Watermarking with NGINX

A customer recently pointed out that serving watermarked files on a NGINX server needs to be done a little differently. He is using Kinsta hosting. I also confirmed the issue on a local NGINX server. By default, WaterWoo and EDDiMark try to place a PDF in the /tmp folder while watermarking takes place, then serve it (and delete the /tmp copy).

Bottom line: Kinsta (NGINX) does not allow user access to /tmp, and for good reason.

“…you must not permit visitors to access to tmp nor config (the database dumps are stored in /tmp so a visitor can discover admin password by a brute force attack).”

So, if using NGINX, PDFs must instead be temporarily stored in a folder under /wp-content. Using the following filter, this is performed automagically for you.

add_filter( 'eddpdf_watermark_use_uploads_dir', '__return_true' );

For WaterWoo, use this code instead:

add_filter( 'wwpdf_watermark_use_uploads_dir', '__return_true' );

The rub is stamped files will collect in that folder, and are not automatically deleted. (This was not programmed into the plugins because many customers actually prefer to keep the files for reference, and because it is difficult to ascertain when a download is actually complete.) A cron job will need to be set up to delete PDFs on some schedule after they are served. Want to know how to set up a file-deleting cron job for EDDiMark?