Apache errors from nextcloud Android app: "user [...] not found"

Dear Nextcloud community,

I’m an amateur nextcloud admin and it’s my first time posting here, so please be kind if I am making silly mistakes.

For the first time, we’re using the nextcloud android app, which is losing connection to the server right after connecting. I figures this is to fail2ban blocking the client due to errors occuring in the apache error.log:

[Fri Jun 07 09:09:54.574952 2024] [auth_basic:error] [pid 2752407:tid 139968840197824] [remote <clientip>:57076] AH01618: user myuser@mydomain.org not found: /cloud/user
[Fri Jun 07 09:09:54.706795 2024] [auth_basic:error] [pid 2752407:tid 139968353662656] [client <clientip>:59311] AH01618: user myuser@mydomain.org not found: /dav/files/myuser@mydomain.org/
[Fri Jun 07 09:09:55.031464 2024] [auth_basic:error] [pid 2752407:tid 139968445884096] [client <clientip>:59311] AH01618: user myuser@mydomain.org not found: /cloud/capabilities
[Fri Jun 07 09:09:55.233168 2024] [auth_basic:error] [pid 2752407:tid 139968554989248] [client <clientip>:59311] AH01618: user myuser@mydomain.org not found: /avatar/myuser@mydomain.org/512
[Fri Jun 07 09:09:55.281202 2024] [auth_basic:error] [pid 2752406:tid 139968353564352] [client <clientip>:56471] AH01618: user myuser@mydomain.org not found: /apps/notifications/api/v2/push
[Fri Jun 07 09:09:55.288157 2024] [auth_basic:error] [pid 2752406:tid 139968655558336] [remote <clientip>:57086] AH01618: user myuser@mydomain.org not found: /cloud/user
[Fri Jun 07 09:09:55.420174 2024] [auth_basic:error] [pid 2752406:tid 139968647165632] [remote <clientip>:57086] AH01618: user myuser@mydomain.org not found: /cloud/user
[Fri Jun 07 09:09:55.421183 2024] [auth_basic:error] [pid 2752406:tid 139968496240320] [client <clientip>:56471] AH01618: user myuser@mydomain.org not found: /apps/notifications/api/v2/push
[Fri Jun 07 09:09:55.490221 2024] [auth_basic:error] [pid 2752406:tid 139968487847616] [client <clientip>:56471] AH01618: user myuser@mydomain.org not found: /apps/notifications/api/v2/push

while this behaviour wouldn’t disturb me right away, the errors are triggering fail2ban’s apache-auth module which is banning my client ip.

so instead of just working around that ban, I’m trying to get rid of those errors, but I’m stuck.

I’m using nextcloud 28.0.6 with the external user authenthication plugin, on Debian Bookworm, Apache 2.4.59, php8.3-fpm.
I have checked the apache nextcloud config (Installation on Linux — Nextcloud latest Administration Manual latest documentation). As I have nextcloud installed in a subdirectory DOMAIN FOR SALE, I have added the Satisfy Any:

        <Directory /var/www/mydomain.org/nextcloud>
                Require all granted
                Satisfy Any
                AllowOverride All
                Options FollowSymLinks MultiViews

                <IfModule mod_dav.c>
                        Dav off
                </IfModule>
        </Directory>

and my config.php is, to my knowledge, quite normal:

