Safety issues and SSL


I just installed CODE and it’s working very well on my Nextcloud 13 under Debian Stretch. Thank you very much!

I followed your instructions, and there is a security issue for me: if I type the URL in my browser, I’m able to list the content of the folder /var/www/html. I found a related issue in and a fix has been merged by The solution is to amend the Apache configuration file, so that it includes these lines (/var/www or /var/www/html depending on your configuration):

<Directory /var/www/html>
Options -Indexes

Could you and the Nextcloud team modify the example of Vhost that you provide? Newbies like me don’t understand all parameters of such files and it could lead to security issues.

In addition, and for reference if somebody has the same issue as I had, I copy here the result of my research to make it work with Let’s Encrypt ACME. Because here, there is no webroot to indicate in the standard command I used: sudo certbot --authenticator webroot --installer apache

I had to use the following command to make it work: sudo certbot certonly --authenticator standalone --pre-hook "apachectl -k stop" --post-hook "apachectl -k start" and then indicate the right folder in the apache configuration file.

Thank you again,