Hi!
I’ve got a question regarding security when deploying Nextcloud with the latest version of the official docker image.
First off, here’s my docker-compose.yml:
version: '3'
volumes:
nextcloud:
nextcloud-db:
services:
nextcloud-db:
image: mariadb
restart: always
volumes:
- ./db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
nextcloud:
image: nextcloud
restart: always
ports:
- 8080:80
links:
- nextcloud-db
volumes:
- ./nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=nextcloud-db
Everything works fine with this configuration + it’s more or less the same as the example one on Docker Hub.
With this configuration ( /var/www/html/data ) is the data directory. In several threads now I read about this not being secure because the data directory is contained in the folder that is also the webroot. That also doesn’t really sound secure. Therefore, my question: Is this setup secure enough to trust with my data? (and expose it more or less publicly on the internet?)
Simply changing the data directory with the NEXTCLOUD_DATA_DIR env variable or the setup script doesn’t work because Nextcloud doesn’t have permission to any folder outside of /var/www/html (and I don’t even know whether I even need to do this).
Thanks!