Extreme storage usage when using S3 primary storage

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 30.0.4
  • Operating system and version (e.g., Ubuntu 24.04):
    • Debian 12
  • Web server and version (e.g, Apache 2.4.25):
    • 2.4.62-1~deb12u2
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • nginx-proxy-manager
  • PHP version (e.g, 8.3):
    • 8.2.26
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • Months ago
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • docker compose
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • Yes

docker-compose setup:

docker-compose.yaml
volumes:
  nextcloud:
  db:

services:
  db:
    image: mariadb:10.6
    restart: always
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      #- ./temp:/tmp/temphome
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=redacted
      - MYSQL_PASSWORD=redacted
      - MYSQL_DATABASE=redacted
      - MYSQL_USER=redacted

  app:
    build:
      dockerfile: Dockerfile
    restart: always
    ports:
      - 1010:80
    links:
      - db
    volumes:
      - ./php.ini:/usr/local/etc/php/php.ini
      - ./mnt/var/www/html:/var/www/html
      #- nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=redacted
      - MYSQL_DATABASE=redacted
      - MYSQL_USER=redacted
      - MYSQL_HOST=db
      - OBJECTSTORE_S3_HOST=s3.eu-central-2.wasabisys.com
      - OBJECTSTORE_S3_BUCKET=nextcloud-store
      - OBJECTSTORE_S3_KEY=redacted
      - OBJECTSTORE_S3_SECRET=redacted
      - OBJECTSTORE_S3_REGION=eu-central-2
      - OBJECTSTORE_S3_PORT=443
      - OBJECTSTORE_S3_USEPATH_STYLE=false
      - OBJECTSTORE_S3_SSL=true
      - OBJECTSTORE_S3_AUTOCREATE=false
      - SMTP_HOST=smtp.ionos.de
      - SMTP_SECURE=ssl
      - SMTP_PORT=465
      - SMTP_NAME=redacted
      - SMTP_PASSWORD=redacted
      - PHP_MEMORY_LIMIT=2048M
      - PHP_UPLOAD_LIMIT=250G
Dockerfile
FROM nextcloud:apache

RUN apt-get update && apt-get install -y \
    supervisor \
  && rm -rf /var/lib/apt/lists/* \
  && mkdir /var/log/supervisord /var/run/supervisord

COPY supervisord.conf /

ENV NEXTCLOUD_UPDATE=1

CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

Note: The nextcloud:apache image does not contain cron, which as you might now is important for the correct and timely execution of background jobs. As far as I am aware, modifying the docker image using my above Docker file is the most “official”/recommended way of fixing cron not being available.

Summary of the issue you are facing:

All of my users combined store a total of about 400 GB of data. However, my primary storage S3 bucket–which is exclusively used as a primary storage for my nextcloud–shows that about 1.4 TB of data are used. I have had this issue for months, but only now have had the time and energy to start investigating. I came up blank, hence why I am posting here.

Steps to replicate it (hint: details matter!):

Not exactly sure. As said previously, my only “attached” storage is my S3 storage bucket. I have this Nextcloud instance running since about v21. During the years, I have changed servers twice with no issues as far as I am aware.

Log entries

Nextcloud

Not sure if relevant.

Web Browser

Web server / Reverse Proxy

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "objectstore": {
            "class": "\\OC\\Files\\ObjectStore\\S3",
            "arguments": {
                "bucket": "nextcloud-store",
                "region": "eu-central-2",
                "hostname": "s3.eu-central-2.wasabisys.com",
                "port": "443",
                "objectPrefix": "urn:oid:",
                "autocreate": false,
                "use_ssl": true,
                "use_path_style": false,
                "legacy_auth": false,
                "key": "***REMOVED SENSITIVE VALUE***",
                "secret": "***REMOVED SENSITIVE VALUE***"
            }
        },
        "trusted_domains": [
            "cloud.bitfl0wer.de"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.4.1",
        "overwrite.cli.url": "https:\/\/cloud.bitfl0wer.de\/",
        "htaccess.RewriteBase": "\/",
        "overwriteprotocol": "https",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpsecure": "ssl",
        "maintenance": false,
        "default_phone_region": "DE",
        "app_install_overwrite": [
            "backup",
            "files_markdown",
            "tasks",
            "gpgmailer",
            "polls",
            "extract"
        ],
        "theme": "",
        "loglevel": 0,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "upgrade.disable-web": true,
        "mail_smtpauth": 1,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
    }
}

Apps

The output of occ app:list (if possible).

List of apps
Enabled:
  - activity: 3.0.0
  - app_api: 4.0.3
  - bruteforcesettings: 3.0.0
  - calendar: 5.0.6
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contacts: 6.1.1
  - contactsinteraction: 1.11.0
  - dashboard: 7.10.0
  - dav: 1.31.1
  - deck: 1.14.2
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_external: 1.22.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - fileslibreofficeedit: 2.0.1
  - firstrunwizard: 3.0.0
  - guests: 4.0.1
  - integration_mastodon: 2.0.6
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - mail: 4.0.9
  - nextcloud_announcements: 2.0.0
  - notes: 4.11.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - polls: 7.2.5
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - quota_warning: 1.20.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - support: 2.0.0
  - survey_client: 2.0.0
  - suspicious_login: 8.0.0
  - systemtags: 1.20.0
  - tasks: 0.16.1
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - twofactor_webauthn: 2.0.0
  - updatenotification: 1.20.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - weather_status: 1.10.0
  - webhook_listeners: 1.1.0-dev
  - whiteboard: 1.0.4
  - workflowengine: 2.12.0
Disabled:
  - admin_audit: 1.20.0 (installed 1.19.0)
  - camerarawpreviews: 0.8.6 (installed 0.8.6)
  - checksum: 1.2.4 (installed 1.2.4)
  - encryption: 2.18.0 (installed 2.12.0)
  - files_markdown: 2.4.1 (installed 2.4.1)
  - files_retention: 1.19.0 (installed 1.19.0)
  - forms: 4.3.4 (installed 4.3.4)
  - integration_github: 2.0.7 (installed 2.0.7)
  - photos: 3.0.2 (installed 2.3.0)
  - recommendations: 3.0.0 (installed 1.3.0)
  - richdocuments: 8.5.3 (installed 8.5.3)
  - spreed: 20.1.0 (installed 20.1.0)
  - user_ldap: 1.21.0
  - workflow_ocr: 1.29.0 (installed 1.29.0)

No. The same image can be used to establish a sidecar container that handles cron. There is no need to rebuild your own image via a Dockerfile.

See Docker: Compose example w/ cron.

All of my users combined store a total of about 400 GB of data. However, my primary storage S3 bucket–which is exclusively used as a primary storage for my nextcloud–shows that about 1.4 TB of data are used.

Check your bucket lifecycle policy rules on your chosen S3 platform.

There are a couple possibilities, but one of the more common ones is not having lifecycle rules enabled there that match your use case. The two most common culprits are keeping around incomplete multipart uploads longer than necessary and retaining non-current object versions. These are handled within the S3 platform itself. This looks like Wasabi’s docs on the matter.

Additional references: