httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lentes, Bernd" <>
Subject [users@httpd] Apache and nextcloud - insecure ?
Date Tue, 01 Sep 2020 11:05:55 GMT

i'm planning to install Nextcloud on an Ubuntu 20.04 with Apache.
But the recommendations from Nextcloud to configure Apache don't appeal to me.

The recommendation is to change the owner of the DocumentRoot of the Nextcloud installation
to www-data, the user the apache2 process is running.
"chown -R www-data:www-data /var/www/nextcloud/"
This is weird, isn't it ? I remember
"Permissions on ServerRoot Directories"
which is contradictory to that.

2. The second recommendation is even stranger:
"mod_env and mod_rewrite must be installed on your webserver and the .htaccess must be writable
by the HTTP user. Then you can set in the config.php two variables:"
.htaccess writeable by the HTTP User !?! I'm no Webserver expert, but i get pain in my stomach
reading this.
What do you think ?
Has anyone experience in installing nextcloud ?
Would it be a good idea to install nextcloud via snap, which seems to be more secure ?


Bernd Lentes 
Institute for Metabolism and Cell Death (MCD) 
Building 25 - office 122 
HelmholtzZentrum München 
phone: +49 89 3187 1241 
phone: +49 89 3187 3827 
fax: +49 89 3187 2294 

stay healthy
Helmholtz Zentrum München

Helmholtz Zentrum München

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message