I’ve got a question regarding security when deploying Nextcloud with the latest version of the official docker image.
First off, here’s my
version: '3' volumes: nextcloud: nextcloud-db: services: nextcloud-db: image: mariadb restart: always volumes: - ./db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD= - MYSQL_PASSWORD= - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud nextcloud: image: nextcloud restart: always ports: - 8080:80 links: - nextcloud-db volumes: - ./nextcloud:/var/www/html environment: - MYSQL_PASSWORD= - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_HOST=nextcloud-db
Everything works fine with this configuration + it’s more or less the same as the example one on Docker Hub.
With this configuration (
/var/www/html/data ) is the data directory. In several threads now I read about this not being secure because the data directory is contained in the folder that is also the webroot. That also doesn’t really sound secure. Therefore, my question: Is this setup secure enough to trust with my data? (and expose it more or less publicly on the internet?)
Simply changing the data directory with the
NEXTCLOUD_DATA_DIR env variable or the setup script doesn’t work because Nextcloud doesn’t have permission to any folder outside of
/var/www/html (and I don’t even know whether I even need to do this).