nginx和owncloud，.htaccess安全警告

我对nginx和owncloud有问题。 当我访问owncloud的login页面，我得到这个错误：

您的数据目录和您的文件可能从互联网上访问。 ownCloud提供的.htaccess文件不起作用。 我们强烈build议您以不能再访问数据目录的方式configurationWeb服务器，或者将数据目录移到Web服务器文档根目录之外。

这是我的虚拟主机文件：

server { listen 80; server_name default_server; root /usr/share/nginx/www; index index.html index.htm; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.html; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules } location /phpmyadmin { rewrite ^ https://$http_host$request_uri? permanent; } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } location /owncloud { rewrite ^ https://$http_host$request_uri? permanent; } location /cloud { rewrite ^/* /phpmyadmin last; } location /roundcube { rewrite ^ https://$http_host$request_uri? permanent; } location /RoundCube { rewrite ^/* /roundcube last; } location /squirrelmail { rewrite ^ https://$http_host$request_uri? permanent; } location /SquirrelMail { rewrite ^/* /squirrelmail last; } error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/www; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } } server { listen 443 ssl; ssl_certificate /etc/ssl/localcerts/certificate.crt; ssl_certificate_key /etc/ssl/localcerts/privateKey.key; server_name default_server; root /usr/share/nginx/www; index index.html index.htm; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.html; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules } location /phpmyadmin { root /usr/share/; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri =404; root /usr/share/; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param HTTPS $https; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } location /owncloud { root /var/www/; index index.php index.html index.htm; location ~ ^/owncloud/(.+\.php)$ { try_files $uri =404; root /var/www/; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param HTTPS $https; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/owncloud/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /var/www/; } } location /ownCloud { rewrite ^/* /owncloud last; } location /roundcube { root /usr/share/; index index.php index.html index.htm; location ~ ^/roundcube/(.+\.php)$ { try_files $uri =404; root /usr/share/; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param HTTPS $https; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/roundcube/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /RoundCube { rewrite ^/* /roundcube last; } location /squirrelmail { root /usr/share/; index index.php index.html index.htm; location ~ ^/squirrelmail/(.+\.php)$ { try_files $uri =404; root /usr/share/; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param HTTPS $https; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /SquirrelMail { rewrite ^/* /squirrelmail last; } location /doc/ { alias /usr/share/doc/; autoindex on; allow 127.0.0.1; allow ::1; deny all; } error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/www; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } } 

具体是这里的位置/ owncloud：

• 使用.htaccess失败将httpredirect到https
• 受保护的Apache Web子目录要求input两次密码
• htaccess需要帮助
• 我可以使用一个.htaccess文件在Linux服务器上的不同文件夹
• wordpress .htaccess文件被黑客入侵

 location /owncloud { root /var/www/; index index.php index.html index.htm; location ~ ^/owncloud/(.+\.php)$ { try_files $uri =404; root /var/www/; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param HTTPS $https; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/owncloud/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /var/www/; } } location /ownCloud { rewrite ^/* /owncloud last; } 

我试图修复它基于文档http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html#nginx-configuration，但我不能。

我也改变了权限，以防万一是导致错误，但没有解决它：

 chown -R www-data:www-data /var/www/owncloud 

phpmyadmin，roundcube和squirrelmail工作得很好，所以我用他们的configuration只改变了/ var / www / owncloud这个owncloud的根path。

这里是自己的内容/

 root@vps1:/var/www# ls -l owncloud/ total 156 drwxr-xr-x 26 www-data www-data 4096 Σεπ 6 18:38 3rdparty drwxrwxrwx 32 www-data www-data 4096 Σεπ 6 18:38 apps -rw-r--r-- 1 www-data www-data 585 Σεπ 6 18:38 AUTHORS drwxrwxrwx 2 www-data www-data 4096 Σεπ 27 18:54 config -rw-r--r-- 1 www-data www-data 832 Σεπ 6 18:38 console.php -rw-r--r-- 1 www-data www-data 34520 Σεπ 6 18:38 COPYING-AGPL -rw-r--r-- 1 www-data www-data 567 Σεπ 6 18:38 COPYING-README drwxr-xr-x 10 www-data www-data 4096 Σεπ 6 18:38 core -rw-r--r-- 1 www-data www-data 3156 Σεπ 6 18:38 cron.php drwxrwx--- 2 www-data www-data 4096 Σεπ 27 18:54 data -rw-r--r-- 1 www-data www-data 17669 Σεπ 6 18:38 db_structure.xml drwxr-xr-x 2 www-data www-data 4096 Σεπ 6 18:38 files -rw-r--r-- 1 www-data www-data 179 Σεπ 6 18:38 index.html -rw-r--r-- 1 www-data www-data 853 Σεπ 6 18:38 index.php drwxr-xr-x 81 www-data www-data 4096 Σεπ 6 18:38 l10n drwxr-xr-x 20 www-data www-data 4096 Σεπ 6 18:38 lib -rw-r--r-- 1 www-data www-data 279 Σεπ 6 18:38 occ drwxr-xr-x 2 www-data www-data 4096 Σεπ 6 18:38 ocs -rw-r--r-- 1 www-data www-data 443 Σεπ 6 18:38 public.php -rw-r--r-- 1 www-data www-data 753 Σεπ 6 18:38 README -rw-r--r-- 1 www-data www-data 960 Σεπ 6 18:38 remote.php -rw-r--r-- 1 www-data www-data 26 Σεπ 6 18:38 robots.txt drwxr-xr-x 6 www-data www-data 4096 Σεπ 6 18:38 search drwxr-xr-x 8 www-data www-data 4096 Σεπ 6 18:38 settings -rw-r--r-- 1 www-data www-data 1216 Σεπ 6 18:38 status.php drwxr-xr-x 2 www-data www-data 4096 Σεπ 6 18:38 themes -rw-r--r-- 1 www-data www-data 2460 Σεπ 6 18:38 upgrade.php 

