Any safety issue with data folder location?

Good evening. I have a question about the location of the data folder. I’m seeing a ton of threads of people trying to move it after installing, and I was wondering if there are any pros/cons/concerns I need to be aware of as far as using the default location /var/www/html/data or moving it outside /var/www to somewhere like /srv/nextcloud.

I’ve had my server up and running for a couple weeks and haven’t added any sensitive data yet. I’m letting the internet poke at it for a while before I commit. I have all checks passed under Settings > Administration > Overview, and I have an A rating on the Nextcloud scan and A+ rating on, and no security flaws found by

I have Apache on the host running certbot and reverse proxying both Nextcloud and Collabora which are running in Docker, so the data folder isn’t even in the Apache instance exposed to the internet, if that makes any difference. This is Ubuntu Server 18.04.2 LTS running Nextcloud 16.0.1. I’ve tried to access a file directly in the browser using the full path under the web root, and it just sends me to the login page, which I gather should be the expected behavior.

My intention was to sync all my stuff from my laptop once I was comfortable with the security of the server, so I guess my question is, is there any issue with the default data folder location in this setup? Any security concerns I should have even though everything looks good?


I found my answer in a footnote in the Nextcloud admin documentation. This should really be prominent during the installation section of the documentation…

I’ll leave the steps I followed here in case anyone needs it. It so happens I already had my Nextcloud docker container’s /var/lib/www/html mounted to a folder on the host. So I moved the data folder out of it and made a separate mount from that to /srv/nextcloud/data in docker-compose. Then I changed the location in /var/lib/www/html/config/config.php. And then after starting it up, I ran occ files:scan --all since I read somewhere it was necessary to do that after moving.

It all started back up like nothing changed, and I have not seen any ill effects as of yet. I ran bash inside the container and looked at the folders, and they’re right where they should be with the same permissions as before. All seems to have worked out just fine. I guess if it blows up on me, I’ll post back here.

1 Like