fix Apache rules (#2483)

nextcloud · May 2, 2023 · 34272bd · 34272bd
1 parent 6772a66
commit 34272bd
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 22 deletions.
diff --git a/lets-encrypt/activate-tls.sh b/lets-encrypt/activate-tls.sh
@@ -171,19 +171,31 @@ then
  <Directory $NCPATH>
  Options Indexes FollowSymLinks
  AllowOverride None
- ### include all .htaccess
- Include $NCPATH/.htaccess
- Include $NCPATH/config/.htaccess
- Include $NCDATA/.htaccess
- ###
  Require all granted
  Satisfy Any
+ # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read
+ Include $NCPATH/.htaccess
+ </Directory>
+
+ # Deny access to your data directory
+ <Directory $NCDATA>
+ Require all denied
+ </Directory>
+
+ # Deny access to the Nextcloud config folder
+ <Directory "$NCPATH"/config/>
+ Require all denied
  </Directory>
 
  <IfModule mod_dav.c>
  Dav off
  </IfModule>
 
+ # The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients.
+ <Files ".ht*">
+ Require all denied
+ </Files>
+
  SetEnv HOME $NCPATH
  SetEnv HTTP_HOME $NCPATH
 

diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh
@@ -755,26 +755,27 @@ then
  <Directory $NCPATH>
  Options Indexes FollowSymLinks
  AllowOverride None
- ### include all .htaccess
- Include $NCPATH/.htaccess
- Include $NCPATH/config/.htaccess
- Include $NCDATA/.htaccess
- ###
  Require all granted
  Satisfy Any
+ # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read
+ Include $NCPATH/.htaccess
  </Directory>
 
- <IfModule mod_dav.c>
- Dav off
- </IfModule>
+ # Deny access to your data directory
+ <Directory $NCDATA>
+ Require all denied
+ </Directory>
 
- <Directory "$NCDATA">
- # just in case if .htaccess gets disabled
+ # Deny access to the Nextcloud config folder
+ <Directory "$NCPATH"/config/>
  Require all denied
  </Directory>
 
- # The following lines prevent .htaccess and .htpasswd files from being
- # viewed by Web clients.
+ <IfModule mod_dav.c>
+ Dav off
+ </IfModule>
+
+ # The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients.
  <Files ".ht*">
  Require all denied
  </Files>
@@ -848,13 +849,20 @@ then
  <Directory $NCPATH>
  Options Indexes FollowSymLinks
  AllowOverride None
- ### include all .htaccess
- Include $NCPATH/.htaccess
- Include $NCPATH/config/.htaccess
- Include $NCDATA/.htaccess
- ###
  Require all granted
  Satisfy Any
+ # This is to include all the Nextcloud rules due to that we use PHP-FPM and .htaccess aren't read
+ Include $NCPATH/.htaccess
+ </Directory>
+
+ # Deny access to your data directory
+ <Directory $NCDATA>
+ Require all denied
+ </Directory>
+
+ # Deny access to the Nextcloud config folder
+ <Directory "$NCPATH"/config/>
+ Require all denied
  </Directory>
 
  <IfModule mod_dav.c>