensions. For Example:
# GoogleAnalytics, FacebookLike, TwitterButton, FacebookComments, Disqus, RSSFeed, SimpleForms.
# Read each '' from the Bolt Extensions screen, to see what they do.
enabled_extensions: [  ]

# Add jQuery to the rendered HTML, whether or not it's added by an extension.
add_jquery: false

# The default amount of records to show on overview pages. Can be overridden
# for each contenttype.
recordsperpage: 10

# Settings for caching in parts of Bolt.
# - config: Caches the parsed .yml files from /app/config. It's updated immediately when of the
#   files changes on disk. There should be no good reason to turn this off.
# - templates: Caches rendered templates.
# - request: Caches entire rendered pages like '/page/about', but only on GET requests.
# - duration: the duration (in minutes) for the 'templates' and 'request' options. default is 10 minutes.
#   note that the duration is set on storing the cache. By lowering this value you will not invalidate
#   currently cached items.
# - authenticated: cache 'templates' and 'request' for logged-on users. In most cases you should *NOT* enable
#   this, because it will cause side-effects if the website shows different content to authenticated users.
  config: true
  templates: true
  request: false
  duration: 10
  authenticated: false

# Set 'enabled' to 'true' to log all content changes in the database.
# Unless you need to rigorously monitor every change to your site's content, it
# is recommended to keep this disabled.
  enabled: false

# Default settings for thumbnails. Quality should be between 0 (horrible) and
# 100 (best, huge image). Cropping is one of either crop, fit, borders, resize.
# default_thumbnail is the default size of images, when using {{ record.image|thumbnail() }}
# default_image is the default size of images, when using {{ record.image|image() }}
# allow_upscale determines whether small images will be enlarged to fit the requested dimensions.
# Note: if you change these values, you might need to clear the cache before they show up.
  default_thumbnail: [ 160, 120 ]
  default_image: [ 1000, 750 ]
  quality: 80
  cropping: crop
  notfound_image: view/img/default_notfound.png
  error_image: view/img/default_error.png
  save_files: false
  allow_upscale: false

# File types that are acceptable for upload in either 'file' fields or through the 'files' screen.

# The following is the default list of file-types that can be ulpoaded through the 'files' screen.
accept_file_types: [ twig, html, js, css, scss, gif, jpg, jpeg, png, ico, zip, tgz, txt, md, doc, docx, pdf, epub, xls, xlsx, ppt, pptx, mp3, ogg, wav, m4a, mp4, m4v, ogv, wmv, avi, webm, svg]

# Alternatively, if you wish to limit these, uncomment the following list instead;
# it includes file types that are harder to exploit.
# accept_file_types: [ gif, jpg, jpeg, png, txt, md, pdf, epub, mp3, svg ]

# If you want to 'brand' the Bolt backend for a client, you can change some key variables
# here, that determine the name of the backend, and adds a primary support/contact link
# to the footer. Additionally you can change the mount-point for the backend, either for
# convenience or to obscure it from prying eyes. The Bolt backend is accessible as /bolt/
# by default, if you change it here, it will only be accessible through the value set in
# 'path'. Keep the path simple: lowercase only, no extra slashes or other special characters.
#  name: SuperCMS
#  path: /admin
#  provided_by: [, "Supercool Webdesign Co." ]

# Show the 'debug' nut in the lower right corner for logged-in user. By default,
# the debugbar is only shown to logged-in users. Use the 'debug_show_loggedoff'
# option to show it to all users. You probably do not want to use this in a
# production environment.
debug: true
developer_notices: false
debug_show_loggedoff: false
debug_permission_audit_mode: false
debug_error_level: 6135 # equivalent to E_ALL &~ E_NOTICE &~ E_DEPRECATED &~ E_USER_DEPRECATED
#debug_error_level: 30719 # equivalent to E_ALL
debug_enable_whoops: true # change this to false to use PHP's built-in error handling instead of Whoops

# Use strict variables. This will make Bolt complain if you use {{ foo }},
# when foo doesn't exist.
strict_variables: false

