Intermittent lock out of server on ports 443 and 22: »Forbidden...«

Keks_Dose · January 14, 2025, 7:25pm

Running nextcloud (nextcloudpi) on a Raspberry 5. Used to work for some monthes. Since some weeks the server intermittently becomes inaccessible. When I try to log in as a regular user via browser (»mydomain.de«) I get the message:

Forbidden

You don't have permission to access this resource.Server unable to read htaccess file, denying access to be safe

When I try to access via ssh from inside same lan, log in is denied also.

Then I walk over to the server, pull the plug (electricity), reinsert it, server starts, all seems ok for some hours or about a day. Then I get locked out again.

I searched all logs I could find, but to no avail. Before I reinstall: any ideas about the cause of getting locked out?

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

{"reqId":"Z4ZL6TXCH-oi1Vt69rHZBAAAAEE","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/user_status/api/v1/user_status?format=json","message":"Error: Class \"OCP\\Session\\Exceptions\\SessionNotAvailableException\" not found at /var/www/nextcloud/lib/private/Session/Internal.php#156","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dc57"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZAwAAAFY","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications?format=json","message":"Error: Class \"OCP\\Session\\Exceptions\\SessionNotAvailableException\" not found at /var/www/nextcloud/lib/private/Session/Internal.php#156","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dc5d"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZAwAAAFY","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications?format=json","message":"include(): Failed opening '/var/www/nextcloud/lib/composer/composer/../../../lib/public/Session/Exceptions/SessionNotAvailableException.php' for inclusion (include_path='/var/www/nextcloud/3rdparty/pear/archive_tar:/var/www/nextcloud/3rdparty/pear/console_getopt:/var/www/nextcloud/3rdparty/pear/pear-core-minimal/src:/var/www/nextcloud/3rdparty/pear/pear_exception:/var/www/nextcloud/apps') at /var/www/nextcloud/lib/composer/composer/ClassLoader.php#576","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dc64"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZBAAAAEE","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/user_status/api/v1/user_status?format=json","message":"include(): Failed opening '/var/www/nextcloud/lib/composer/composer/../../../lib/public/Session/Exceptions/SessionNotAvailableException.php' for inclusion (include_path='/var/www/nextcloud/3rdparty/pear/archive_tar:/var/www/nextcloud/3rdparty/pear/console_getopt:/var/www/nextcloud/3rdparty/pear/pear-core-minimal/src:/var/www/nextcloud/3rdparty/pear/pear_exception:/var/www/nextcloud/apps') at /var/www/nextcloud/lib/composer/composer/ClassLoader.php#576","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dc6f"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZBAAAAEE","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/user_status/api/v1/user_status?format=json","message":"include(/var/www/nextcloud/lib/public/Session/Exceptions/SessionNotAvailableException.php): Failed to open stream: Input/output error at /var/www/nextcloud/lib/composer/composer/ClassLoader.php#576","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dc75"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZAgAAAEI","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"PROPFIND","url":"/remote.php/dav/files/Jonathan/","message":"file_get_contents(/var/www/nextcloud/resources/locales.json): Failed to open stream: Input/output error at /var/www/nextcloud/lib/private/L10N/Factory.php#347","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dc89"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZAwAAAFY","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications?format=json","message":"include(): Failed opening '/var/www/nextcloud/3rdparty/composer/../doctrine/dbal/src/Exception/ConnectionLost.php' for inclusion (include_path='/var/www/nextcloud/3rdparty/pear/archive_tar:/var/www/nextcloud/3rdparty/pear/console_getopt:/var/www/nextcloud/3rdparty/pear/pear-core-minimal/src:/var/www/nextcloud/3rdparty/pear/pear_exception:/var/www/nextcloud/apps') at /var/www/nextcloud/lib/composer/composer/ClassLoader.php#576","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dcb5"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZAgAAAEI","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/files/Jonathan/","message":"Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","exception":{"Exception":"Error","Message":"Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1939,"function":"convert","class":"Doctrine\\DBAL\\Driver\\API\\MySQL\\ExceptionConverter","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1881,"function":"handleDriverException","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1106,"function":"convertExceptionDuringQuery","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/Connection.php","line":415,"function":"executeQuery","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/ConnectionAdapter.php","line":50,"function":"executeQuery","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php","line":289,"function":"executeQuery","class":"OC\\DB\\ConnectionAdapter","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":1218,"function":"executeQuery","class":"OC\\DB\\QueryBuilder\\QueryBuilder","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":1180,"function":"loadConfig","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":100,"function":"loadConfigAll","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/AllConfig.php","line":169,"function