Hey,
I just installed a new instance of Nextcloud. We imported a bunch of data from an old instance (read: FTP it in, do a bunch of chmod). Now, Upload and Download are working, so permissions should be fine. But it only works for the first file(s). Without any error codes, the whole server is refusing connections after some data (ERR_CONNECTION_REFUSED). A restart fixes the problem, but only a few minutes after the reboot - when all systems should already be long up and running. Rinse and repeat: Only could upload 10 pictures over 4 reboots. I did not find ANY related errors in the Nextcloud forums…
Some details:
Nextcloud version 28.0.2
Operating system and version Linux 5.15.0-92-generic x86_64
Apache or nginx version Apache/2.4.52 nginx/1.24.0
PHP version 8.2.15, FastCGI over Apache
Replicating:
- Drag’n’dropping a file in my Nextcloud. Firstly, the progress bar does not show at all, then opening the “Estimated time left”. After 30s, it starts loading, but crashes after 2-4 photos (10-15 MB)
- After that, it tells me “upload stopped, unknown error”.
- All other hosted sites are now unavailable (except of port 8443).
LOGS
Nextcloud: Two of the last entries. Nothing else of interest in there…
[Tue Feb 06 13:52:50.292489 2024] [security2:error] [pid 8713:tid 140032098690624] [client 88.152.15.139:0] [client 88.152.15.139] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||MyNextcloudURL|F|2"] [data "TX:0=image/jpeg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "MyNextcloudURL"] [uri "/remote.php/dav/files/admin/user/photo-6.jpg"] [unique_id "ZcI5skUA-PD2UhfoDqAUqwAAAA8"]
[Tue Feb 06 13:52:50.512050 2024] [security2:error] [pid 8713:tid 140032098690624] [client 88.152.15.139:0] [client 88.152.15.139] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|MyNextcloudURL|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "MyNextcloudURL"] [uri "/remote.php/dav/files/admin/user/photo-6.jpg"] [unique_id "ZcI5skUA-PD2UhfoDqAUqwAAAA8"]
Apache: the last entries before crashing.
[Tue Feb 06 12:11:08.605980 2024] [ssl:warn] [pid 973:tid 140033361282944] AH01909: default-2a02_247a_22e_2d00_1__1:443:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 12:11:08.607830 2024] [ssl:warn] [pid 973:tid 140033361282944] AH01909: default-IP:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 12:11:08.607960 2024] [security2:notice] [pid 973:tid 140033361282944] ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/) configured.
[Tue Feb 06 12:11:08.607967 2024] [security2:notice] [pid 973:tid 140033361282944] ModSecurity: APR compiled version="1.7.0"; loaded version="1.7.0"
[Tue Feb 06 12:11:08.607973 2024] [security2:notice] [pid 973:tid 140033361282944] ModSecurity: PCRE compiled version="8.39 "; loaded version="8.39 2016-06-14"
[Tue Feb 06 12:11:08.607977 2024] [security2:notice] [pid 973:tid 140033361282944] ModSecurity: LUA compiled version="Lua 5.1"
[Tue Feb 06 12:11:08.607980 2024] [security2:notice] [pid 973:tid 140033361282944] ModSecurity: YAJL compiled version="2.1.0"
[Tue Feb 06 12:11:08.607984 2024] [security2:notice] [pid 973:tid 140033361282944] ModSecurity: LIBXML compiled version="2.9.13"
[Tue Feb 06 12:11:08.607988 2024] [security2:notice] [pid 973:tid 140033361282944] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Tue Feb 06 12:11:08.609677 2024] [suexec:notice] [pid 973:tid 140033361282944] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Tue Feb 06 12:11:09.098835 2024] [ssl:warn] [pid 1292:tid 140033361282944] AH01909: UNIMPORTANT:443:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 12:11:09.103279 2024] [ssl:warn] [pid 1292:tid 140033361282944] AH01909: default-2a02_247a_22e_2d00_1__1:443:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 12:11:09.104964 2024] [ssl:warn] [pid 1292:tid 140033361282944] AH01909: default-IP:443:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 12:11:09.116536 2024] [mpm_event:notice] [pid 1292:tid 140033361282944] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 mod_fcgid/2.3.9 configured -- resuming normal operations
[Tue Feb 06 12:11:09.116560 2024] [core:notice] [pid 1292:tid 140033361282944] AH00094: Command line: '/usr/sbin/apache2'
[Tue Feb 06 13:37:41.593091 2024] [mpm_event:notice] [pid 1292:tid 140033361282944] AH00493: SIGUSR1 received. Doing graceful restart
[Tue Feb 06 13:37:45.851088 2024] [ssl:warn] [pid 1292:tid 140033361282944] AH01909: NOTIMPORTANT:443:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 13:37:45.857195 2024] [ssl:warn] [pid 1292:tid 140033361282944] AH01909: default-2a02_247a_22e_2d00_1__1:443:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 13:37:45.859101 2024] [ssl:warn] [pid 1292:tid 140033361282944] AH01909: default-IP:443:0 server certificate does NOT include an ID which matches the server name
[Tue Feb 06 13:37:45.866008 2024] [mpm_event:notice] [pid 1292:tid 140033361282944] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 mod_fcgid/2.3.9 configured -- resuming normal operations
[Tue Feb 06 13:37:45.866054 2024] [core:notice] [pid 1292:tid 140033361282944] AH00094: Command line: '/usr/sbin/apache2'
I will happily post more information, but I’m quite unsure where to look right now. I guess Nextcloud triggers Apache somehow? Thank you so much!