Hello everyone!
Install information:
Nextcloud version: 28.0.4
Operating system and version: Debian 12.5 in Proxmox LXC container
Apache Web Server version (On nextcloud lxc): Apache/2.4.57 (Debian)
Nginx reverse proxy version (On seperate lxc): nginx/1.22.1
PHP version: PHP 8.2.7, Zend Engine v4.2.7, OPcache v8.2.7
Issue at hand:
When loading various mobile apps on IOS or Android (Nextcloud notes, nextcloud deck, sometimes nextcloud), I get various version of a 502 error. When trying to login to the nextcloud notes app (on or off the network that the nextcloud instance is in), I get:
Error Getting Settings: Request retry failed with retry error: Request rety failed with retry error: Responce status code was unacceptable:502., original error.
When I try to login to the nextcloud decks app, I get:
Error: Request failed with status code 502.
Other times when using the normal nextcloud app I get 502 gateway or other 502 errors but its infrequent, that one at least lets me login. I have made a ton of network changes but think I’ve got back to test and fix everything. Note, that everything from the pc web browser works fine with all of these apps.
Somethings I’ve done to troubleshoot, is make sure that since I’m running my nextcloud lxc behind a nginx reverse proxy lxc that is exposed by my opnsense for 80/443, I made sure that the nginx config looked good:
server {
server_name cloud.example.com;
client_max_body_size 64000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.1.3:80;
proxy_max_temp_file_size 65536m;
proxy_set_header Connection “Keep-Alive”;
proxy_buffers 16 4k;
proxy_buffer_size 2k;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = cloud.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name cloud.example.com;
return 404; # managed by Certbot
}
I also checked the apache config and it looked fine:
<VirtualHost *:80>
ServerName cloud.example.com
DocumentRoot /var/www/nextcloud/
# log files
ErrorLog /var/log/apache2/cloud.example.com-error.log
CustomLog /var/log/apache2/cloud.example.com-access.log combined
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
I’ve checked both the php.ini and the config.php for nc, and they seem to be setup for best practices. I can share snippits if needed, but I have trusted domains and trusted proxies setup, and again it works fine in browser.
I was getting along with the 502 errors, some weird stuff with sometimes at login on mobile gettings login temp error the first time entering creds and they were correct, then enter again and it works, or state issues. I fixed this by going onto my firewall (opnsense) and turning off sticky session in admin, and then editing the nat and hairpin settings as they were pointed to old interfaces from before I redid my vlans.
I’m running out of things this could be and like the rest of the nextcloud community, I’m ready to start migrating more and more things away from big cloud and onto my setup, but I need it to be functional and rock solid first, and seeing that more than 1 of the nextcloud owned apps are getting the same/similar 502 errors, obviously I have some small piece of this wrong.
Please let me know if there is something more I can provide.
Thanks,
Hungry Nextcloud Server Owner.