Nextcloud - htaccess not working

Ні
After upgrading to Nextcloud 29.0.0 (from ix-systems), the following error appeared:

Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.

Is there a cure for this?

1 Like

I am also having the same issue. From my understanding Nextcloud is looking for .htaccess file which for Apache based server but Nextcloud on truenas uses nginx. But I am total noob so I don’t know how fix it.

I recommend you try something else first before touching.htaccess. This is related to the new way Nextcloud is testing security which used to be client side and now is server side. Do you know how to open/edit your config.php file? If you feel comfortable doing so, please check “trusted domains” and “trusted proxies”. These should only contain your FQDN and internal IP respectively. Do that and try again.

Have you opened a Jira ticket to report this issue? If you are getting tracebacks or error messages about missing files you should let the developers know about this issue.

There is no need. It is not a bug. If you read my post, this should do the trick.

There is no need. It is not a bug. If you read my post, this should do the trick.

1 Like

I had no problems deploying Nextcloud in 24.04.0 following the instructions in the TrueNAS documentation hub article. The article is out of date with the current UI but is still correct in the procedure in general. I’ll be pushing updates to this article today.

Do I open this in the shell to truenas?

yes. I don’t know what your exact setup is so i don’t know where exactly config.php is located for you but indeed you open config.php with your preferred editor (i use nano)

If you feel uncomfortable doing this, it may help to post your config.php in the thread. You can easily do this by going to adminstration settings and selected support from the menu on the left. There you see a button "generate system report. This will created a folder “system information” in which you will find a file named “YYYY-MM-DD.MD” you can open that and your config.php will be inside looking a bit like this:

{
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "xxxx.mydomain.be",
        "192.168.x.xxx"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "29.0.0.19",
    "overwrite.cli.url": "https:\/\/xxx.mydomain.be",
    "overwriteprotocol": "https",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "logtimezone": "Europe\/Brussels",
    "default_phone_region": "BE",
    "log_type": "file",
    "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
    "loglevel": "2",
    "logrotate_size": "104847600",
    "memcache.local": "\\OC\\Memcache\\APCu",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 0
    },
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "htaccess.RewriteBase": "\/",
    "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
    "maintenance_window_start": 5,
    "app_install_overwrite": [
        "occweb"
    ],
    "mail_smtpmode": "smtp",
    "mail_smtpsecure": "ssl",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "465",
    "mail_smtpauth": 1,
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "maintenance": false,
    "updater.release.channel": "stable",
    "theme": "",
    "memories.db.triggers.fcu": true,
    "memories.exiftool_no_local": true,
    "memories.vod.path": "\/usr\/local\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
    "memories.vod.ffmpeg": "\/usr\/local\/bin\/ffmpeg",
    "memories.vod.ffprobe": "\/usr\/local\/bin\/ffprobe",
    "enabledPreviewProviders": [
        "OC\\Preview\\Image",
        "OC\\Preview\\HEIC",
        "OC\\Preview\\TIFF",
        "OC\\Preview\\Movie"
    ]
}

Ok, I’ll give it a whirl later on tonight. If you want help with the article I just did a new install of Nextcloud. A lot of bumps in the road to get it to run. lol

Thanks in advance.

Thanks, but i am pretty ok for now

@ddaenen1 Here’s the report.

{
“htaccess.RewriteBase”: “/”,
“memcache.local”: “\OC\Memcache\APCu”,
“apps_paths”: [
{
“path”: “/var/www/html/apps”,
“url”: “/apps”,
“writable”: false
},
{
“path”: “/var/www/html/custom_apps”,
“url”: “/custom_apps”,
“writable”: true
}
],
“memcache.distributed”: “\OC\Memcache\Redis”,
“memcache.locking”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “REMOVED SENSITIVE VALUE”,
“password”: “REMOVED SENSITIVE VALUE”,
“port”: 6379
},
“overwritehost”: “172.22.189.176:9001”,
“overwriteprotocol”: “https”,
“trusted_proxies”: “REMOVED SENSITIVE VALUE”,
“upgrade.disable-web”: true,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
“localhost”,
“172.22.189.176”,
“127.0.0.1”,
“localhost”,
“nextcloud-init-sync.lock”,
“nextcloud”
],
“datadirectory”: “REMOVED SENSITIVE VALUE”,
“dbtype”: “pgsql”,
“version”: “29.0.0.19”,
“overwrite.cli.url”: “https://localhost”,
“dbname”: “REMOVED SENSITIVE VALUE”,
“dbhost”: “REMOVED SENSITIVE VALUE”,
“dbport”: “”,
“dbtableprefix”: “oc_”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“installed”: true,
“instanceid”: “REMOVED SENSITIVE VALUE
}

@ddaenen1
I’m still not sure where to adjust the settings.
When i go to the truenas server shell and type ls i’m not able to see anything.
its apparent I don’t know how to adjust my config file. lol.
I feel like this is very different to arch linux lol.
After college I have to dive deeper into this.

Yes that is what my config file says.

from your replies, i am unsure if you know how to edit config.php. If you know how to do it, remove “localhost” (twice?) and “127.0.0.1” from “trusted_domains” and only keep the IP you use to access Nextcloud. Looking at your config.php, i assume you are not accessing Nextcloud externally via an FQDN, right?

1 Like

Yes my Nextcloud only runs on my local network at the moment.
Once I iron out the issues I will make it accessible from outside my network.
This is my end goal with Nextcloud.
You are correct in assuming I do not know how to edit the config files.
I’m new ish to Truenas.
I have been lucky enough to now have any issues till now.

Same issue. My php.config file shows this:

'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '192.168.x.xxx',
  ),```

Yet, I get the same:

Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.

If anyone solves this, I would like to know as well. According to NextCloud, this appears to fix it (on say a Linode instance:)

Edit /etc/apache2/apache2.conf

Scroll to the directory area and change

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

To

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

If you click on System Settings > Shell in TrueNAS dashboard, you’ll find the Shell where you can use the command line.

Then type in cd /mnt/Main_Tank/Nextcloud/NC-data/config to get to the right folder.

After that, you can edit the config.php file by typing sudo nano /mnt/Main_Tank/Nextcloud/NC-data/config/config.php. I believe you can su into root instead, as well.

That’s where you’ll see it. Noting this here as much for myself because I think you have done this already.

1 Like

I only have localhost and an IP address listed and still get the same error message. Is there something else that I can edit?
Thanks, Matt

“localhost” needs to go. Only your FQDN or IP needs to remain in “trusted_domains”

It should look like this after the edit:

'trusted_domains' => 
  array (
    0 => '192.168.x.xxx',
  ),```
2 Likes