Data directory outside of the Web root

Hi
According to the documentation it is highly recommended to place your data directory outside of the Web root (i.e. outside of /var/www).

I’m quite new to Linux. Where should I place it on a Ubuntu installation (best practice?)

Hi,

if you have a dedicated hdd, it will be mount usually under /mnt/nameofthehdd

I am using a raid6 array, my mount point is /mnt/raid6/nextdata

If you dont have a specific hdd/ssd/array, you can use whatever mount point outside of /var/www/… like /home/nextdata … simply dont forget to chown-it to www-data:www-data

On my client’s Azure installation, I added an extra 512GB data drive and used a soft link to redirect the data folder to this drive. Seems to work okay.

Yep, soft-link is another way, but why, when you simply have to edit the point to /your/own/location/for/data ( protected by software, apache and .hta rules)

furthermore, you add security risk by doing so:
If a file is been deleted and the symlink remains there is a risk. A malicious party may hold permissions to create a file at that location. If they can then now your webserver will happily serve the file completely oblivious to the fact it is malicious…