Edited that in
I added a new 1TB virtual drive and moved the data directory in NextCloud 12.0.0 by doing the following:
Partition and mount new 1TB drive (standard disclaimer - if you donât know what this does, donât do it, you will likely lose data)
sudo mkfs.ext4 -G 4096 /dev/sdb
sudo blkid /dev/sdb
/dev/sdb: UUID=âcopy ID listed hereâ TYPE="ext4"
sudo mkdir /mnt/data
sudo nano etc/fstab
/mnt/data was on /dev/sdb
UUID=paste_UUID_here /mnt/data ext4 defaults 0 2
sudo mount -a
sudo chmod -Rf 777 /mnt/data
Now for the data move to fresh disk:
sudo systemctl stop apache2
sudo rsync -avP /var/www/nextcloud-data /mnt/data/
sudo nano /var/www/nextcloud/config/config.php
âdatadirectoryâ => â/mnt/data/nextcloud-data/â,
sudo shutdown -r now
Seemed to work just fine.
this steps worked for me too. could it really be that easy?
You missed the database edit. See my solution above:
Not quite.
Thanks JaysonBayton. You are correct, I missed the database edit.
Fooled myself because everything continued to work, but of course the new data location wasnât being used. Probably would have been a long time until I realized it. Thanks again.
So:
sudo systemctl stop apache2
sudo rsync -avP /var/www/nextcloud-data /mnt/data/
sudo nano /var/www/nextcloud/config/config.php
âdatadirectoryâ => â/mnt/data/nextcloud-data/â,
Edit database nextcloud
Database: nextcloud
Table: OC_STORAGES
Row: change row data from local::/var/www/nextcloud-data/ to local::/mnt/data/nextcloud-data/
sudo systemctl stop MySQL
sudo su
mv /var/www/nextcloud-data/ /var/www/nextcloud-data-old/
sudo shutdown -r now
A bit off topic: I used HeidiSQL with plink SSH Tunnel to manage MariaDB and do the nextcloud database edit as Iâm connecting from Windows - a few things to know to connect to MariaDB, Iâll share if anyone is interested
dahumph,
Without the database edit the new disk is not being used.
Redo rsync, edit db, rename original data folder to be sure - you can delete it later.
Maybe we can move this to howto, as still questions about that appear. Or ah, I will collect all information here and write some howto the next hour. About symlink, which seems to be an easy alternative solution: How the enable symlink support for webservers or be sure that theyâre supported?
âŹ: Okay for apache itâs simply:
<Directory /> ... Options +FollowSymlinks ... </Directory>
as given in the recommended nextcloud.conf.
Is there something that needs to be done for nginx?
âŹ: Howto done: HowTo: Change / Move data directory after installation
Input/Fixes welcome, and I will add the steps for mysql later and perhaps steps for nginx and other databases.
But be aware, symlinks are handled like they are in your webroot.
There is no difference between:
- /var/www/nextcloud/data/yourSecretFile
- /var/www/nextcloud/[symlink to /your/new/nextcloud/datadirectory]/yourSecretFile
There is no need to move your /data directory out of your webroot, if you symlink it.
Though that doesnât matter if your move is based on storage requirements rather than security.
Youâre right, for storage problems it is the best and easiest solution.
I had not considered that.
But important to mention in the howto! Thanks for the hint, I just thought about the storage reason.
Read somewhere that especially with apache the location of data folder inside web root is no real security vulnerability anymore, but yeah it is still âhighlyâ recommended by admin manual: https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html#place-data-directory-outside-of-the-web-root
I guess if data
is exposed by a poorly configured installation then so is config.php
. Iâm not sure which Iâm more concerned about - data or passwords and internal configuration - being open to the net. Wordpress and others have the same issue with exposing configs, too.
Ah, itâs the .htaccess
inside data directory that should prevent access:
# line below if for Apache 2.4 <ifModule mod_authz_core.c> Require all denied </ifModule> # line below if for Apache 2.2 <ifModule !mod_authz_core.c> deny from all Satisfy All </ifModule>
Is there something similar for php_fpm or nginx, as they cannot handle .htaccess?
No, just set your symlink. Nginx is following it by default.
location /data {
deny all;
return 403;
}
should make it
edit: edits
Ah okay, this is also covered by the example configuration in admin manual:
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; }
But yeah, for every security step, there is a way to get around it. For my point of view, there is not enough you can do to protect your data .
Same for strong nextcloud password + internal brute force prevention + fail2ban as second brute force detection (okay I do not use that anymore actually )
I am not skilled at linux or apache, etc. I just got NC 12.0.0 up and running following the manual install instructions and the default installation path when first starting nextcloud 192.168.1.xxx/nextcloud put the data in the webpath apparently.
Iâd like to uninstall everything and start over.
I am guessing that I need to:
apt-get purge nextcloud
apt-get purge mysql-server
as to the non-web-root directory I was thinking of creating /home/share as the /home mount point has 3TB available and should do okay for my family sharing files
I donât know what my chown command should look like?
And also is /home/share where both the nextcloud database and user created documents will be kept?
Thanks in advance, and any help much appreciated.
