Good evening. I have a question about the location of the data folder. I’m seeing a ton of threads of people trying to move it after installing, and I was wondering if there are any pros/cons/concerns I need to be aware of as far as using the default location /var/www/html/data or moving it outside /var/www to somewhere like /srv/nextcloud.
I’ve had my server up and running for a couple weeks and haven’t added any sensitive data yet. I’m letting the internet poke at it for a while before I commit. I have all checks passed under Settings > Administration > Overview, and I have an A rating on the Nextcloud scan and A+ rating on ssllabs.com, and no security flaws found by pentest-tools.com.
I have Apache on the host running certbot and reverse proxying both Nextcloud and Collabora which are running in Docker, so the data folder isn’t even in the Apache instance exposed to the internet, if that makes any difference. This is Ubuntu Server 18.04.2 LTS running Nextcloud 16.0.1. I’ve tried to access a file directly in the browser using the full path under the web root, and it just sends me to the login page, which I gather should be the expected behavior.
My intention was to sync all my stuff from my laptop once I was comfortable with the security of the server, so I guess my question is, is there any issue with the default data folder location in this setup? Any security concerns I should have even though everything looks good?