After upgrade from 28 to 29 I have "Data directory and your files are probably accessible from the Internet"

This help me resolve this problem.
Only thing to chcange was to add port in trusted domains
1 => ‘192.168.0.100:6443’,

Nextcloud version (eg, 29.0.5): 29.0.1
Operating system and version (eg, Ubuntu 29.04): Rocky Linux 9.4
Apache or nginx version (eg, Apache 2.4.25): 2.4.57
PHP version (eg, 8.3): 8.3.7

The issue you are facing:
I’m getting a warning message within my settings:

  • Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.

So I tried to find some solutions but nothing from what I found solved the issue.

I even moved out my data folder now from the public_html folder, so it’s not even visible from the net anymore, but still seeing that error.

Also trusted domains and overwrite cli are correct in my eyes
‘trusted_domains’ =>
array (
0 => ‘my.domain’,
),

‘overwrite.cli.url’ => ‘https://my.domain’,

Someone wrote to use *.my.domain under trusted domains and here I than just get an error that I’m accessing from an untrusted domain

In my http config I checked also the overwrite:
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted

Is this the first time you’ve seen this error? (Y/N): Y

The output of your Nextcloud log in Admin > Logging:

empty

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '/QokUhQNO',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'my.domain',
  ),
  'datadirectory' => '/my_data_folder',
  'dbtype' => 'mysql',
  'version' => '29.0.1.1',
  'dbname' => '',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'overwrite.cli.url' => 'https://my.domain',
  'mysql.utf8mb4' => true,
  'dbuser' => '',
  'dbpassword' => '',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 1234,
  ),
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'updater.release.channel' => 'stable',
  'app_install_overwrite' => 
  array (
    0 => 'unsplash',
    1 => 'occweb',
    2 => 'apporder',
    3 => 'files_readmemd',
  ),
  'default_phone_region' => 'LU',
  'default_locale' => 'de_DE',
  'remember_login_cookie_lifetime' => 172800,
  'session_lifetime' => 86400,
  'mail_smtpmode' => 'sendmail',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'service',
  'mail_domain' => 'domain.xyz',
  'defaultapp' => 'apporder',
  'simpleSignUpLink.shown' => false,
  'twofactor_enforced' => 
  array (
    'false' => '',
  ),
  'maintenance_window_start' => 1,
);

I’m now a bit lost as I don’t know what to do as next test - As I wrote even when moving out my data folder I’m still getting this message

The data folder has 770 as chmod and it is owned by the domain owner
The folders for the different users are drwxr-xr-x

Thanks for any idea and help

Hi @ISeeTWizard

You should have used the search function of the forum.

Read this please, maybe it explains your issue:


Much and good luck,
ernolf

1 Like

Hi
like mentioned I searched for it and I found several entries and tried all of them

[root@web ~]# httpd -M
Loaded Modules:
*
*
env_module (shared)
*
*

So I also checked that this module is loaded, which it is as you see on the return I got

1 Like

Upgraded to 29.0.2 and still same issue
I still don’t see how my data folder could be accessible from the net when it doesn’t even exist anymore in the public folder but somewhere else on the server

I am glad to see that I am not the only one facing this problem - I have tried all above suggestions but none of the worked for me.

I can’t solve this either; I’ve removed all IP entries from my trusted domains section, and upgrading to 29.0.2 and I get the warning. My data directory is not in my www/nextcloud directory, but I’m still concerned due to the warning so I can’t upgrade my prod system until I have this solved :frowning:

Are there any other suggestions? This is preventing me and likely others from upgrading to Nc29. I don’t want to risk data leak, and I don’t think in my example it’s at risk because of where my data directory is stored, but I don’t want to take the risk either

This solved my problem! Thanks a lot!

Sadly this doesn’t work for me. Adding my port to it and then trying to login indicates the site isn’t added to trusted domains and I can’t login. Reloaded Apache before testing as well.