HELP : Nextcloud 11 loop login

Hello, I installed Nextcloud 11 a little while ago, everything worked correctly.

I recently discovered that I can no longer connect to the web interface (the client works well), it just looped on the login page.

I have a Centos 7.3 machine, php7.1-Remi, Nginx, MariaDB.

I tried with a previous php version (5.6) -> Same

You will find below my logs and my config

Log Nexcloud :

- - [13/May/2017:19:35:49 +0200] "GET /login?redirect_url=/apps/files/ HTTP/1.1" 200 3394 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0"

Conf : Nginx.conf

# For more information on configuration, see:
#   * Official English Documentation:
#   * Official Russian Documentation:
user nginx;

worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;

http {

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;

open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
keepalive_requests 100000;

    # Connexions maximum par ip
    limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;  
    limit_conn limit_per_ip 20;

    # Nombre de requêtes/s maximum par ip
    limit_req_zone $binary_remote_addr zone=allips:10m rate=200r/s;  
    limit_req zone=allips burst=200 nodelay;  

    server_tokens off;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See
    # for more information.
    include /etc/nginx/conf.d/*.conf; 

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    types_hash_max_size 2048;

# taille des buffers et taille max des requêtes normales
    client_body_buffer_size 1K;
    client_max_body_size    8m;
    large_client_header_buffers 4 16K;
    ignore_invalid_headers on;

# définition des différents timeout
    client_body_timeout 5;
    client_header_timeout 5;
    keepalive_timeout 5 5;
    send_timeout 5;
    server_name_in_redirect off;

 #active GZIP
    gzip  on;
#gzip_static on; 
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_vary on;
    gzip_types                  text/plain text/css text/javascript 
           application/json application/javascript application/x-javascript 
           application/xhtml+xml text/xml application/xml application/xml+rss;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
#	gzip off;

Conf : Nexcloud Nginx

upstream php-handler {
#    server unix:/run/php-fpm/;


server {
    listen 80;
    server_name XXX;
    # enforce https
    return 301 https://$server_name$request_uri;
server {
    listen 443 ssl http2;
    server_name XXX;
    access_log /var/log/nginx/nextcloud.log;

    ssl_certificate /etc/nginx/cert/nextcloud.crt;
    ssl_certificate_key /etc/nginx/cert/nextcloud.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers EECDH+AESGCM:EECDH+AES;
    ssl_session_timeout 5m;
#    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    #resolver valid=300s;
    #resolver_timeout 15s;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header X-Powered-By "TeammediaCenter";
    # Eviter de se faire piller son site (merci
    add_header X-Robots-Tag none;
    # HSTS permet de déclarer au client directement dans la réponse HTTP qu'il faut communiquer en HTTPS
    # Cette en-tête permet d'éviter le vol de cookies et le downgrade SSL
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; ";
    # Evite que le contenu soit interprété différemment que définit dans le mime Type
    add_header X-Content-Type-Options nosniff;
    # Protection contre le clickjacking
    add_header X-Frame-Options "SAMEORIGIN";
    # Protection contre les failles X-XSS
    add_header X-XSS-Protection "1; mode=block";
    # Faille spécifique à IE8
    add_header X-Download-Options noopen;
    # Interdire l'embarquement de tout ou partie de votre site dans un site ou logiciel tiers
    add_header X-Permitted-Cross-Domain-Policies none;
    # Enfin, les CSP permettent de vérifier l'origine des éléments du site
    # Plutôt complexes à mettre en place, voir
#    add_header Content-Security-Policy "default-src 'self';" always;  
     add_header Content-Security-Policy "default-src 'self' https://* https://* data: 'unsafe-inline' 'unsafe-eval'; report-uri";
     add_header Content-Security-Policy-Report-Only "default-src 'self' https://* https://* https://* data: 'unsafe-inline' 'unsafe-eval'; report-uri";

   # Path to the root of your installation
    root /usr/share/nginx/html/nextcloud/;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;
    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 256 16k;
    fastcgi_buffer_size 128k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_cache_key $http_cookie$request_method$host$request_uri;
    fastcgi_cache_use_stale error timeout invalid_header http_500;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie; 

    # Disable gzip to avoid the removal of the ETag header
    #gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
    location / {
       rewrite ^ /index.php$uri;
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;


    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       # limit_req zone=noflood burst=15;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
       #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_connect_timeout 600;
#        fastcgi_cache_bypass $skip_cache;
#        fastcgi_no_cache $skip_cache;
#        fastcgi_cache NEXTCLOUD;
        fastcgi_cache_valid  60m;
        fastcgi_cache_methods GET HEAD;
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        add_header Strict-Transport-Security "max-age=15768000;
        includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;

# Spreed WebRTC
    location ^~ /webrtc {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_buffering             on;
        proxy_ignore_client_abort   off;
        proxy_redirect              off;
        proxy_connect_timeout       90;
        proxy_send_timeout          90;
        proxy_read_timeout          90;
        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
        proxy_next_upstream         error timeout invalid_header http_502 http_503 http_504;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;

    # websockets, download, presentation and image upload
    location ^~ /lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;


Conf : config.php

$CONFIG = array (
  'instanceid' => 'oc1111zzl3jb',
  'passwordsalt' => 'XXXX',
  'secret' => 'XXXX',
  'trusted_domains' => 
  array (
    0 => 'XXX',
  'datadirectory' => '/usr/share/nginx/html/nextcloud/data',
  'overwrite.cli.url' => '',
  'dbtype' => 'mysql',
  'version' => '',
  'dbname' => 'XXX',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'XXX',
  'dbpassword' => 'XXX',
  'logtimezone' => 'UTC',
'enable_avatars' => true,  
'installed' => true,
  'log_type' => 'file',
  'loglevel' => 3,
  'logfile' => '/var/log/nextcloud.log',
  'logdateformat' => 'F d, Y H:i:s',
  'cron_log' => true,
  'trashbin_retention_obligation' => 'auto',
  'versions_retention_obligation' => 'auto',
  'default_language' => 'fr',
  '' => true,
  'updatechecker' => true,
  'updater.server.url' => '',
  '' => 'stable',

PLEASE HELP, SAME with Nextcloud 12…

Any IDEA ?

Best regards


do you use an own background image for your login page?


No, I use the basic image

I’m having this issue as well and i cant seem to fix it, ive used the exact same nginx configuration to install nextcloud at least 3 times without issue until now

I fix this problèm. :slight_smile:

The problèm is Opcache -> Php-FPM : ‘memcache.local’ => ‘\OC\Memcache\APCu’,

On centos for PHP 7.0 with Opcache

yum install php70w-opcache php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

##Configuration PHP-FPM
nano /etc/php-fpm.d/www.conf

In line 8 and 10, change user and group to ‘nginx’.
user = nginx
group = nginx
In line 22, make sure php-fpm is running under server port.
listen =
Uncomment line 366-370 to activate the php-fpm system environment variables.
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

##Activation APCACHE/CGI
nano /etc/php.ini


; Local Variables:
apc.enable_cli = 1
; tab-width: 4
; End:

##Activation OpCache
nano /etc/php.d/opcache.ini



After reinstalling centos after a crash, I had the same problem.

After several searches, I found the solution. The problem comes from php sessions in /var/lib /php/session

It is therefore necessary to make one:

File permissions in /var/lib/php/ are all wrong if you are using NginX.
chown nginx:nginx /var/lib/php/session/
chown root:nginx /var/lib/php/wsdlcache/
chown root:nginx /var/lib/php/opcache/

if the solution still does not work : chmod -R 777 /var/lib/php/session

1 Like