Hello, forgive my bad English, it is not my first language.
I don’t know if anyone else has faced the problem I have but I at least wanted to ask.
You see, I installed Nextcloud in a docker container and used nginx reverse proxy with the docker SWAG to be able to access it from the Internet. Everything worked well.
Except for one thing: Every time I enter “Administration Settings/Overview” a certain number of times, that action somehow triggers an alert in fail2ban as unauthorized access and then proceeds to ban the public IP of my network where my server is located. Preventing me from accessing from that banned IP not only NextCloud but also other services that are exposed to the internet and that use that IP.
I don’t know what could be the reason for this happening. Or what I should do to fix it.
Here is my NextCloud compose configuration:
volumes:
nextcloud:
db:
services:
db:
image: mariadb:10.11
restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes:
- /srv/dev-disk-by-uuid-3f6dc867-2449-4511-a9a0-695590711524/Docker_datos/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=XXXXXXXXXX
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=XXXXXXXXXX
nextcloud:
image: nextcloud
container_name: nextcloud
restart: always
ports:
- 6872:80
links:
- db
volumes:
- /srv/dev-disk-by-uuid-3f6dc867-2449-4511-a9a0-695590711524/Docker_datos/nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=XXXXXXXXX
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- OVERWRITEPROTOCOL=https
- OVERWRITEHOST=nextcloud.ouroboroslabs.eu
- OVERWRITECLIURL=https://nextcloud.ouroboroslabs.eu/
- TZ=Europe/Madrid
networks:
default:
name: swagnet
external: true
The “occ config:list system”:
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"upgrade.disable-web": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.ouroboroslabs.eu"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "29.0.6.1",
"overwrite.cli.url": "https:\/\/nextcloud.ouroboroslabs.eu\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"overwriteprotocol": "https",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"maintenance_window_start": 1,
"memories.exiftool": "\/var\/www\/html\/custom_apps\/memories\/bin-ext\/exiftool-amd64-glibc",
"memories.vod.path": "\/var\/www\/html\/custom_apps\/memories\/bin-ext\/go-vod-amd64",
"twofactor_enforced": "true",
"twofactor_enforced_groups": [
"admin"
],
"twofactor_enforced_excluded_groups": [],
"maintenance": false,
"loglevel": 2,
"overwritehost": "nextcloud.ouroboroslabs.eu",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "ssl"
}
}
The nextcloud.subdomain.conf file:
## Version 2024/07/16
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => [gethostbyname('swag')],
# 'overwrite.cli.url' => 'https://nextcloud.example.com/',
# 'overwritehost' => 'nextcloud.example.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.example.com',
# ),
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name nextcloud.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app nextcloud;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Hide proxy response headers from Nextcloud that conflict with ssl.conf
# Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
proxy_hide_header Referrer-Policy;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
# Disable proxy buffering
proxy_buffering off;
}
}
The access log for the specific minute when I logged back into “Administration Settings/Overview” (edited):
92.x.x.34 - - [06/Sep/2024:22:52:05 +0200] "GET /settings/admin/overview HTTP/2.0" 200 14845 "https://nextcloud.domain.com/apps/dashboard/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "GET /ocs/v2.php/search/providers?from=%2Fsettings%2Fadmin%2Foverview HTTP/2.0" 200 547 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "POST /contactsmenu/contacts HTTP/2.0" 200 420 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "GET /ocs/v2.php/apps/user_status/api/v1/user_status HTTP/2.0" 200 156 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "PUT /ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json HTTP/2.0" 200 155 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "PUT /ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json HTTP/2.0" 200 155 "https://nextcloud.domain.com/settings/admin/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 200 81 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "GET /ocs/v2.php/cloud/groups/details HTTP/2.0" 200 148 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:08 +0200] "PROPFIND /remote.php/webdav HTTP/1.1" 401 414 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:09 +0200] "HEAD /data/.ocdata HTTP/1.1" 404 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:09 +0200] "HEAD /data/.ocdata HTTP/1.1" 301 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:09 +0200] "HEAD /data/.ocdata HTTP/1.1" 404 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:09 +0200] "HEAD //data/.ocdata HTTP/1.1" 404 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "HEAD /apps/settings/js/map-test.js.map HTTP/1.1" 200 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "HEAD /apps/settings/js/esm-test.mjs HTTP/1.1" 200 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "HEAD /ocm-provider/ HTTP/1.1" 200 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "GET /index.php/apps/files/preview-service-worker.js HTTP/2.0" 200 5253 "https://nextcloud.domain.com/index.php/apps/files/preview-service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "HEAD /ocs-provider/ HTTP/1.1" 200 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "GET /heartbeat HTTP/1.1" 200 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "GET /.well-known/webfinger HTTP/1.1" 404 37 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "GET /.well-known/nodeinfo HTTP/1.1" 404 36 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "PROPFIND /.well-known/caldav HTTP/1.1" 301 349 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "GET /remote.php/dav/ HTTP/1.1" 401 557 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:10 +0200] "PROPFIND /.well-known/carddav HTTP/1.1" 301 349 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:11 +0200] "GET /remote.php/dav/ HTTP/1.1" 401 557 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:11 +0200] "HEAD /core/fonts/NotoSans-Regular-latin.woff2 HTTP/1.1" 200 0 "-" "Nextcloud Server Crawler"
92.x.x.34 - - [06/Sep/2024:22:52:11 +0200] "GET /settings/ajax/checksetup HTTP/2.0" 200 2610 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
92.x.x.34 - - [06/Sep/2024:22:52:36 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 304 0 "https://nextcloud.domain.com/settings/admin/overview" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
The “occ setupchecks”:
dav:
✓ DAV system address book: No outstanding DAV system address book sync.
network:
✓ WebDAV endpoint: Your web server is properly set up to allow file synchronization over WebDAV.
✓ Data directory protected
✓ Internet connectivity
✓ JavaScript source map support
✓ JavaScript modules support
✓ OCS provider resolving
✓ .well-known URLs: Your server is correctly configured to serve `.well-known` URLs.
✓ WOFF2 file loading
system:
⚠ Errors in the log: 1 error in the logs since August 30, 2024, 8:38:23 PM
ℹ Brute-force Throttle: Your remote address could not be determined.
✓ Cron errors: The last cron job ran without errors.
✓ Cron last run: Last background job execution ran 3 minutes ago.
✓ Debug mode: Debug mode is disabled.
ℹ File locking: The database is used for transactional file locking. To enhance performance, please configure memcache, if available.
✓ Maintenance window start: Maintenance window to execute heavy background jobs is between 1:00 UTC and 7:00 UTC
✓ Memcache: Configured
⚠ Mimetype migrations available: One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command `occ maintenance:repair --include-expensive` to perform the migrations.
✓ Architecture: 64-bit
✓ Temporary space available: Temporary directory is correctly configured:
- 13.5 GiB available in /tmp (PHP temporary directory)
✓ Push service: Free push service
notifications:
✓ Push notifications - Fair use policy
security:
✓ App directories owner: App directories have the correct owner "www-data"
✓ Old administration imported certificates
✓ Code integrity: No altered files
ℹ Forwarded for headers: Your remote address could not be determined.
✓ HTTPS access and URLs: You are accessing your instance over a secure connection, and your instance is generating secure URLs.
✓ Old server-side-encryption: Disabled
✓ PHP version: You are currently running PHP 8.2.23.
✓ Random generator: Secure
✓ HTTP headers: Your server is correctly configured to send security headers.
database:
✓ Database missing columns: None
✓ Database missing indices: None
✓ Database missing primary keys: None
✓ Database pending bigint migrations: None
✓ MySQL Unicode support: MySQL is used as database and does support 4-byte characters
✓ Scheduling objects table size: Scheduling objects table size is within acceptable range.
✓ Database version: 10.11.9-MariaDB-ubu2204-log
✓ Database transaction isolation level: Read committed
config:
ℹ Default phone region: Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code of the region to your config file.
ℹ Email test: You have not set or verified your email server configuration, yet. Please head over to the "Basic settings" in order to set them. Afterwards, use the "Send email" button below the form to verify your settings.
✓ Overwrite CLI URL: The "overwrite.cli.url" option in your config.php is set to "https://nextcloud.ouroboroslabs.eu/" which is a correct URL. Suggested URL is "https://localhost".
✓ Configuration file access rights: Nextcloud configuration file is writable
php:
✓ PHP default charset: UTF-8
✓ PHP set_time_limit: The function is available.
✓ Freetype: Supported
✓ PHP getenv
✓ PHP memory limit: 512 MB
✓ PHP modules
✓ PHP opcache: Checking from CLI, OPcache checks have been skipped.
✓ PHP "output_buffering" option: Disabled
✓ PHP Imagick module
Nextcloud version: 29.0.6.1
PHP version : 8.2.23