":"getKeys","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/Security/Bruteforce/Throttler.php","line":95,"function":"getAppKeys","class":"OC\\AllConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/Security/Bruteforce/Throttler.php","line":175,"function":"isBypassListed","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/var/www/nextcloud/lib/private/Security/Bruteforce/Throttler.php","line":192,"function":"getAttempts","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/var/www/nextcloud/lib/private/Security/Bruteforce/Throttler.php","line":265,"function":"getDelay","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/var/www/nextcloud/lib/private/User/Session.php","line":383,"function":"sleepDelayOrThrowOnMax","class":"OC\\Security\\Bruteforce\\Throttler","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":87,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php","line":103,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":198,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":112,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":179,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":135,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Server.php","line":43,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":371,"function":"start","class":"OCA\\DAV\\Connector\\Sabre\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":19,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":146,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php","Line":105,"message":"Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","exception":[],"CustomMessage":"Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found"},"id":"6786b5567dcee"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZAgAAAEI","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"PROPFIND","url":"/remote.php/dav/files/Jonathan/","message":"include(): Failed opening '/var/www/nextcloud/3rdparty/composer/../doctrine/dbal/src/Exception/ConnectionLost.php' for inclusion (include_path='/var/www/nextcloud/3rdparty/pear/archive_tar:/var/www/nextcloud/3rdparty/pear/console_getopt:/var/www/nextcloud/3rdparty/pear/pear-core-minimal/src:/var/www/nextcloud/3rdparty/pear/pear_exception:/var/www/nextcloud/apps') at /var/www/nextcloud/lib/composer/composer/ClassLoader.php#576","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dcf4"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZBAAAAEE","level":4,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/user_status/api/v1/user_status?format=json","message":"Could not boot webhook_listeners: Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","exception":{"Exception":"Error","Message":"Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1939,"function":"convert","class":"Doctrine\\DBAL\\Driver\\API\\MySQL\\ExceptionConverter","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1881,"function":"handleDriverException","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1106,"function":"convertExceptionDuringQuery","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/Connection.php","line":415,"function":"executeQuery","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/ConnectionAdapter.php","line":50,"function":"executeQuery","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php","line":289,"function":"executeQuery","class":"OC\\DB\\ConnectionAdapter","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/Db/WebhookListenerMapper.php","line":192,"function":"executeQuery","class":"OC\\DB\\QueryBuilder\\QueryBuilder","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/Db/WebhookListenerMapper.php","line":214,"function":"getAllConfiguredEventsFromDatabase","class":"OCA\\WebhookListeners\\Db\\WebhookListenerMapper","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/AppInfo/Application.php","line":47,"function":"getAllConfiguredEvents","class":"OCA\\WebhookListeners\\Db\\WebhookListenerMapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/FunctionInjector.php","line":28,"function":"registerRuleListeners","class":"OCA\\WebhookListeners\\AppInfo\\Application","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/BootContext.php","line":32,"function":"injectFn","class":"OC\\AppFramework\\Bootstrap\\FunctionInjector","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/AppInfo/Application.php","line":34,"function":"injectFn","class":"OC\\AppFramework\\Bootstrap\\BootContext","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/Coordinator.php","line":157,"function":"boot","class":"OCA\\WebhookListeners\\AppInfo\\Application","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":434,"function":"bootApp","class":"OC\\AppFramework\\Bootstrap\\Coordinator","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":211,"function":"loadApp","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/legacy/OC_App.php","line":85,"function":"loadApps","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/ocs/v1.php","line":37,"function":"loadApps","class":"OC_App","type":"::"},{"file":"/var/www/nextcloud/ocs/v2.php","line":7,"args":["/var/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php","Line":105,"message":"Could not boot webhook_listeners: Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","exception":[],"CustomMessage":"Could not boot webhook_listeners: Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found"},"id":"6786b5567dd16"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZBAAAAEE","level":3,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"PHP","method":"GET","url":"/ocs/v2.php/apps/user_status/api/v1/user_status?format=json","message":"include(/var/www/nextcloud/3rdparty/doctrine/dbal/src/Exception/ConnectionLost.php): Failed