docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Place the data folder outside of www/html

Open etokheim opened this issue 2 years ago • 7 comments

Hi, and thanks for all the good work!

I was wondering why the data folder is located inside var/www/html, when this is not the recommended practice according to the docs?

It is highly recommended to place your data directory outside of the Web root (i.e. outside of /var/www). (Hardening and security guidance)

Wouldn't it be easy to fix this in the build process? Could you say anything about why it's not done, if there was any reasoning behind it - and also how this impacts security?

etokheim avatar Dec 26 '22 00:12 etokheim

We can't predict the value of NEXTCLOUD_DATA_DIR during build time. The default of the Image is the same as for Nextcloud (/var/www/html/data) but as you said it's highly recommend to customize it.

J0WI avatar Apr 04 '23 17:04 J0WI

Why can't you just set it to ie. /data?

It doesn't have to be customizable, so why would you have to predict it?

etokheim avatar Apr 05 '23 07:04 etokheim

/data does not exist. If NEXTCLOUD_DATA_DIR is set, users need to mount their data into this location and take care of the permissions and persistence. Otherwise they may loose all data if the container is recreated. Adding multiple volumes by default is not a good option because there is no way to undefine volumes in Docker. On the other hand it's very easy to add additional images on top of this image. Some examples are described here: https://github.com/nextcloud/docker#persistent-data

J0WI avatar Apr 07 '23 13:04 J0WI

@jowi i would also think of adding a volume nextcloud_data, mount it to a different location than /var/www/html and use that location per default in NEXTCLOUD_DATA_DIR. What do you mean with "undefine volumes"?

obel1x avatar May 27 '23 04:05 obel1x

What do you mean with "undefine volumes"? https://docs.docker.com/engine/reference/builder/#volume

You can only declare multiple volumes in the Dockerfile but users or child images cannot overwrite or disable them. Every VOLUME will get registered on startup.

J0WI avatar May 27 '23 12:05 J0WI

What do you mean with "undefine volumes"? https://docs.docker.com/engine/reference/builder/#volume

You can only declare multiple volumes in the Dockerfile but users or child images cannot overwrite or disable them. Every VOLUME will get registered on startup.

Yes, but why not use nextcloud_data:/var/www/nextcloud_data and use it?

obel1x avatar May 28 '23 06:05 obel1x

@obel1x I haven't thought much about this particular matter, but I think the answer is: because we'd have to accommodate both VOLUMEs no matter what from then on... We can't just change things without dealing with backwards compatibility of existing installations too...

joshtrichards avatar Oct 25 '23 01:10 joshtrichards