Hi Nextcloud community!
I am stuck with a problem concerning the .htaccess warning ("“Your data directory and your files are probably accessible from the Internet…”"). I checked if this is the case and indeed: it is possible to simply download the files from my cloud:
wget https://cloud.myurl.com/data/jakob/files/someFolder/someFile.pdf
works and downloads the file without complaining. This would be a disaster if my files were not encrypted.
In other threads here, here and here I read about the necessary apache configurations, like setting the AllowOverride All
option and activating the apache rewrite
module.
My apache does seem to recognize that there is a .htaccess file: When I add nonsense lines to it and restart apache, it complains.
From this post I understand that there is the possibility of simply moving the data directory somewhere else, out of reach for the apache webserver. Nevertheless, there must be something missing in my setup to make the .htaccess file work as it is supposed to be.
I am running a Ubuntu 16.04 system with Nextcloud 16.04 on apache 2.4.18; I pretty much followed the instructions described in the installation manual.
My apache config:
<VirtualHost *:80>
DocumentRoot "/var/www/nextcloud"
ServerName cloud.myurl.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Order allow,deny
allow from all
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.myurl.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
The config.php
<?php
$CONFIG = array (
'instanceid' => 'someid',
'passwordsalt' => 'someSalt',
'secret' => 'someSecret',
'trusted_domains' =>
array (
0 => 'bla.url.com',
1 => 'cloud.myurl.com',
),
'datadirectory' => '/var/www/nextcloud/data',
'overwrite.cli.url' => 'https://cloud.myurl.com',
'dbtype' => 'mysql',
'version' => '9.1.0.16',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextclouduser',
'dbpassword' => 'somePwd',
'logtimezone' => 'UTC',
'installed' => true,
'mail_from_address' => 'noreply',
'mail_smtpmode' => 'php',
'mail_domain' => 'myaddress.com',
'maintenance' => false,
'appstore.experimental.enabled' => false,
'htaccess.RewriteBase' => '/',
);
and the .htaccess file
<IfModule mod_headers.c>
<IfModule mod_setenvif.c>
<IfModule mod_fcgid.c>
SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
</IfModule>
<IfModule mod_proxy_fcgi.c>
SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
<IfModule mod_env.c>
# Add security and privacy related headers
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
SetEnv modHeadersAvailable true
</IfModule>
# Add cache control for CSS and JS files
<FilesMatch "\.(css|js)$">
Header set Cache-Control "max-age=7200, public"
</FilesMatch>
</IfModule>
<IfModule mod_php5.c>
php_value upload_max_filesize 513M
php_value post_max_size 513M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value always_populate_raw_post_data -1
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
SetEnv htaccessWorking true
</IfModule>
</IfModule>
<IfModule mod_php7.c>
php_value upload_max_filesize 513M
php_value post_max_size 513M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
SetEnv htaccessWorking true
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####
ErrorDocument 403 /core/templates/403.php
ErrorDocument 404 /core/templates/404.php
Is there anything obvious?
Thanks, Jakob