I wanted to harden my Raspberry and therefore I copied my /var/www/nextcloud folder to /opt
So for this case I have 2 folders and I want to test my Apache2.4 config with the new directory.
Permissions for www-data is fine. He can edit and list all content inside drwxr-x--- 14 www-data www-data 4.0K Sep 29 15:33 nextcloud
I use this config:
Alias / "/opt/nextcloud/"
<IfModule mod_ssl.c>
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin@example.com
ServerName ncloud.example.com
DocumentRoot /opt/nextcloud/
<Directory /opt/nextcloud/>
Require all granted
# Options +FollowSymlinks
AllowOverride All
Options FollowSymlinks MultiViews
# Require all denied
# Order allow,deny
# allow from all
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /opt/nextcloud
SetEnv HTTP_HOME /opt/nextcloud
</Directory>
<IfModule http2_module>
ProtocolsHonorOrder On
Protocols h2 h2c http/1.1
H2Direct on
</IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set X-Robots-Tag none
Header set X-Frame-Options SAMEORIGIN
Header set Referrer-Policy no-referrer
</IfModule>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ncloud.crt
SSLCertificateKeyFile /etc/ssl/private/ncloud.key
</VirtualHost>
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
</IfModule>
When I change the Alias / to Alias / /var/www/nextcloud/ it works fine, but then it uses the old directory. Only when I try Alias / /opt/nextcloud/ I get 403…
As you can see, I commented out some of the Directory options… I tried several but none of them works. I dont have SELinux so this is not an issue.
Hi, yes I did that. cp directory is not working without -r, so yes cp -r was done. Permissions and owner is the same as before.
to make sure www-data was working properly I also rerun:
chown -R www-data:www-data /opt/nextcloud
Hmm, im not sure what else could cause the issue. But I have to say that i’m not very familiar with nginx… But maybe you could still try the rsync command with the -a option, just to make sure that there is no issue with permissions.
The -a stands for archive mode. It copies files recursively and keeps the timestamps, user/group ownership, file permissions and symbolic links.
I tested it on my test instance with rsync -av and it worked right away. The only relevant difference in your config compared to mine is the Alias directive at the beginning, which I don’t have.