The default installation expose all stored data

[EliasGabrielsson]

As the security scan points out:

Your data directory and files are probably accessible from the Internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.

I wonder if it would make more sense to just put the data directory outside the www root.
wdyt?

[EliasGabrielsson]

Looks like this line just needs to be changed:

iocage-plugin-nextcloud/post_install.sh

Line 109 in ff30b09

su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"nextcloud\" --database-user=\"$USER\" --database-pass=\"$PASS\" --database-host=\"localhost\" --admin-user=\"$NCUSER\" --admin-pass=\"$NCPASS\" --data-dir=\"/usr/local/www/nextcloud/data\""

specific the data-dir part