Data directory accessible from the internet

enquirer · June 24, 2017, 6:17am

Seems lots of chatter about this on github etc but no real solution?

Admin page has warning: “Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root…” Any update on this?

JasonBayton · June 24, 2017, 7:35am

Normally means your htaccess can’t override the default Apache config.

enquirer · June 24, 2017, 9:32am

thanks - and the solution to this or just leave the annoyance? I am using NextCloud on a dedicated VPS.

JasonBayton · June 24, 2017, 9:58am

Edit /etc/apache2/apache2.conf

Scroll to the directory area and change

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

To

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

enquirer · June 26, 2017, 5:27am

Thanks. That seemed to work and then it’s back again.

Nemskiller · June 26, 2017, 6:10am

It can be a bad chmod on files.

You should read the installation manual on the nextcloud site. There is a step where they give you the good permission to put on folders.

You should look the installation process from the beginning in order to see if you didn’t miss an important thing.

You can also look if in your nextcloud folder you have this two files : .htaccess and .user.ini , if not you have to pick them from your downloaded nextcloud.zip they are in the root folder

zaxxon · August 27, 2019, 2:41am

Thank you I recently had changed this back when trying to reconfigure my nextcloud hostname and just ran across the security warning in the nextcloud console. Your post just saved me a lot of time.

Fabricio_Lucas · September 23, 2019, 10:27pm

Hello, I was reading this information but I would like to know where can a make this change on an iocage (Freenas). I am using nginx.

Thank you

KarlF12 · September 24, 2019, 3:20am

This isn’t an annoyance. This is the internet downloading your stuff.

Don’t disregard this warning. I would resolve it before uploading personal data to the system.

ddinno · December 28, 2019, 8:49pm

i’ve changed http.conf but nothing change. any ideas?

Nemskiller · December 29, 2019, 1:58am

You have to change it into the nextcloud conf file in (by default ) /var/www/nextcloud/config/config.php
You will have a line with this ’/var/www/nextcloud/data’
You have to modify to a data folder that is outside /var/www/

ddinno · December 29, 2019, 7:42am

thank you in advance. sorry @Nemskiller i was very tired and i went off topic. my problem is that i get this message "Forbidden

You don’t have permission to access /nextcloud/index.php on this server. "After updating nc 17 on VPS
this is error log:
[Sun Dec 29 03:03:32.751037 2019] [core:crit] [pid 2655] (13)Permission denied: [client 93.66.198.128:57128] AH00529: /var/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/var/www/’ is executable, referer: http://64.137.164.100/nextcloud/

i’ve tried to change /var/www permission with sudo find /var/www -type f -exec chmod 664 {} \; but nothing change

i’ve also disabled selinux and change httpd.conf (in file section set to Allow from all )

mhrsolanki2020 · December 29, 2019, 10:22am

hi @ddinno
Can you try that same command for directories as well? But with chmod 750 {} ;
Also rather than doing that for all websites in your www directory, do it only for nextcloud folder.

So try the following commands

sudo find /var/www/nextcloud/ -type d -exec chmod 750 {} \;
sudo find /var/www/nextcloud/ -type f -exec chmod 664 {} \;

In my wordpress instance, I generally go for 644 for files. But 664 works aswell.

Also confirm that the folders are owned by www-data group, else do a chown for the same.

If your data folder is outside of /var/www, then do chown for data folder as well.

ddinno · December 29, 2019, 5:52pm

hi @mhrsolanki2020

i’ve tried on my /var/www/html/nexctcloud but same problem
same error on log:
[Sun Dec 29 12:49:36.752303 2019] [core:crit] [pid 1276] (13)Permission denied: [client 93.66.198.128:59590] AH00529: /var/www/html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/var/www/html/’ is executable, referer: http://64.137.164.100/nextcloud/

ddinno · December 30, 2019, 7:30am

i fix-it with
chown apache:apache /var/www/html

zeroinf · January 25, 2020, 7:11pm

I have the same problem , but webserver is Nginx , wath .htaccess must edit ?
/www/wwwroot/domain.cloud/data
or
/www/wwwroot/domain.cloud/

Nemskiller · January 25, 2020, 7:49pm

Nginx don’t use .htaccess.
you have to specify it in your conf file.
Look at this How to :

zeroinf · January 25, 2020, 8:13pm

I can do this , because i really have installed aaPanel on my vps ( CentOS 8 ) and everything is different for me . I leave al thins as is it .

Heroicman · September 23, 2023, 1:17pm

Finally!!! I knew it would be a simple fix. However, I just didn’t know where the problem was originating from. Thank you, Jason.

Ethan.B · May 13, 2024, 1:33pm

That fixed it for me. Thanks man.