Nextcloud version (eg, 12.0.2): 15.0.0.10
Operating system and version (eg, Ubuntu 17.04): docker alpine-fpm
Apache or nginx version (eg, Apache 2.4.25): from docker image
PHP version (eg, 7.1): from docker image
Setup:
I have setup nextcloud based on the official docker compose configuration, but with samba support.
I use the following docker-compose.yml:
version: '2'
volumes:
nextcloud:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/path/to/storage/nextcloud/'
db:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/path/to/config/nextcloud/db/'
twatzl-cloud:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/path/to/local/store/dir/'
networks:
samba:
external:
name: samba-using-containers
services:
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=xxx
- MYSQL_PASSWORD=xxx
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
build:
context: .
dockerfile: ./nextcloud-custom
links:
- db
volumes:
- nextcloud:/var/www/html
- twatzl-cloud:/cloud/twatzl
networks:
- default
- samba
restart: always
web:
image: nginx
ports:
- 8080:80
links:
- app
volumes:
- /home/twatzl/data/nginx-nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
volumes_from:
- app
restart: always
And the following dockerfile for building the app container:
FROM nextcloud:stable-fpm-alpine
RUN apk --no-cache add samba-client cifs-utils
nginx.conf (default from the nc git repo)
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}
The issue you are facing:
After initial startup everything looks fine. NC works fine and responds quickly.
After enabling external storage and configuring a CIFS share via the GUI, Nextcloud starts to become very slow and it even becomes so slow, that nginx returns a timeout.
Also I could observe, that the same mount was added multiple times (seen with occ files_external:export) and I can no longer edit the mounts in the GUI.
Also the GUI seems unresponsive and broken afterwards. Especially I cannot modify the CIFS mount in the settings anymore, since the connection settings are gone.
I can access the CIFS server from the commandline using smbclient -L samba-server -U twatzl.
Steps to replicate it:
- create the setup with docker compose
- enable external storage plugin
- try to mount cifs storage
- now it seems broken
Logs
/var/www/html $ ./occ files_external:export
[
{
"mount_id": 1,
"mount_point": "\/SMB",
"storage": "\\OCA\\Files_External\\Lib\\Storage\\SMB",
"authentication_type": "password::password",
"configuration": {
"host": "samba-server",
"share": "twatzl",
"root": "",
"domain": "",
"user": "twatzl",
"password": "xxx"
},
"options": {
"encrypt": true,
"previews": true,
"enable_sharing": false,
"filesystem_check_changes": 1,
"encoding_compatibility": false,
"readonly": false
},
"applicable_users": [],
"applicable_groups": []
}
]
The output of your Nextcloud log in Admin > Logging:
No output. Nextcloud says everything is fine.
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'xxx',
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_domains' =>
array (
0 => '192.168.255.10:8080',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '15.0.0.10',
'overwrite.cli.url' => 'http://192.168.255.10:8080',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'xxx',
'dbpassword' => 'xxx',
'installed' => true,
);
I have no idea what I am doing wrong. The docs seem to provide little information about mounting cifs or how to debug if things go wrong.
It seems odd to me, that an app is able to break the whole system in this way.
I hope i provided enough information. If not just ask.
Unfortunately it seems that there is no way to attach screenshots or anything.