<?php
$CONFIG = array (
  'instanceid' => 'REDACTED',
  'passwordsalt' => 'REDACTED',
  'secret' => 'REDACTED',
  'trusted_domains' =>
  array (
    0 => 'myfirstdomain.org',
    1 => 'myseconddomain.org',
    2 => 'mydomain.org',
  ),
  'datadirectory' => '/var/www/myfirstdomain.org/nextcloud/data',
  'overwrite.cli.url' => 'https://myfirstdomain.org/nextcloud',
  'htaccess.RewriteBase' => '/nextcloud',
  'dbtype' => 'mysql',
  'version' => '28.0.6.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'REDACTED',
  'dbpassword' => 'REDACTED',
  'default_phone_region' => 'REDACTED',
  'installed' => true,
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'logfilemode' => 416,
  'loglevel' => 2,
  'logdateformat' => 'F d, Y H:i:s',
  'log_rotate_size' => 104857600,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'mail_from_address' => 'nextcloud',
  'mail_smtpmode' => 'sendmail',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_domain' => 'mydomain.org',
  'maintenance' => false,
  'theme' => '',
  'user_backends' =>
  array (
    0 =>
    array (
      'class' => '\\OCA\\UserExternal\\IMAP',
      'arguments' =>
      array (
        0 => '127.0.0.1',
        1 => 143,
        2 => NULL,
      ),
    ),
  ),
  'mail_sendmailmode' => 'smtp',
  'mysql.utf8mb4' => true,
  'updater.release.channel' => 'stable',
);
?>

I have also regenerated .htaccess using occ maintenance:update:htaccess.
There are no messages in the nextcloud.log when I’m starting the client and facing the issue.
Unfortunately, I could not find the slightest hint that anyone else is facing a similar problem, or how to solve it. Is there any Nextcloud magician who could help? Many thanks for your support and great work!

Best,
Teriberific

Are you using Apache Basic Auth above the Nextcloud installation folder? Those errors suggest two things:

• Basic Auth is being used (outside of Nextcloud but somewhere in your Apache environment)
• clientip is not accessing /nextcloud/* but is trying to probe /* - Are you sure the client is set up to connect to the subfolder where you have Nextcloud?

To clarify something: is your Nextcloud on its own VirtualHost (i.e. not a subdirectory installation) or actually served from a a subdirectory of a VirtualHost that you have other applications installed under?

thanks for your swift response and sorry for not being specific enough.

I am running nc in a subdirectory /nextcloud under a virtual host which has other applications installed as well. That’s also how it is configured in config.php and working well on the web UI.

• basic auth is indeed configured on the virtual host level, but then again disabled on the nextcloud directory in the apache config: Satisfy Any as suggested in the admin docs. Also, I don’t get any http basic login prompt when accessing the nextcloud directory.
• the nextcloud mobile app is configured to access https://mydomain.org/nextcloud, which generally works except for those URLs listed in the apache error log, where it seems to try to access paths directly under root. No clue why. Maybe somthing missing in the .htaccess rewrite rules? or a bug in the mobile app? As a total amateur, I can’t judge, sorry.

Maybe related to nextcloud residing in a subdirectory:
I did configure the service discovery URLs as documented in the admin manual: General troubleshooting — Nextcloud latest Administration Manual latest documentation
but I do wonder whether we also need some rewrites for the other paths throwing errors?

many thanks!

What is the value of your htaccess.rewritebase?

https://docs.nextcloud.com/server/28/admin_manual/configuration_server/config_sample_php_parameters.html#htaccess-rewritebase

'htaccess.RewriteBase' => '/nextcloud'
also, 'overwrite.cli.url' => 'https://mydomain.org/nextcloud'

also, setting php-fpm config clear_env=no didn’t help.
(Installation on Linux — Nextcloud latest Administration Manual latest documentation)

I tried and added a Satisfy Any to the URLs in question, which interestingly worked like a charm. Maybe there’s some redirects kicking in, which I couldn’t find.
After my success with the mobile app, I subsequently tried to install the desktop app, which again led to bans from invalid authentication attempts on two URLs, which I also added in a similar way:

        # to make nextcloud mobile app work, else we get auth errors and fail2ban bans
        # when those are configured, no hits on those urls are found in access.log
        <Location ~ "/dav/|/cloud/|/apps/|/avatar/">
                Require all granted
                Satisfy Any
        </Location>

        #to make nextcloud desktop client work, else we get auth errors and fail2ban bans
        # ....same as above, though there are some hits on /nextcloud/core/.... maybe some redirect kicking in.
        <Location ~ "/204|/core">
                Require all granted
                Satisfy Any
        </Location>

Could it be possible that this needs to be added to the documentation?