I can confirm the same problem in a fresh installation using Samba AD as user store. Problem for both AD users and local (nextcloud) users. Zabbix monitoring show a login time of around 16~18 seconds. Server is also behind a proxy. I have tried the solution: auth.bruteforce.protection.enabled’ => false , but did not work.
While the brute force protection was activated, the MySQL table “oc_bruteforce_attempts” has filled with my username, triggering the bruteforce protection when I tried to login.
After disabling bruteforce protection, I still encountered the problem. Rebooted my NC server: still same problem. I could not reboot my MySQL server, it is a production machine. However, I issued the following mysql statement:
“DELETE FROM oc_bruteforce_attempts”
SHAZAM! Now the login is quick, and the table is not filling up again.
The bruteforce protection needs more intelligence. Like when a user / IP succeeds, clear the info from the table. I disabled it for the moment. When it gets good enough, I will reactivate it. For the moment, just using strong passwords should do the trick. And other protection in frnt of the web server.
we have same issue with a very similar architecture to original poster. Will try x-forward-for setting as first step (will help track other issues on client servers anyway, been on the todo list for… )
Danke! My nextcloud setup had suddenly gotten very slow after making some config changes (namely adding memcache), and I was getting another unrelated error to confuse the issue, defintiey stinks to suddenly have everything slow to a crawl for no apparent reason, but then again, it’s nice to know that protection is there, and now I know a little more about nextcloud internals. (this is 11.0.2)
I just registered to report that this bug still exists in Nextcloud 13.0.2 and that the remedy is still the same.
In my case logging in lasted over a minute, and the Linux Nextcloud client couldn’t even connect (probably because of a timeout).
You are sure it is the same bug. Check the related github issues and open a new one if you still can reproduce this error. I’m closing this (answers to such old topics mostly get no attention).