to open stream: Input/output error at /var/www/nextcloud/lib/composer/composer/ClassLoader.php#576","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"app":"PHP"},"id":"6786b5567dd27"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZAgAAAEI","level":4,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"no app in context","method":"PROPFIND","url":"/remote.php/dav/files/Jonathan/","message":"Could not boot webhook_listeners: Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","exception":{"Exception":"Error","Message":"Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","Code":0,"Trace":[{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1939,"function":"convert","class":"Doctrine\\DBAL\\Driver\\API\\MySQL\\ExceptionConverter","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1881,"function":"handleDriverException","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":1106,"function":"convertExceptionDuringQuery","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/Connection.php","line":415,"function":"executeQuery","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/ConnectionAdapter.php","line":50,"function":"executeQuery","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php","line":289,"function":"executeQuery","class":"OC\\DB\\ConnectionAdapter","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/Db/WebhookListenerMapper.php","line":192,"function":"executeQuery","class":"OC\\DB\\QueryBuilder\\QueryBuilder","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/Db/WebhookListenerMapper.php","line":214,"function":"getAllConfiguredEventsFromDatabase","class":"OCA\\WebhookListeners\\Db\\WebhookListenerMapper","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/AppInfo/Application.php","line":47,"function":"getAllConfiguredEvents","class":"OCA\\WebhookListeners\\Db\\WebhookListenerMapper","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/FunctionInjector.php","line":28,"function":"registerRuleListeners","class":"OCA\\WebhookListeners\\AppInfo\\Application","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/BootContext.php","line":32,"function":"injectFn","class":"OC\\AppFramework\\Bootstrap\\FunctionInjector","type":"->"},{"file":"/var/www/nextcloud/apps/webhook_listeners/lib/AppInfo/Application.php","line":34,"function":"injectFn","class":"OC\\AppFramework\\Bootstrap\\BootContext","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/Coordinator.php","line":157,"function":"boot","class":"OCA\\WebhookListeners\\AppInfo\\Application","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":434,"function":"bootApp","class":"OC\\AppFramework\\Bootstrap\\Coordinator","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":211,"function":"loadApp","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/legacy/OC_App.php","line":85,"function":"loadApps","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":131,"function":"loadApps","class":"OC_App","type":"::"}],"File":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php","Line":105,"message":"Could not boot webhook_listeners: Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found","exception":[],"CustomMessage":"Could not boot webhook_listeners: Class \"Doctrine\\DBAL\\Exception\\ConnectionLost\" not found"},"id":"6786b5567dd43"}
{"reqId":"Z4ZL6TXCH-oi1Vt69rHZBAAAAEE","level":1,"time":"2025-01-14T11:35:11+00:00","remoteAddr":"87.148.134.222","user":"--","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/user_status/api/v1/user_status?format=json","message":"Slow session operation session_start detected","userAgent":"Mozilla/5.0 (Windows) mirall/3.14.13.14-Win64 (build 20240927) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"30.0.4.1","data":{"parameters":"[{\"cookie_samesite\":\"Lax\"}]","timeSpent":"6.142583847045898"},"id":"6786b5567ddb1"}
{"reqId":"Z4ZLzEqD3LR_rsqxp5yLogAABBg","level":3,"time":"2025-01-14T11:34:36+00:00","remoteAddr":"87.148.134.222","user":"--","app":"index","method":"GET","url":"/index.php/204","message":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory","userAgent":"Mozilla/5.0 (Macintosh) mirall/3.14.0daily (Nextcloud, macos-24.2.0 ClientArchitecture: arm64 OsArchitecture: arm64)","version":"30.0.4.1","exception":{"Exception":"Doctrine\\DBAL\\Exception","Message":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory","Code":2002,"Trace":[{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":453,"function":"connect","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":411,"function":"getDatabasePlatformVersion","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":318,"function":"detectDatabasePlatform","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/Connection.php","line":899,"function":"getDatabasePlatform","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/ConnectionAdapter.php","line":235,"function":"getDatabaseProvider","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php","line":96,"function":"getDatabaseProvider","class":"OC\\DB\\ConnectionAdapter","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":1211,"function":"expr","class":"OC\\DB\\QueryBuilder\\QueryBuilder","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":237,"function":"loadConfig","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":1351,"function":"searchValues","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":126,"function":"getValues","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":147,"function":"getInstalledAppsValues","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/legacy/OC_App.php","line":191,"function":"getInstalledApps","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/Coordinator.php","line":48,"function":"getEnabledApps","class":"OC_App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":659,"function":"runInitialRegistration","class":"OC\\AppFramework\\Bootstrap\\Coordinator","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":1134,"function":"init","class":"OC","type":"::"},
