Data Directory accessable from the Internet

nitr0burger · November 16, 2016, 3:43pm

Hello everybody,
I´m a newbee and and need help, what else

I just installed Ubuntu Server 16.04.1 LTS on my Intel NUC with LAMP and Nextcloud 10.0.1 (I was using the tutorial from linuxbabe.com:
https://www.linuxbabe.com/cloud-storage/setup-nextcloud-server-ubuntu-16-04-apache-mariadb-php7)

I already changed in the apache2.conf “None” to “All”
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

and used the command:
sudo service apache2 restart

But I still get the red message "Your data directory and your files are probably accessible from the internet…

Does anyone have an idea to solve my problem?

Thank you in advance
Best
Benjamin

anon58843897 · November 16, 2016, 3:58pm

1: Make sure the proper .htaccess file is in the data directory. The web server needs to be configured to allow the listed commands to work.

Here is an example .htaccess

# Generated by ownCloud on 2016-11-16 13:56:06
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>

# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
Satisfy All
</ifModule>

# section for Apache 2.2 and 2.4
IndexIgnore *

2: Even with the .htaccess file, it’s better to have your data directory located in a place that is not publicly served by Apache.

nitr0burger · November 17, 2016, 7:27am

I opened the /var/www/nextcloud/.htaccess and lines are missing.
What can I do?

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
<IfModule mod_fcgid.c>
   SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
   RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
</IfModule>
<IfModule mod_proxy_fcgi.c>
   SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
  </IfModule>

  <IfModule mod_env.c>
# Add security and privacy related headers
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for CSS and JS files
  <FilesMatch "\.(css|js)$">
Header set Cache-Control "max-age=7200, public"
  </FilesMatch>
</IfModule>
<IfModule mod_php5.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value always_populate_raw_post_data -1
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_php7.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

anon58843897 · November 17, 2016, 1:23pm

Hi,

That is the .htaccess for the default Nextcloud root. There is a different .htaccess in the data directory, or at least there should be. I suggest downloading a fresh copy of Nextcloud, and extracting the .htaccess file from the data folder. Place that .htaccess in your data folder on the server.

nitr0burger · November 17, 2016, 2:38pm

OK Sorry, my mistake.
In the data folder is a .htaccess file with the same lines you´ve posted.

What can I now do?

And what did you mean by

2: Even with the .htaccess file, it’s better to have your data directory located in a place that is not publicly served by Apache.

anon58843897 · November 17, 2016, 2:51pm

I mean the data folder should not be served out directly by the web server. Here is an example.

Lets say your Nextcloud installation is located at /var/www/nextcloud. In a default setup, the data folder would then be at /var/www/nextcloud/data. But you can set your data folder to be at /var/www/data or any other non public path instead. That way the data folder is not available directly through the webserver. Just be sure that Nextcloud is able to access the new data folder location.

Instructions for moving the data folder can be found on these forums. Note, moving it is not supported after installation, but it should work. If this is a new install, you can do a reinstall and select an alternative data location during the setup.

nitr0burger · November 18, 2016, 12:21pm

Thank you very much for your help.
I “uninstalled” nextcloud and installed it again with the new data folder /var/www/nextclouddata and the error is done

I have now just one issue with the mem cache, but for that I will search at first
"OC\HintException: Memcache \OC\Memcache\APC not available for local cache at /var/www/nextcloud"

nitr0burger · November 18, 2016, 1:10pm

Just for information. I solved the “Mem cache problem” with this tutorial.

noizo · January 18, 2018, 9:09pm

I was able to fix this issue by moving data directory to upper level to /var/www/data and changing
/var/www/nextcloud/config/config.php line to
'datadirectory' => '/var/www/data',