# There are several options for giving editors more options to insert images, video,
# etc in the Wysiwyg areas. But, as you give them more options, that means they also have
# more ways of breaking the preciously designed layout. By default the most 'dangerous'
# options are set to 'false'. If you choose to enable them for your editors, please
# instruct them thoroughly on their responsibility not to break the layout.
  images: true
  anchor: false
  tables: true
  fontcolor: false
  align: false
  subsuper: false
  embed: true
    allowedContent: true # If set to 'true', any elements and attributes are allowed in Wysiwg Elements
    autoParagraph: true # If set to 'true', any pasted content is wrapped in <p> tags for multiple line-breaks

# by default, mail is sent using PHP's built-in mail function. In general, it's advised to use SMTP for sending mail
# instead. Uncomment the following lines to use an SMTP server with authentication.
# Please check for a full range of options
#  host: localhost
#  port: 25
#  username: username
#  password: password
#  encryption: null
#  auth_mode: null

# Bolt allows some modifications to how 'strict' login sessions are. For every option
# that is set to true, it becomes harder for a bad-willing person to spoof your login
# session. However, it also requires you to re-authenticate more often if you change
# location(ip-address) or your browser has frequent upgrades. Only change these if
# you know what you're doing, and you're having issues with the default settings.
# note: if you change any of these, all current users will automatically be logged off.
cookies_use_remoteaddr: true
cookies_use_browseragent: false
cookies_use_httphost: true

# Set the SECURE flag on session and authentication cookies. This will keep
# most browsers from transmitting sessions cookies over an unencrypted
# connection (e.g. when editing the site over HTTPS and at the same time
# viewing it over HTTP).
# NOTE: This setting only makes sense when you have actually set up HTTPS for
# your Bolt site; if you do, you probably want to combine this flag with the
# enforce_ssl option to avoid non-SSL requests to the backend altogether.
cookies_https_only: false

# The length of time a user stays 'logged in'. Change to 0 to end the session when the browser
# is closed. The default is 1209600: two weeks in seconds.
cookies_lifetime: 1209600

# Set the session cookie to a specific domain. Leave blank, unless you know what you're doing.
# When set incorrectly, you might not be able to log on at all.
# If you'd like it to be valid for all subdomains of '', set this to ''.

# If your system is using a custom session configuration (such as a redis handler from a
# PHP extension) then we need to disable our session storage handler. In that case, set
# this setting to false. Do not change this, unless you know what you're doing!
# See:
session_use_storage_handler: true

# The hash_strength determines the amount of iterations for encrypting passwords. A higher number means
# a harder to decrypt password, but takes longer to compute. '8' is the minimum, '10' is the default,
# '12' is better.
hash_strength: 10

# Enforce SSL: if set, all but the front-end pages will enforce an SSL
# connection (and redirect to HTTPS if you attempt to visit the backend over
# plain HTTP).
# NOTE: if you set this, you probably also want to set the cookies_https_only
# option; without it, users can still be tricked into sending session cookies
# over plain HTTP, which could allow a MITM attacker to hijack their sessions.
# enforce_ssl: true

# If configured, Bolt will trust X-Forwarded-XXX headers from the listed IP
# addresses and ranges when determining whether the current request is
# 'secure'.
# This is required to correctly determine the current hostname and protocol
# (HTTP vs. HTTPS) when running behind some proxy, e.g. a load balancer, cache,
# or SSL proxy.
# List the IP addresses or subnets that you know are such proxies. Note that
# allowing hosts here that may not be trusted proxies is a security risk.
# If you do not understand what this does, it is probably best to not touch it.
# trustProxies:
#     -
#     -

# Theme file path where themes are. They are under /theme in project's root folder
# by default but can be relocated. This case you should define theme_path accordingly.
# Make sure the path exists, and be aware that you'll get a new 'theme' folder on any
# subsequent Bolt update. Changing this setting is not advised.
# theme_path: theme

# If you want Bolt installation get news through a proxy
#  host: my.proxy.server
#  user: usr
#  password: pwd