Nextcloud on Raspberry Pi & changing Apache root directory

Hi, I have installed nextcloud on Raspberry pi running Raspbian Stretch Lite. It is installed under /var/www/html/nextcloud directory.

In the sites-available/000-default-le-ssl.conf I changed DocumentRoot to
DocumentRoot /var/www/html/nextcloud

After this, the site works correctly but I ran a scan using Nmap and it exposed few files. Most being JS & CSS files.

  1. https://redacted/core/vendor/core.js?v=6e38f86c-7. Contents of this JS files were exposed.

  2. https://REDACTED/core/vendor/select2/select2.css?v=6e38f86c-7]. Contents of this css file were also exposed.

Hence, I added a redirect using:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /nextcloud/ [R=301]

The site is working fine now too.

I wanted to understand the security implications of this given the internet exposure of the site.

  1. Is it secure to change the DocumentRoot to NextClouds installation folder (which worked perfectly) but exposed the files I mentioned above.

  2. Is it secure to Rewrite (add redirect) to Nextcloud as done above.

The above mentioned code is working for me. Only difference being, instead of: showing Nextcloud shows up nextcloud login page.

Are there any security implications?