{"reqId":"Z4ZLzEqD3LR_rsqxp5yLogAABBg","level":3,"time":"2025-01-14T11:34:36+00:00","remoteAddr":"87.148.134.222","user":"--","app":"core","method":"GET","url":"/index.php/204","message":"Exception thrown: Doctrine\\DBAL\\Exception","userAgent":"Mozilla/5.0 (Macintosh) mirall/3.14.0daily (Nextcloud, macos-24.2.0 ClientArchitecture: arm64 OsArchitecture: arm64)","version":"30.0.4.1","exception":{"Exception":"Doctrine\\DBAL\\Exception","Message":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory","Code":2002,"Trace":[{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":453,"function":"connect","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":411,"function":"getDatabasePlatformVersion","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php","line":318,"function":"detectDatabasePlatform","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/Connection.php","line":899,"function":"getDatabasePlatform","class":"Doctrine\\DBAL\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/ConnectionAdapter.php","line":235,"function":"getDatabaseProvider","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php","line":96,"function":"getDatabaseProvider","class":"OC\\DB\\ConnectionAdapter","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":1211,"function":"expr","class":"OC\\DB\\QueryBuilder\\QueryBuilder","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":237,"function":"loadConfig","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppConfig.php","line":1351,"function":"searchValues","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":126,"function":"getValues","class":"OC\\AppConfig","type":"->"},{"file":"/var/www/nextcloud/lib/private/App/AppManager.php","line":147,"function":"getInstalledAppsValues","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/legacy/OC_App.php","line":191,"function":"getInstalledApps","class":"OC\\App\\AppManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Bootstrap/Coordinator.php","line":48,"function":"getEnabledApps","class":"OC_App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":659,"function":"runInitialRegistration","class":"OC\\AppFramework\\Bootstrap\\Coordinator","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":1134,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/index.php","line":22,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/DB/Connection.php","Line":233,"CustomMessage":"Exception thrown: Doctrine\\DBAL\\Exception"},"id":"6786b5567dc2b"}
{"reqId":"Z4ZLNzXCH-oi1Vt69rHY9wAAAEM","level":1,"time":"2025-01-14T11:32:07+00:00","remoteAddr":"185.180.140.105","user":"--","app":"no app in context","method":"GET","url":"/","message":"Unable to generate a URL for the named route \"cloud_federation_api.requesthandler.addshare\" as such route does not exist.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36","version":"30.0.4.1","exception":{"Exception":"Symfony\\Component\\Routing\\Exception\\RouteNotFoundException","Message":"Unable to generate a URL for the named route \"cloud_federation_api.requesthandler.addshare\" as such route does not exist.","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":374,"function":"generate","class":"Symfony\\Component\\Routing\\Generator\\UrlGenerator","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/CachingRouter.php","line":50,"function":"generate","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/lib/private/URLGenerator.php","line":71,"function":"generate","class":"OC\\Route\\CachingRouter","type":"->"},{"file":"/var/www/nextcloud/lib/private/URLGenerator.php","line":83,"function":"linkToRoute","class":"OC\\URLGenerator","type":"->"},{"file":"/var/www/nextcloud/apps/cloud_federation_api/lib/Capabilities.php","line":44,"function":"linkToRouteAbsolute","class":"OC\\URLGenerator","type":"->"},{"file":"/var/www/nextcloud/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OCA\\CloudFederationAPI\\Capabilities","type":"->"},{"file":"/var/www/nextcloud/lib/private/Template/JSConfigHelper.php","line":135,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/TemplateLayout.php","line":228,"function":"getConfig","class":"OC\\Template\\JSConfigHelper","type":"->"},{"file":"/var/www/nextcloud/lib/private/legacy/OC_Template.php","line":119,"function":"__construct","class":"OC\\TemplateLayout","type":"->"},{"file":"/var/www/nextcloud/lib/private/Template/Base.php","line":113,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":804,"function":"printPage","class":"OC\\Template\\Base","type":"->"},{"file":"/var/www/nextcloud/lib/base.php","line":1134,"function":"init","class":"OC","type":"::"},{"file":"/var/www/nextcloud/index.php","line":22,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/var/www/nextcloud/3rdparty/symfony/routing/Generator/UrlGenerator.php","Line":134,"message":"Unable to generate a URL for the named route \"cloud_federation_api.requesthandler.addshare\" as such route does not exist.","exception":[],"CustomMessage":"Unable to generate a URL for the named route \"cloud_federation_api.requesthandler.addshare\" as such route does not exist."},"id":"6786b56725f4f"}
{"file":"/var/www/nextcloud/index.php","line":22,"args":["/var/www/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/DB/Connection.php","Line":233,"message":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory","exception":[],"CustomMessage":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [2002] No such file or directory"},"id":"6786b5567dc4f"}

There are more lines like this, but I copied at least one of each kind.

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/apache2/error.log:

[Tue Jan 14 00:00:04.123867 2025] [ssl:warn] [pid 1984:tid 1984] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Tue Jan 14 00:00:04.128032 2025] [mpm_event:notice] [pid 1984:tid 1984] AH00489: Apache/2.4.62 (Debian) OpenSSL/3.0.15 configured -- resuming normal operations
[Tue Jan 14 00:00:04.128049 2025] [core:notice] [pid 1984:tid 1984] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jan 14 00:44:54.914796 2025] [authz_core:error] [pid 140762:tid 140821] [client 5.101.0.66:50357] AH01630: client denied by server configuration: /var/www/nextcloud/server-status
[Tue Jan 14 08:58:01.538908 2025] [core:error] [pid 140762:tid 140830] [client 106.13.112.250:22986] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Tue Jan 14 08:58:04.996846 2025] [core:error] [pid 140762:tid 140831] [client 106.13.112.250:23944] AH10244: invalid URI path (/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh)
[Tue Jan 14 12:34:23.041155 2025] [ssl:warn] [pid 1713:tid 1713] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Tue Jan 14 12:34:23.064895 2025] [ssl:warn] [pid 1717:tid 1717] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name
[Tue Jan 14 12:34:23.069761 2025] [mpm_event:notice] [pid 1717:tid 1717] AH00489: Apache/2.4.62 (Debian) OpenSSL/3.0.15 configured -- resuming normal operations
[Tue Jan 14 12:34:23.069837 2025] [core:notice] [pid 1717:tid 1717] AH00094: Command line: '/usr/sbin/apache2'

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

sudo -u www-data php /var/www/nextcloud/occ config:list system
{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "2": "nc.alex-willand.de",
            "1": "192.168.127.178",
            "5": "nextcloudpi.local",
            "7": "nextcloudpi",
            "8": "nextcloudpi.lan",
            "3": "ncpi5",
            "14": "ncpi5.fritz.box",
            "11": "2003:f5:df16:a00:50f0:a12b:956f:60f1"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.4.1",
        "overwrite.cli.url": "https:\/\/ncpi5\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "tempdirectory": "\/media\/CloudDrive-1\/nextcloud\/subncdata\/tmp",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "enable_previews": true,
        "preview_max_x": 4096,
        "preview_max_y": 4096,
        "jpeg_quality": 60,
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\OpenDocument",
            "OC\\Preview\\Krita",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\Image"
        ],
        "overwriteprotocol": "https",
        "maintenance": false,
        "maintenance_window_start": 2,
        "logfile": "\/media\/CloudDrive-1\/nextcloud\/subncdata\/nextcloud.log",
        "theme": "",
        "loglevel": 1,
        "mail_sendmailmode": "smtp",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "default_phone_region": "DE",
        "app_install_overwrite": [
            "previewgenerator"
        ],
        "data-fingerprint": "9806cba9065270651d7d9627d835e284",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "log_type": "file",
        "memories.db.triggers.fcu": true,
        "memories.exiftool": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/exiftool-aarch64-glibc",
        "memories.vod.path": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-aarch64",
        "preview_max_memory": 4096,
        "memories.gis_type": 1
    }
}

