Placing the data directory outside of the Web root

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
,
1

I’m using Nextcloud on Docker. Here is my compose file:

# Nextcloud
services:
  db:
    image: postgres
    restart: always
    volumes:
      - ${PATH_TO_DATA}/postgresql/db:/var/lib/postgresql/data
    environment:      
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}

  redis:
    image: redis
    restart: always
    
  app:
    image: nextcloud
    restart: unless-stopped
    ports:
      - 8080:80
    volumes:
      - ${PATH_TO_DATA}/nextcloud/html:/var/www/html
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - REDIS_HOST=redis
    depends_on:
      - db
      - redis

  cron:
    image: nextcloud
    restart: always
    volumes:
      - nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis

volumes:
  db:
  nextcloud:

So I’m looking at the documentation regarding Hardening and security guidance

and it says:

Place data directory outside of the web root
It is highly recommended to place your data directory outside of the Web root (i.e. outside of /var/www). It is easiest to do this on a new installation.

In my case I have:

${PATH_TO_DATA}/nextcloud/html:/var/www/html

Does this apply to placing the data outside of the Web root or does moving the directory when you are using docker even an issue?

If this isn’t the solution can anyone suggest a solution to moving the data directory in a Nextcloud Docker installation?

2

usually you don’t need to care about data directory with Docker micro-service (community) image. “likely” the check is simply wrong as it was changed with nc29 and shows some false positives now

There are some posts on the frum you can review the problem and techniques to verify if the data directory is in fact accessible from outside.. search for htaccess and similar topics

3

usually you don’t need to care about data directory with Docker micro-service (community) image. “likely” the check is simply wrong as it was changed with nc29 and shows some false positives now

There was no check. I was just reading about hardening here

In other words I was in the “Administration Settings”.

I’ll so a search for htaccess and similar topics and see where it goes. I did search the forum for “Placing the data directory outside of the Web root” and could only find older posts so thought it was ok to post again.

Thanks for your reply and help.