我注意到tar文件不包含tha / data文件夹，并且是在您第一次访问自己云端的Web界面时创build的。 这些文件也被创build：

 root@vps1:/var/www# ls -la owncloud/data/ total 12 drwxrwx--- 2 www-data www-data 4096 Σεπ 27 18:54 . drwxr-xr-x 14 www-data www-data 4096 Σεπ 27 18:54 .. -rw-r--r-- 1 www-data www-data 27 Σεπ 27 18:54 .htaccess -rw-r--r-- 1 www-data www-data 0 Σεπ 27 18:54 index.html 

所以我不确定在哪个.htaccess文件的警告是指。 /var/www/owncloud/.htaccess或/var/www/owncloud/data/.htaccess或如何解决它。

编辑 ：我试图添加这个，它仍然无法正常工作。

 location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } 

 <?php $CONFIG = array ( 'datadirectory' => '/media/usbdisk/ocdata/', 'dbtype' => ... 

 root /var/www/; 

 location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } 

 location ~ ^/owncloud/(data|config|\.ht|db_structure\.xml|README) { deny all; } 

 server { listen 80; server_name default_server; root /usr/share/nginx/www; index index.html index.htm; location / { try_files $uri $uri/ /index.html; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/www; } location /phpmyadmin { rewrite ^ https://$http_host$request_uri? permanent; } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } location /owncloud { rewrite ^ https://$http_host$request_uri? permanent; } location /cloud { rewrite ^/* /phpmyadmin last; } location /roundcube { rewrite ^ https://$http_host$request_uri? permanent; } location /RoundCube { rewrite ^/* /roundcube last; } location /squirrelmail { rewrite ^ https://$http_host$request_uri? permanent; } location /SquirrelMail { rewrite ^/* /squirrelmail last; } } server { listen 443 ssl; ssl_certificate /etc/ssl/localcerts/certificate.crt; ssl_certificate_key /etc/ssl/localcerts/privateKey.key; server_name default_server; root /usr/share/nginx/www; index index.html index.htm; location / { try_files $uri $uri/ /index.html; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/www; } location ~ /\.ht { deny all; } ###### phpMyAdmin ############################################################ location /phpmyadmin { root /usr/share/; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { root /usr/share/; include fastcgi-gen.conf; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } ###### RoundCube ############################################################ location /roundcube { root /usr/share/; index index.php index.html index.htm; location ~ ^/roundcube/(.+\.php)$ { root /usr/share/; include fastcgi-gen.conf; } location ~* ^/roundcube/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /RoundCube { rewrite ^/* /roundcube last; } ###### SquirrelMail ############################################################ location /squirrelmail { root /usr/share/; index index.php index.html index.htm; location ~ ^/squirrelmail/(.+\.php)$ { root /usr/share/; include fastcgi-gen.conf; } location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /SquirrelMail { rewrite ^/* /squirrelmail last; } ###### ownCloud ############################################################ location /owncloud { root /var/www/; index index.php index.html index.htm; error_page 403 = owncloud/core/templates/403.php; error_page 404 = owncloud/core/templates/404.php; rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect; location = /owncloud/robots.txt { allow all; log_not_found off; access_log off; } location /owncloud/ { # The following 2 rules are only needed with webfinger rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ index.php; } location ~ ^/owncloud/(data|config|\.ht|db_structure\.xml|README) { deny all; } location ~ ^/owncloud/(.+\.php)$ { root /var/www/; include fastcgi-gen.conf; } location ~* ^/owncloud/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /var/www/; } } location /ownCloud { rewrite ^/* /owncloud last; } } 

 try_files $uri =404; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param PATH_INFO $fastcgi_script_name; include fastcgi_params;