Impossible login after new install

corent1lb · February 13, 2024, 6:32pm

Hi there,

After a fresh install of nextcloud using setup-nextcloud.php, I tried to login with the admin passwd and it came back to the following URL : https://cloud.mydom.com/index.php/login?user=admin&direct=1

Installation :
Nextcloud : 28.0.2
Serveur : Rocky Linux 9.3
Web Server : Caddy v2.7.6
PHP : 8.3.2
DB : mariaDB 11.2.3

Here is the caddy log for my nextcloud :

{"level":"info","ts":1707848437.9581254,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"11.22.333.444","remote_port":"58501","client_ip":"11.22.333.444","proto":"HTTP/2.0","method":"GET","host":"cloud.mydom.com","uri":"/index.php/login?user=admin&direct=1","headers":{"Accept-Language":["fr-FR,fr;q=0.9"],"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua":["\"Not A(Brand\";v=\"99\", \"Google Chrome\";v=\"121\", \"Chromium\";v=\"121\""],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Cache-Control":["max-age=0"],"Dnt":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"cloud.mydom.com"}},"bytes_read":0,"user_id":"","duration":0.131585497,"size":5880,"status":200,"resp_headers":{"X-Request-Id":["FLV7bP36beG7j3npbxSy"],"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-SVJHL2Q3NTFIUi94am1ERFJndHpYNjFTZE1qZWJmbjJwU25OeFRLaWRIRT06VzMzYlR0STZkbTZmdVRXQ0ozRVZEOEFlSEptUlZjREU4RTZtbjNQTkVqMD0=';script-src-elem 'strict-dynamic' 'nonce-SVJHL2Q3NTFIUi94am1ERFJndHpYNjFTZE1qZWJmbjJwU25OeFRLaWRIRT06VzMzYlR0STZkbTZmdVRXQ0ozRVZEOEFlSEptUlZjREU4RTZtbjNQTkVqMD0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self'"],"X-Powered-By":["PHP/8.3.2"],"Referrer-Policy":["no-referrer"],"Feature-Policy":["autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"],"Content-Length":["5880"],"X-Content-Type-Options":["nosniff"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Content-Type":["text/html; charset=UTF-8"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Robots-Tag":["noindex, nofollow"],"Content-Encoding":["gzip"],"Cache-Control":["no-cache, no-store, must-revalidate"],"X-Frame-Options":["SAMEORIGIN"],"Server":["Caddy"],"Set-Cookie":[],"X-Xss-Protection":["1; mode=block"]}}

Thanks for your help

Sanook · February 13, 2024, 8:38pm

What is in the log file of the web server?

corent1lb · February 13, 2024, 10:54pm

Here what I can see in the caddy log :

[rocky@vps ~]$ journalctl -u caddy --no-pager | less +G
l,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Not A(Brand\";v=\"99\", \"Google Chrome\";v=\"121\", \"Chromium\";v=\"121\""],"Dnt":["1"],"X-Forwarded-Host":["cloud.mydom.com"],"Accept-Language":["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"],"Sec-Ch-Ua-Platform":["\"Windows\""],"X-Forwarded-For":["11.22.333.444"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"cloud.mydom.com"}},"headers":{"X-Powered-By":["PHP/8.3.2"],"X-Xss-Protection":["1; mode=block"],"Content-Encoding":["gzip"],"Content-Length":["5879"],"X-Content-Type-Options":["nosniff"],"X-Permitted-Cross-Domain-Policies":["none"],"Feature-Policy":["autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"],"X-Robots-Tag":["noindex, nofollow"],"Referrer-Policy":["no-referrer"],"X-Frame-Options":["SAMEORIGIN"],"X-Request-Id":["WQ2AEzWRUaWyFb4QSo33"],"Set-Cookie":[],"Cache-Control":["no-cache, no-store, must-revalidate"],"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-cmpGUGpobTFWakp5TlZDdlFTek9zUWFkS0c4bm9zcFI5K2RKZG9lbFVmVT06L0dNa3gwUEVGWDBuZUR2RWRoNzUvRC9lUXo0WCtKNWl3YU1GVDdYaVliaz0=';script-src-elem 'strict-dynamic' 'nonce-cmpGUGpobTFWakp5TlZDdlFTek9zUWFkS0c4bm9zcFI5K2RKZG9lbFVmVT06L0dNa3gwUEVGWDBuZUR2RWRoNzUvRC9lUXo0WCtKNWl3YU1GVDdYaVliaz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self'"],"Content-Type":["text/html; charset=UTF-8"]},"status":200}

Sanook · February 13, 2024, 11:24pm

Never heard of, but sounds interesting.

Maybe there is something to see in the file “nextcloud.log”?

corent1lb · February 13, 2024, 11:37pm

It’s that : https://caddyserver.com/
It’s an alternative to apache and nginx who can serve HTML and PHP over SSL without configuring anything to have HTTPS : it’s automatic

{"reqId":"Jzr6ukhTqgMWCcZtw72o","level":3,"time":"2024-02-13T23:27:57+00:00","remoteAddr":"11.22.333.444","user":"--","app":"PHP","method":"GET","url":"/index.php/login?user=admin&direct=1","message":"session_start(): open(/var/lib/php/session/sess_o2568u7lbidi1efucssi6l97ll, O_RDWR) failed: Permission denied (13) at /srv/www/cloud.mydom.com/htdocs/lib/private/Session/Internal.php#213","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36","version":"28.0.2.5","data":{"app":"PHP"}}
{"reqId":"Jzr6ukhTqgMWCcZtw72o","level":3,"time":"2024-02-13T23:27:57+00:00","remoteAddr":"11.22.333.444","user":"--","app":"PHP","method":"GET","url":"/index.php/login?user=admin&direct=1","message":"session_start(): Failed to read session data: files (path: /var/lib/php/session) at /srv/www/cloud.mydom.com/htdocs/lib/private/Session/Internal.php#213","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36","version":"28.0.2.5","data":{"app":"PHP"}}

Hmm seems to be a permission problem …
My SELinux is disabled for the moment.

Any suggestions ?

corent1lb · February 13, 2024, 11:59pm

Ok, i’ve just find the solution.
Because I use caddy, by default the folder /var/lib/php/session had the permissions under apache group in Rocky Linux instead of caddy group. So just have to change it like that :

[rocky@vps ]$ ls -al /var/lib/php
total 4
drwxr-xr-x.  6 root root    68 Jan 16 15:14 .
drwxr-xr-x. 37 root root  4096 Feb 13 16:41 ..
drwxrwx---.  2 root caddy    6 Jan 16 15:14 opcache
drwxr-xr-x.  2 root root    30 Feb 13 16:22 peclxml
drwxrwx---.  2 root caddy   84 Feb 13 23:57 session
drwxrwx---.  2 root caddy    6 Jan 16 15:14 wsdlcache