Nextcloud - htaccess not working

Zack · May 14, 2024, 8:55pm

Thank you!
So I have to type the absolute path to get there.
Thanks.

visamp · May 15, 2024, 12:25am

I updated the config file to show ONLY the IP address and restarted NextCloud, but still I have the error:

Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.

   'trusted_domains' =>
   array (
     0 => '192.168.x.xxx',
   ),

I wonder if there needs to be some sort of edit somewhere done to redirect it to point .htaccess file to the config.php file? But I’m only guessing here…

ddaenen1 · May 15, 2024, 5:18pm

yes, you also need to check ‘trusted_proxies’ in config.php: should also only contain your IP, no localhost or anything else. Also check ‘overwrite.cli.url’: this should be empty if your are not using an FQDN like so `‘overwrite.cli.url’ => ‘’,

Zack · May 16, 2024, 3:32am

I still get the same errors.
I also restarted the app after making adjustments.
Any Ideas?

visamp · May 16, 2024, 2:28pm

Removing the ‘localhost’ here took my system down, so I added it back. Very strange.

visamp · May 16, 2024, 2:31pm

Seems like it needs that to understand that the requests will come from the local network. I again only use a local IP address to access Nextcloud and do not have open ports, etc. to have available outside the network.

Zack · May 16, 2024, 2:49pm

It did not for me does yours look similar to mine?
I forgot to close the parentheses which took if offline.
I then went back into the config and closed them I was good.

Zack · May 16, 2024, 2:54pm

Agreed. Mine is local as well but, my end goal is to not have it that way. Still worried that is will some how have a glitch that could expose my files unintentionally.

ddaenen1 · May 16, 2024, 6:46pm

I am running out of ideas and maybe there is some difference because my Nextcloud is set up using Caddy and not Apache or Nginx. For me, making these changes worked fine. The difference is though that i am accessing my Nextcloud instance only through an FQDN. I use the ACME package for letsencrypt certificates and HAproxy as a reverse proxy which i both have set up in pfSense. I do believe this set up is quite secure though. I have trust in the pfSense firewall and have gone through all the testing and the Nextcloud security scan gave me an A+.

Zack · May 16, 2024, 7:17pm

Pfsense is pretty good.
Maybe this is just a local network issue since we aren’t actually connecting outside our network.
@visamp if you find out anything let me know and I will do the same.
I’m not done working this out lol.

edco · May 27, 2024, 12:02pm

Has anyone found a solution to this problem?

I’ve manually removed all “localhost” entries from my config.php, but still no luck.

dan · May 27, 2024, 12:50pm

This sounds like you’re using my script, which makes a jail for Nextcloud on CORE. The problem reported here deals with the “official” Nextcloud app on SCALE. Both Nextcloud, yes, but very different installations. And it’s far from clear that this isn’t just a matter of Nextcloud giving a false positive.

ddaenen1 · May 27, 2024, 4:30pm

You may be right but from all i’ve read, i understand this is due to the change in how Nextcloud performs this check and that shouldn’t be different regardless of installation.

Zack · May 27, 2024, 8:12pm

There in lies my issue. If it’s a false positive no big deal, but I just don’t want my “stuff” ending up on the internet when it’s suppose to be a local install, due to some kind of glitch in their software.

Zack · May 27, 2024, 8:13pm

I have not. I have tried reinstalling it to see if the problem was solved, but the error is still there.

dan · May 27, 2024, 8:23pm

If it’s not exposed to the Internet, then it can’t leak to the Internet. If you want to confirm that it’s a false positive, try browsing to /data on your Nextcloud installation.

janot928 · June 11, 2024, 6:06pm

Hi,
Thanks for the tips @ddaenen1 :

I removed all but my domain from the “trusted_domains”
I modified the [“overwrite.cli.url”: “https://localhost”,] to [“overwrite.cli.url”: “https://my.domain.com”,] (recommanded on the nextcloud dashboard)
I modified the php.config as suggested by @visamp

results : no more red warning about .htaccess

I was about to bang my head on a wall trying to figure it out, so thanks you both !

ddaenen1 · June 11, 2024, 6:40pm

Happy to hear it worked for you as it did for me.

Raj_logger · June 18, 2024, 10:18pm

I am having similar or related issue. Changed my config.php to remove extra trusted doman entries and not my proxy adn trusted domains are as below. I cant access from outside. I use Nginx proxy manager with couldflare and similar access used to work on nextcloud jail.

‘trusted_domains’ =>
array (
0 => ‘https://mydomain.com’,
1 => ‘10.13.58.25’,

trusted proxies
‘trusted_proxies’ =>
array (
0 => ‘172.17.0.0/16’,
1 => ‘172.16.0.0/16’,
2 => ‘127.0.0.1’,

Page does not resolve anymore.

Vertighost · June 19, 2024, 2:58pm

Hello, everyone!
I, too, am having this issue and I am trying to follow everything above. This is what my config.php file has.

Trusted Domains
Trusted Proxies

I have recently removed the “localhost” from the trusted proxies but still see the litany of errors. What are we missing?

Thanks for your help!