Thanks for support!
I have moved data directory to /opt/data and I can see data in the NextCoud App.
BUT I canât upload any files, error is âForbidenâ.
In the Admin/Basic Settings I see error: Error occurred while checking server setup
In the Admin panel Logs never show up. I see file under /âŚ/data directory file permissions are: -rw-r-----. 1 httpd httpd
Same as they where in the old location, where it worked fineâŚ
When I upload files manually to home directory and run: sudo -u httpd php /var/www/nextcloud/occ files:scan --all
Files appear in my file list in web and application.
File permissions are the same as they where in original /âŚ/data/ folder.
Strange thing. When I open new incognito window and try to open my nextcloud web page, I get page with error (Old session works):
âYour data directory is not writable
Permissions can usually be fixed by giving the webserver write access to the root directory.â
But in the console I can move files around with httpd user with no problem. For example:
sudo -u httpd cp /var/www/nextcloud/console.php /opt/data/
Where I might be forgetting to change something?
Thank You!Preformatted text
Just to move your data you donât need to reinstall. But how did you install it? Via apt-get or with the zip?
Donât purge mySQL or Apache, thereâs no need. You can instead make a new database as part of the reinstall.
Donât put your data in /home/ as there can be issues with ownership, rather use /opt/ or /media/ or /var/ or some other area.
I have tried to:
sudo chmod -R 777 /opt
all /opt is owned by httpd:httpd still no successâŚ
Log says:
Aug 15 16:34:05 nextcloud httpd[3000]: [:error] [pid 3000] [client 192.168.20.125:42994] {"reqId":"WZL4TXCfAMRB0DF7mRLwegAAAAM","level":3,"time":"2017-08-15T13:34:05+00:00","remoteAddr":"192.168.20.125","user":"--","app":"PHP","method":"GET","url":"\\/index.php\\/js\\/core\\/merged-template-prepend.js?v=df00724434e5f06d1daca52134e36ea3-2","message":"Invalid argument supplied for foreach() at \\/var\\/www\\/html\\/nextcloud\\/lib\\/private\\/Template\\/JSCombiner.php#107","userAgent":"Mozilla\\/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko\\/20100101 Firefox\\/54.0","version":"12.0.0.29"}
Aug 15 16:34:05 nextcloud httpd[3000]: [:error] [pid 3000] [client 192.168.20.125:42994] PHP Warning: fileperms(): stat failed for /opt/data/nextcloud.log in /var/www/html/nextcloud/lib/private/Log/File.php on line 122
Aug 15 16:34:05 nextcloud httpd[3000]: [:error] [pid 3000] [client 192.168.20.125:42994] {"reqId":"WZL4TXCfAMRB0DF7mRLwegAAAAM","level":3,"time":"2017-08-15T13:34:05+00:00","remoteAddr":"192.168.20.125","user":"--","app":"PHP","method":"GET","url":"\\/index.php\\/js\\/core\\/merged-template-prepend.js?v=df00724434e5f06d1daca52134e36ea3-2","message":"Invalid argument supplied for foreach() at \\/var\\/www\\/html\\/nextcloud\\/lib\\/private\\/Template\\/SCSSCacher.php#145","userAgent":"Mozilla\\/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko\\/20100101 Firefox\\/54.0","version":"12.0.0.29"}
Or with previously logged user - reinis:
Aug 15 16:36:50 nextcloud httpd[3031]: [:error] [pid 3031] [client 192.168.20.125:43117] PHP Warning: fileperms(): stat failed for /opt/data/nextcloud.log in /var/www/html/nextcloud/lib/private/Log/File.php on line 122
Aug 15 16:36:50 nextcloud httpd[3031]: [:error] [pid 3031] [client 192.168.20.125:43117] {"reqId":"WZL48jmwqeJEN51EO-50fAAAAAo","level":3,"time":"2017-08-15T13:36:50+00:00","remoteAddr":"192.168.20.125","user":"reinis","app":"PHP","method":"GET","url":"\\/index.php\\/apps\\/theming\\/img\\/core\\/filetypes\\/application.svg?v=2","message":"fileperms(): stat failed for \\/opt\\/data\\/nextcloud.log at \\/var\\/www\\/html\\/nextcloud\\/lib\\/private\\/Log\\/File.php#122","userAgent":"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/60.0.3112.90 Safari\\/537.36","version":"12.0.0.29"}`
Aug 15 16:36:50 nextcloud httpd[3031]: [:error] [pid 3031] [client 192.168.20.125:43117] {"reqId":"WZL48jmwqeJEN51EO-50fAAAAAo","level":3,"time":"2017-08-15T13:36:50+00:00","remoteAddr":"192.168.20.125","user":"reinis","app":"PHP","method":"GET","url":"\\/index.php\\/apps\\/theming\\/img\\/core\\/filetypes\\/application.svg?v=2","message":"chmod(): Permission denied at \\/var\\/www\\/html\\/nextcloud\\/lib\\/private\\/Log\\/File.php#123","userAgent":"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/60.0.3112.90 Safari\\/537.36","version":"12.0.0.29"}`
Any ideas?