Data directory accessible .htaccess file not working

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 23.0.10
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.41
PHP version (eg, 7.4): 7.4

The issue you are facing:
Security warning:
Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.

Is this the first time you’ve seen this error? (Y/N):Y

Steps to replicate it:

  1. Navigate to administration page in settings

The output of your Nextcloud log in Admin > Logging:

I have a ludicrous amount of log entries here. I need to know which items are useful for this problem.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '<redacted>',
  'passwordsalt' => '<redacted>',
  'secret' => '<redacted>',
  'trusted_domains' => 
  array (
    0 => '<redacted>',
    1 => '<redacted>',
    2 => '<redacted>',
    3 => '<redacted>',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '23.0.10.1',
  'overwrite.cli.url' => '<redacted>',
  'dbname' => '<redacted>',
  'dbhost' => '<redacted>',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '<redacted>',
  'dbpassword' => '<redacted>',
  'installed' => true,
  'theme' => '',
  'loglevel' => 0,
  'maintenance' => false,
  'has_rebuilt_cache' => true,
  'app_install_overwrite' => 
  array (
    0 => 'spreed',
    1 => 'workflow_pdf_converter',
    2 => 'impersonate',
    3 => 'files_accesscontrol',
    4 => 'deck',
    5 => 'external',
  ),
);

The output of your Apache/nginx/system log in /var/log/____:

[Fri Oct 14 00:00:06.673938 2022] [ssl:warn] [pid 48395] AH01906: 127.0.1.1:444:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Oct 14 00:00:06.673974 2022] [ssl:warn] [pid 48395] AH01909: 127.0.1.1:444:0 server certificate does NOT include an ID which matches the server name
[Fri Oct 14 00:00:06.674043 2022] [ssl:error] [pid 48395] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=<redacted>,O=<redacted>,ST=<redacted>,C=<redacted> / issuer: CN=<redacted>,O=<redacted>,ST=<redacted>,C=<redacted> / serial: <redacted> / notbefore: Jun  7 03:59:02 2021 GMT / notafter: Jun  5 03:59:02 2031 GMT]
[Fri Oct 14 00:00:06.674047 2022] [ssl:error] [pid 48395] AH02604: Unable to configure certificate 127.0.1.1:444:0 for stapling
[Fri Oct 14 00:00:06.674123 2022] [mpm_prefork:notice] [pid 48395] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Fri Oct 14 00:00:06.674176 2022] [core:notice] [pid 48395] AH00094: Command line: '/usr/sbin/apache2'

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.
CP\Http\Client\LocalServerException: Host violates local access rules
/var/www/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php - line 136:
OC\Http\Client\LocalAddressChecker->ThrowIfLocalIp()
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php - line 35:
OC\Http\Client\DnsPinMiddleware->OC\Http\Client{closure}(“*** sensiti … “)
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php - line 31:
GuzzleHttp\PrepareBodyMiddleware->__invoke()
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php - line 71:
GuzzleHttp\Middleware::GuzzleHttp{closure}(”** sensiti … “)
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php - line 63:
GuzzleHttp\RedirectMiddleware->__invoke()
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php - line 75:
GuzzleHttp\Middleware::GuzzleHttp{closure}(”** sensiti … “)
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php - line 331:
GuzzleHttp\HandlerStack->__invoke()
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php - line 168:
GuzzleHttp\Client->transfer()
/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php - line 187:
GuzzleHttp\Client->requestAsync()
/var/www/nextcloud/lib/private/Http/Client/Client.php - line 223:
GuzzleHttp\Client->request()
/var/www/nextcloud/lib/private/Installer.php - line 296:
OC\Http\Client\Client->get()
/var/www/nextcloud/lib/private/Installer.php - line 194:
OC\Installer->downloadApp()
/var/www/nextcloud/apps/settings/lib/Controller/AppSettingsController.php - line 536:
OC\Installer->updateAppstoreApp(”** sensiti … “)
/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 217:
OCA\Settings\Controller\AppSettingsController->updateApp(”** sensiti … *”)
/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 126:
OC\AppFramework\Http\Dispatcher->executeController()
/var/www/nextcloud/lib/private/AppFramework/App.php - line 157:
OC\AppFramework\Http\Dispatcher->dispatch()
/var/www/nextcloud/lib/private/Route/Router.php - line 302:
OC\AppFramework\App::main()
/var/www/nextcloud/lib/base.php - line 1015:
OC\Route\Router->match()
/var/www/nextcloud/index.php - line 36:
OC::handleRequest()


I have tried every combination of "AllowOverride All" & "Satisfy Any" settings in both the /data/.htaccess file and the /etc/apache2/sites-available/nextcloud.conf file that re mentioned in every forum post and support article I could find. The warning still does not go away and I am still able to access files in the /data directory of other users than the one I am logged in as.
2

Hello @8jwd2ttdg3ft, ,

welcome to the community of Nextcloud.

Thanks for your post, but please take a little time to get acquainted with the forum and make a stronger effort to troubleshoot. It is the least you can do when asking others to help you:

  • Search your question as keywords on this forum. If you find something useful, link it directly into this post.
  • Search the internet using your issue as generic keywords. Specificity is king:
    • php modules missing Ubuntu Snap update
  • If you have an error message, repeat this process to search for your error on the forum and internet.
  • If you do not find an answer, you are likely using the wrong keywords. Try simplifying your search on the forum and internet even more.
    • nextcloud php modules missing
  • Once you’ve done this you should be able to edit and update your post with specific technical information we can use to help you.
  • Check Nextcloud admin documentation

Please edit and update your post to include:

  • Direct Links to any useful info pages, posts and other info you find.
  • Add screenshots to your post for context
  • If you have large log files to attach you can link to a pastebin
  • Fill out our support form and add into your post.

These are the exact same steps we volunteers will be following to help you! So, get to it!

Cheerio,
JimmyKater

3

I have tried the solutions provided or discussed on the following pages:
manjarosite/fix-data-directory-warning-nextcloud/

help.nextcloudcom/t/system-message-your-data-directory-is-accessible-from-the-internet-only-with-using-a-subdomain/20533

www.redditcom/r/NextCloud/comments/qplx3r/your_data_directory_and_your_files_are_probably/

help.nextcloudcom/t/your-data-directory-and-files-are-probably-accessible-from-the-internet/129870/3

githubcom/nextcloud/server/issues/6449

githubcom/nextcloud/server/issues/6281

I have been trying many different combinations of locations (/data/.htaccess file & /etc/apache/sites-available/nextcloud.conf) and settings (“AllowOverride All” & “Satisfy Any”) mentioned in all of these pages for several hours. I apologize for the lack of specifics. My head is kind of mush at this point and I do not remember exactly which combinations I have tried. I began trying all manner of permutations with regard to these 2 settings and files because every source called one or both out.

4

did you ever get that working? I have the same issue and scenario where I’m not sure what else there is to do to make it work…