-
-
Notifications
You must be signed in to change notification settings - Fork 662
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade from Nextcloud 28.0.6 to 29.0.1 results in security warning #2640
Comments
Thanks for the quick answer.
The thing is: everything works fine. I'm just concerned about the security warning. Nextcloud Scan (from https://scan.nextcloud.com/) says everything is fine. What do you think? |
Yeah and what about |
|
Can you post a screenshot of what you see in the admin overview? |
Let's break this down...
Can you post a
It's already outside of document root ( So I'd say a bug in Nextcloud, and a false positive. |
|
LGTM. :) |
@JSchimmelpfennig Can you test: |
|
Guys I have to say I'm amazed by the quality and speed in your responses 🥳 |
Yeah, so the NC check is wrong! I don't know how to debug this furher, no PHP expert sorry. :/ Off-topic rant; same as with this, the check still says it's needed even though it's replaced with Imaginary for generation, and that was 6 years ago.... Just saying :) |
JFTR, did the same check myself on a VM installed with the latest scripts like 1 week ago (just to confirm
|
Well, here's the real issue I think: nextcloud/server#45087 Let's continue there. |
@JSchimmelpfennig If you change your rewrite command for port 80 to this instead, does it work?
Or actually, just rerun the whole Let's Encrypt script for your already existing domain. |
Hi, sorry I must have overread the notification for your answer. So I changed /etc/apache2/sites-available/mydomain.com.conf
and the warning went away :-) Current machine version: Nextcloud Hub 8 (29.0.4) |
Sorry for the late answer, yes that's what we do in main: vm/lets-encrypt/activate-tls.sh Line 140 in 99ab136
|
Steps To Reproduce
Hello guys :)
thank you for the awesome VM.
After upgrading from Nextcloud 28.0.6 to 29.0.1 I see the following security warning in the admin web interface:
Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.
Expected Result
No security warning because I didn't change anything manually and the warning was not there in 28.0.6.
If you need any more information, I'll provide it. Thank you in advance :)
Actual Result
I get a security warning. I checked some other threads about this error, but I think my configs are fine:
/var/www/nextcloud/config/config.php
/etc/apache2/sites-available/mydomain.com.conf
Build Version
29.0.1
Environment
By using the scripts
Environment Details
Ubuntu 22.04.4 with ZFS on Proxmox.
php -v
apache -v
The text was updated successfully, but these errors were encountered: