I have a problem with nginx and owncloud. When i access the owncloud's login page i get this error:
Your data directory and your files are probably accessible from the
internet. The .htaccess file that ownCloud provides is not working. We
strongly suggest that you configure your webserver in a way that the
data directory is no longer accessible or you move the data directory
outside the webserver document root.
Here is my vhost file:
server {
listen 80;
server_name default_server;
root /usr/share/nginx/www;
index index.html index.htm;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /phpmyadmin {
rewrite ^ https://$http_host$request_uri? permanent;
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
location /owncloud {
rewrite ^ https://$http_host$request_uri? permanent;
}
location /cloud {
rewrite ^/* /phpmyadmin last;
}
location /roundcube {
rewrite ^ https://$http_host$request_uri? permanent;
}
location /RoundCube {
rewrite ^/* /roundcube last;
}
location /squirrelmail {
rewrite ^ https://$http_host$request_uri? permanent;
}
location /SquirrelMail {
rewrite ^/* /squirrelmail last;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/localcerts/certificate.crt;
ssl_certificate_key /etc/ssl/localcerts/privateKey.key;
server_name default_server;
root /usr/share/nginx/www;
index index.html index.htm;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS $https;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
location /owncloud {
root /var/www/;
index index.php index.html index.htm;
location ~ ^/owncloud/(.+\.php)$ {
try_files $uri =404;
root /var/www/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS $https;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/owncloud/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/;
}
}
location /ownCloud {
rewrite ^/* /owncloud last;
}
location /roundcube {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/roundcube/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS $https;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/roundcube/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /RoundCube {
rewrite ^/* /roundcube last;
}
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS $https;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /SquirrelMail {
rewrite ^/* /squirrelmail last;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
Specifically here is the location /owncloud:
location /owncloud {
root /var/www/;
index index.php index.html index.htm;
location ~ ^/owncloud/(.+\.php)$ {
try_files $uri =404;
root /var/www/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS $https;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/owncloud/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/;
}
}
location /ownCloud {
rewrite ^/* /owncloud last;
}
I tried to fix it based on the documentation http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html#nginx-configuration but i can't.
I also changed permissions just in case that was causing the error but it did't fix it:
chown -R www-data:www-data /var/www/owncloud
phpmyadmin, roundcube and squirrelmail work just fine so i used their configuration only changing the root path of owncloud which is /var/www/owncloud.
Here is the contents of the owncloud/
root@vps1:/var/www# ls -l owncloud/
total 156
drwxr-xr-x 26 www-data www-data 4096 Σεπ 6 18:38 3rdparty
drwxrwxrwx 32 www-data www-data 4096 Σεπ 6 18:38 apps
-rw-r--r-- 1 www-data www-data 585 Σεπ 6 18:38 AUTHORS
drwxrwxrwx 2 www-data www-data 4096 Σεπ 27 18:54 config
-rw-r--r-- 1 www-data www-data 832 Σεπ 6 18:38 console.php
-rw-r--r-- 1 www-data www-data 34520 Σεπ 6 18:38 COPYING-AGPL
-rw-r--r-- 1 www-data www-data 567 Σεπ 6 18:38 COPYING-README
drwxr-xr-x 10 www-data www-data 4096 Σεπ 6 18:38 core
-rw-r--r-- 1 www-data www-data 3156 Σεπ 6 18:38 cron.php
drwxrwx--- 2 www-data www-data 4096 Σεπ 27 18:54 data
-rw-r--r-- 1 www-data www-data 17669 Σεπ 6 18:38 db_structure.xml
drwxr-xr-x 2 www-data www-data 4096 Σεπ 6 18:38 files
-rw-r--r-- 1 www-data www-data 179 Σεπ 6 18:38 index.html
-rw-r--r-- 1 www-data www-data 853 Σεπ 6 18:38 index.php
drwxr-xr-x 81 www-data www-data 4096 Σεπ 6 18:38 l10n
drwxr-xr-x 20 www-data www-data 4096 Σεπ 6 18:38 lib
-rw-r--r-- 1 www-data www-data 279 Σεπ 6 18:38 occ
drwxr-xr-x 2 www-data www-data 4096 Σεπ 6 18:38 ocs
-rw-r--r-- 1 www-data www-data 443 Σεπ 6 18:38 public.php
-rw-r--r-- 1 www-data www-data 753 Σεπ 6 18:38 README
-rw-r--r-- 1 www-data www-data 960 Σεπ 6 18:38 remote.php
-rw-r--r-- 1 www-data www-data 26 Σεπ 6 18:38 robots.txt
drwxr-xr-x 6 www-data www-data 4096 Σεπ 6 18:38 search
drwxr-xr-x 8 www-data www-data 4096 Σεπ 6 18:38 settings
-rw-r--r-- 1 www-data www-data 1216 Σεπ 6 18:38 status.php
drwxr-xr-x 2 www-data www-data 4096 Σεπ 6 18:38 themes
-rw-r--r-- 1 www-data www-data 2460 Σεπ 6 18:38 upgrade.php
I noticed that the tar file doesn't include tha /data folder and is created the first time you access the owncloud's web interface. Also these files are created:
root@vps1:/var/www# ls -la owncloud/data/
total 12
drwxrwx--- 2 www-data www-data 4096 Σεπ 27 18:54 .
drwxr-xr-x 14 www-data www-data 4096 Σεπ 27 18:54 ..
-rw-r--r-- 1 www-data www-data 27 Σεπ 27 18:54 .htaccess
-rw-r--r-- 1 www-data www-data 0 Σεπ 27 18:54 index.html
So i am not sure in which .htaccess file the warning is referring to.
/var/www/owncloud/.htaccess
or
/var/www/owncloud/data/.htaccess
or how to fix it.
Edit: i tried adding this and it still doesn't work.
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
Best Answer
My fellow Greek guy:
The problem seems to be that the directory where the data UPLOADED to Owncloud (the data you want accessible like a "cloud") is a subdirectory of the document root of your server, where ONLY directories and files for the functionality of Owncloud ITSELF should be. This is the /var/www directory that you mention. User data has no place inside /var/www, otherwise it is accessible from the Internet with a simple "list" of the served files .
Normally, during the initial setup wizard, run from the browser, you have the option to set the path to the data directory. Even if you miss it, you can always change afterwards, by setting the "datadirectory" directive in the config.php file of the Owncloud installation. Like this:
You can find more on the topic inside this forum post.
As a note of caution, it is always important to have the LEAST possible amount of data available through the wire. You can look here for some very good points about document root permissions.