Apps

The output of occ app:list

 sudo -u www-data php /var/www/nextcloud/occ app:list
Enabled:
  - activity: 3.0.0
  - announcementcenter: 7.1.0
  - bruteforcesettings: 3.0.0
  - calendar: 5.0.8
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contacts: 6.1.3
  - dashboard: 7.10.0
  - dav: 1.31.1
  - event_update_notification: 2.5.0
  - federatedfilesharing: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - firstrunwizard: 3.0.0
  - groupfolders: 18.0.8
  - login_notes: 1.6.1
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - memories: 7.4.1
  - nextcloud_announcements: 2.0.0
  - notes: 4.11.0
  - notifications: 3.0.0
  - notify_push: 0.7.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - photos: 3.0.2
  - previewgenerator: 99.99.99
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - qownnotesapi: 24.11.0
  - recommendations: 3.0.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - spreed: 20.1.1
  - systemtags: 1.20.0
  - tasks: 0.16.1
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - updatenotification: 1.20.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - admin_audit: 1.20.0
  - app_api: 4.0.3 (installed 4.0.0)
  - contactsinteraction: 1.11.0 (installed 1.4.0)
  - encryption: 2.18.0
  - federation: 1.20.0 (installed 1.13.0)
  - files_external: 1.22.0
  - nextcloudpi: 0.0.2 (installed 0.0.1)
  - sharebymail: 1.20.0 (installed 1.13.0)
  - support: 2.0.0 (installed 1.6.0)
  - survey_client: 2.0.0 (installed 1.12.0)
  - suspicious_login: 8.0.0
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - user_ldap: 1.21.0
  - weather_status: 1.10.0 (installed 1.3.0)

Mornsgrans · January 14, 2025, 7:39pm

Möglicherweise hat die Bruteforce-App “zugeschlagen”.

geoW · January 16, 2025, 7:00am

Check session negotiation with curl

georg@HEKA:~$ curl -vv -k --insecure https://nextcloudpi

*   Trying 192.168.2.32:443...
* Connected to nextcloudpi (192.168.2.32) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=fv-az268-978
*  start date: Jan  8 21:07:16 2023 GMT
*  expire date: Jan  5 21:07:16 2033 GMT
*  issuer: CN=fv-az268-978
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55acf14d9c90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: nextcloudpi
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 302
< content-security-policy: default-src 'self'; script-src 'self' 'nonce-nu45Qd6baZYsaiEXsLU9eDDaoyuBB29mXkq8zewwTRQ='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
< set-cookie: oc_sessionPassphrase=JdU30G2TGzKP5Xjqvo0aNkqP6zuFVTvZJAmtVHkKsU%2FZfSN3phnbHhYp3Pi8gjgVRMdIhQdP%2BCoN499cPtSc%2Bpr6X2dQPASpDNBskTSw6MyCkatEnTffflGdhaLZVg3%2F; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
< set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
< set-cookie: ocdelr5n2jiu=do48vg73ukbm1j4fq060i7p3mj; path=/; secure; HttpOnly; SameSite=Lax
< strict-transport-security: max-age=15768000; includeSubDomains
< referrer-policy: no-referrer
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-robots-tag: noindex, nofollow
< x-xss-protection: 1; mode=block
< location: https://nextcloudpi/login
< content-length: 0
< content-type: text/html; charset=UTF-8
< date: Thu, 16 Jan 2025 06:49:33 GMT
< server: Apache
<
* Connection #0 to host nextcloudpi left intact
georg@HEKA:~$

`

Keks_Dose · January 19, 2025, 1:07pm

Thanks for the hint, that’s the result:

