After upgrade from 28 to 29 I have "Data directory and your files are probably accessible from the Internet"

Grollek · June 8, 2024, 8:52am

This help me resolve this problem.
Only thing to change was to add port in trusted domains

 1 => '192.168.0.100:6443',

ISeeTWizard · June 3, 2024, 7:18am

Nextcloud version (eg, 29.0.5): 29.0.1
Operating system and version (eg, Ubuntu 29.04): Rocky Linux 9.4
Apache or nginx version (eg, Apache 2.4.25): 2.4.57
PHP version (eg, 8.3): 8.3.7

The issue you are facing:
I’m getting a warning message within my settings:

Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.

So I tried to find some solutions but nothing from what I found solved the issue.

I even moved out my data folder now from the public_html folder, so it’s not even visible from the net anymore, but still seeing that error.

Also trusted domains and overwrite cli are correct in my eyes

'trusted_domains' => 
  array (
    0 => 'my.domain',
  ),

 'overwrite.cli.url' => 'https://my.domain',

Someone wrote to use *.my.domain under trusted domains and here I than just get an error that I’m accessing from an untrusted domain

In my http config I checked also the overwrite:

    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted

Is this the first time you’ve seen this error? (Y/N): Y

The output of your Nextcloud log in Admin > Logging:

empty

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '/QokUhQNO',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'my.domain',
  ),
  'datadirectory' => '/my_data_folder',
  'dbtype' => 'mysql',
  'version' => '29.0.1.1',
  'dbname' => '',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'overwrite.cli.url' => 'https://my.domain',
  'mysql.utf8mb4' => true,
  'dbuser' => '',
  'dbpassword' => '',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 1234,
  ),
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'updater.release.channel' => 'stable',
  'app_install_overwrite' => 
  array (
    0 => 'unsplash',
    1 => 'occweb',
    2 => 'apporder',
    3 => 'files_readmemd',
  ),
  'default_phone_region' => 'LU',
  'default_locale' => 'de_DE',
  'remember_login_cookie_lifetime' => 172800,
  'session_lifetime' => 86400,
  'mail_smtpmode' => 'sendmail',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'service',
  'mail_domain' => 'domain.xyz',
  'defaultapp' => 'apporder',
  'simpleSignUpLink.shown' => false,
  'twofactor_enforced' => 
  array (
    'false' => '',
  ),
  'maintenance_window_start' => 1,
);

I’m now a bit lost as I don’t know what to do as next test - As I wrote even when moving out my data folder I’m still getting this message

The data folder has 770 as chmod and it is owned by the domain owner
The folders for the different users are drwxr-xr-x

Thanks for any idea and help

ernolf · June 3, 2024, 8:05am

Hi @ISeeTWizard

You should have used the search function of the forum.

Read this please, maybe it explains your issue:

Much and good luck,
ernolf

ISeeTWizard · June 3, 2024, 8:28am

Hi
like mentioned I searched for it and I found several entries and tried all of them

[root@web ~]# httpd -M
Loaded Modules:
*
*
env_module (shared)
*
*

So I also checked that this module is loaded, which it is as you see on the return I got

ISeeTWizard · June 8, 2024, 7:35am

Upgraded to 29.0.2 and still same issue
I still don’t see how my data folder could be accessible from the net when it doesn’t even exist anymore in the public folder but somewhere else on the server

alfwro13 · June 11, 2024, 3:12pm

I am glad to see that I am not the only one facing this problem - I have tried all above suggestions but none of the worked for me.

R0gue_One · June 12, 2024, 8:05pm

I can’t solve this either; I’ve removed all IP entries from my trusted domains section, and upgrading to 29.0.2 and I get the warning. My data directory is not in my www/nextcloud directory, but I’m still concerned due to the warning so I can’t upgrade my prod system until I have this solved

R0gue_One · June 14, 2024, 4:19pm

Are there any other suggestions? This is preventing me and likely others from upgrading to Nc29. I don’t want to risk data leak, and I don’t think in my example it’s at risk because of where my data directory is stored, but I don’t want to take the risk either

evo · June 15, 2024, 7:12am

This solved my problem! Thanks a lot!

R0gue_One · June 15, 2024, 3:02pm

Sadly this doesn’t work for me. Adding my port to it and then trying to login indicates the site isn’t added to trusted domains and I can’t login. Reloaded Apache before testing as well.

ISeeTWizard · June 17, 2024, 5:40am

I can confirm this
many reported changing something with the trusted_domain entry or the overwrite.cli.url dit help them but nothing helps on my install

blaxpot · June 21, 2024, 5:01am

Thanks!

Removing localhost from trusted_domains and appending a port on the remaining elements as shown below made the error go away for me also.

# grep -A 5 -i trusted_domains config/config.php
  'trusted_domains' =>
  array (
    0 => 'example.com:443',
  ),
);

Maybe something to do with how my proxy setup handles stuff on port 80?

Looking at the docs, it doesn’t seem like having a stricter setting here should be a problem, so long as you can still access your instance OK.
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trusted-domains

It’d be nice to see some clearer guidance about this issue in the update issues thread though - it took me way too long to convince myself that everything was OK with my instance and figure out how to address the problem.

R0gue_One · June 21, 2024, 2:07pm

I wish this worked for me. Adding :443 to the end, and then trying to login to my site says it’s not in the trusted domains and I can’t login at all. Removing :443 works. And port 443 is open via my firewall and routed to my server

ISeeTWizard · June 21, 2024, 2:28pm

Yep you are right - I tried it to but didn’t work

By the way I don’t use a proxy or similar - I attack my Cloud directly within my Apache Configuration

How is it possible to throw an error for something that isn’t even accessible from the web as the data folder is outside the web accessible folder?
It’s simply illogic and for me a bug!

NC29 is the first version I regret to have upgraded to…

Gipi · June 21, 2024, 4:38pm

totally agree

ISeeTWizard · June 25, 2024, 3:00pm

Bug still present with 29.0.3