Securing Your Nextcloud Data Directory in Docker

BigBearBlog
1

If you’re running Nextcloud in a Docker container, you might encounter this warning:

Your data directory and files are probably accessible from the internet. The htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.

This error indicates a potential security risk. Your Nextcloud data, stored in /var/www/html/data, might be publicly accessible. Let’s fix this by relocating the data directory using Docker volumes.

Step-by-Step Guide

  1. Copy the current data
    First, we need to copy the existing data to a new location outside the web root. Run this command:

    docker exec <your-nextcloud-container> cp -R /var/www/html/data /path/to/new/location

    Replace <your-nextcloud-container> with your Nextcloud container name or ID, and /path/to/new/location with your desired new location.

  2. Create a new volume bind
    Update your Docker Compose file or Docker run command to include a new volume bind. Add this line:

    - /path/to/new/location:/var/www/html/data

  3. Move the data
    Now, move the data to the new bind location:

    mv /path/to/new/location/* /path/to/bind/location/

    Replace /path/to/bind/location/ with the actual path you specified in the volume bind.

  4. Update Nextcloud configuration
    You may need to update your Nextcloud configuration to reflect the new data directory location. Edit the config.php file in your Nextcloud container:

    docker exec -it <your-nextcloud-container> nano /var/www/html/config/config.php

    Update the datadirectory parameter:

    'datadirectory' => '/var/www/html/data',

  5. Restart your Nextcloud container
    Finally, restart your Nextcloud container to apply the changes:

    docker restart <your-nextcloud-container>

Conclusion

By following these steps, you’ve successfully moved your Nextcloud data directory to a more secure location. This prevents direct access to your files through the web server, significantly improving your Nextcloud instance’s security.

Remember to always back up your data before making such changes, and test thoroughly after implementation to ensure everything is working as expected.