 curl -vv -k --insecure https://192.168.1.1
12:36:06.449648 [0-0] * [HTTPS-CONNECT] added
12:36:06.449675 [0-0] * [HTTPS-CONNECT] connect, init
12:36:06.449689 [0-0] * [HTTPS-CONNECT] connect, check h21
12:36:06.449709 [0-0] *   Trying 192.168.1.1:443...
12:36:06.449760 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
12:36:06.449777 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
12:36:06.451461 [0-0] * [HTTPS-CONNECT] connect, check h21
12:36:06.455167 [0-0] * ALPN: curl offers h2,http/1.1
12:36:06.455479 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
12:36:06.455561 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
12:36:06.455623 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
12:36:06.458631 [0-0] * [HTTPS-CONNECT] connect, check h21
12:36:06.458714 [0-0] * TLSv1.3 (IN), TLS handshake, Server hello (2):
12:36:06.459242 [0-0] * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
12:36:06.459294 [0-0] * TLSv1.3 (IN), TLS handshake, Certificate (11):
12:36:06.460137 [0-0] * TLSv1.3 (IN), TLS handshake, CERT verify (15):
12:36:06.460425 [0-0] * TLSv1.3 (IN), TLS handshake, Finished (20):
12:36:06.460518 [0-0] * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
12:36:06.460605 [0-0] * TLSv1.3 (OUT), TLS handshake, Finished (20):
12:36:06.460713 [0-0] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
12:36:06.460756 [0-0] * ALPN: server accepted h2
12:36:06.460806 [0-0] * Server certificate:
12:36:06.460854 [0-0] *  subject: CN=nc.mydomain.de
12:36:06.460900 [0-0] *  start date: Nov 22 07:31:35 2024 GMT
12:36:06.460948 [0-0] *  expire date: Feb 20 07:31:34 2025 GMT
12:36:06.461010 [0-0] *  issuer: C=US; O=Let's Encrypt; CN=E5
12:36:06.461082 [0-0] *  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
12:36:06.461150 [0-0] *   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
12:36:06.461203 [0-0] *   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
12:36:06.461262 [0-0] * [HTTPS-CONNECT] connect+handshake h21: 11ms, 1st data: 8ms
12:36:06.461333 [0-0] * [HTTP/2] [0] created h2 session
12:36:06.461394 [0-0] * [HTTP/2] [0] -> FRAME[SETTINGS, len=18]
12:36:06.461446 [0-0] * [HTTP/2] [0] -> FRAME[WINDOW_UPDATE, incr=1048510465]
12:36:06.461508 [0-0] * [HTTP/2] cf_connect() -> 0, 1, 
12:36:06.461564 [0-0] * [HTTPS-CONNECT] connect -> 0, done=1
12:36:06.461622 [0-0] * Connected to 192.168.1.1 (192.168.1.1) port 443
12:36:06.461675 [0-0] * using HTTP/2
12:36:06.461758 [0-0] * [HTTP/2] [1] OPENED stream for https://192.168.1.1/
12:36:06.461811 [0-0] * [HTTP/2] [1] [:method: GET]
12:36:06.461857 [0-0] * [HTTP/2] [1] [:scheme: https]
12:36:06.461939 [0-0] * [HTTP/2] [1] [:authority: 192.168.1.1]
12:36:06.462006 [0-0] * [HTTP/2] [1] [:path: /]
12:36:06.462056 [0-0] * [HTTP/2] [1] [user-agent: curl/8.11.1]
12:36:06.462101 [0-0] * [HTTP/2] [1] [accept: */*]
12:36:06.462148 [0-0] * [HTTP/2] [1] submit -> 77, 0
12:36:06.462211 [0-0] * [HTTP/2] [1] -> FRAME[HEADERS, len=31, hend=1, eos=1]
12:36:06.462268 [0-0] * [HTTP/2] [0] egress: wrote 104 bytes
12:36:06.462308 [0-0] * [HTTP/2] [1] cf_send(len=77) -> 77, 0, eos=1, h2 windows 65535-65535 (stream-conn), buffers 0-0 (stream-conn)
12:36:06.462343 [0-0] > GET / HTTP/2
12:36:06.462343 [0-0] > Host: 192.168.1.1
12:36:06.462343 [0-0] > User-Agent: curl/8.11.1
12:36:06.462343 [0-0] > Accept: */*
12:36:06.462343 [0-0] > 
12:36:06.462610 [0-0] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
12:36:06.462712 [0-0] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
12:36:06.462818 [0-0] * [HTTP/2] [0] ingress: read 28 bytes
12:36:06.462879 [0-0] * [HTTP/2] [0] <- FRAME[SETTINGS, len=6]
12:36:06.462941 [0-0] * [HTTP/2] [0] MAX_CONCURRENT_STREAMS: 100
12:36:06.463007 [0-0] * [HTTP/2] [0] ENABLE_PUSH: TRUE
12:36:06.463119 [0-0] * [HTTP/2] [1] DRAIN select_bits=1
12:36:06.463145 [0-0] * [HTTP/2] [0] <- FRAME[WINDOW_UPDATE, incr=2147418112]
12:36:06.463163 [0-0] * [HTTP/2] [0] progress ingress: inbufg=0
12:36:06.463184 [0-0] * [HTTP/2] [0] progress ingress: done
12:36:06.463204 [0-0] * [HTTP/2] [0] -> FRAME[SETTINGS, ack=1]
12:36:06.463224 [0-0] * [HTTP/2] [0] egress: wrote 9 bytes
12:36:06.463242 [0-0] * [HTTP/2] [1] cf_recv(len=102400) -> -1 81, window=0/65535, connection 1048576000/1048576000
12:36:06.463263 [0-0] * Request completely sent off
12:36:06.463285 [0-0] * [HTTP/2] [0] progress ingress: done
12:36:06.463303 [0-0] * [HTTP/2] [1] cf_recv(len=102400) -> -1 81, window=0/65535, connection 1048576000/1048576000
12:36:06.464348 [0-0] * [HTTP/2] [0] ingress: read 9 bytes
12:36:06.464366 [0-0] * [HTTP/2] [0] <- FRAME[SETTINGS, ack=1]
12:36:06.464380 [0-0] * [HTTP/2] [0] progress ingress: inbufg=0
12:36:06.464404 [0-0] * [HTTP/2] [0] progress ingress: done
12:36:06.464424 [0-0] * [HTTP/2] [1] cf_recv(len=102400) -> -1 81, window=0/65536, connection 1048576000/1048576000
12:36:06.464624 [0-0] * [HTTP/2] [0] ingress: read 310 bytes
12:36:06.464649 [0-0] < HTTP/2 403 
12:36:06.464669 [0-0] * [HTTP/2] [1] local window update by 10420224
12:36:06.464687 [0-0] * [HTTP/2] [1] status: HTTP/2 403
12:36:06.464705 [0-0] < strict-transport-security: max-age=15768000; includeSubDomains
12:36:06.464727 [0-0] * [HTTP/2] [1] header: strict-transport-security: max-age=15768000; includeSubDomains
12:36:06.464748 [0-0] < content-length: 199
12:36:06.464767 [0-0] * [HTTP/2] [1] header: content-length: 199
12:36:06.464784 [0-0] < content-type: text/html; charset=iso-8859-1
12:36:06.464802 [0-0] * [HTTP/2] [1] header: content-type: text/html; charset=iso-8859-1
12:36:06.464821 [0-0] < date: Sat, 18 Jan 2025 11:36:06 GMT
12:36:06.464837 [0-0] * [HTTP/2] [1] header: date: Sat, 18 Jan 2025 11:36:06 GMT
12:36:06.464854 [0-0] < server: Apache
12:36:06.464875 [0-0] * [HTTP/2] [1] header: server: Apache
12:36:06.464895 [0-0] * [HTTP/2] [1] <- FRAME[HEADERS, len=93, hend=1, eos=0]
12:36:06.464912 [0-0] < 
12:36:06.464929 [0-0] * [HTTP/2] [1] DRAIN select_bits=1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
12:36:06.464958 [0-0] * [HTTP/2] [1] <- FRAME[DATA, len=199, eos=1, padlen=0]
12:36:06.464976 [0-0] * [HTTP/2] [1] DATA, window=199/10485760
12:36:06.464994 [0-0] * [HTTP/2] [1] CLOSED
12:36:06.465018 [0-0] * [HTTP/2] [1] DRAIN select_bits=1
12:36:06.465038 [0-0] * [HTTP/2] [0] progress ingress: inbufg=0
12:36:06.465054 [0-0] * [HTTP/2] [1] DRAIN select_bits=1
12:36:06.465068 [0-0] * [HTTP/2] [0] progress ingress: done
12:36:06.465088 [0-0] * [HTTP/2] [1] returning CLOSE
12:36:06.465106 [0-0] * [HTTP/2] handle_stream_close -> 0, 0
12:36:06.465125 [0-0] * [HTTP/2] [1] cf_recv(len=102400) -> 0 0, window=-1/-1, connection 1048575801/1048576000
12:36:06.465146 [0-0] * Connection #0 to host 192.168.1.1 left intact

So I’m blocked, but why?

Keks_Dose · January 19, 2025, 1:12pm

Thank you for the suggestion. I wrote my LAN into the whitelist of nextcloud security: 192.168.1.1./24 but nonetheless I got blocked a day later, even when trying to log in via ssh from said lan:

kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.1.1 port 22

So no luck.

geoW · January 19, 2025, 1:22pm

It is quite unusual address for a server, to my knowledge it is a number preserved for network configuration.

Keks_Dose · January 19, 2025, 3:18pm

Sorry, the internal address is different, something like 192.168.1.123, I changed the address here in my answer without thinking too much.

jtr · January 19, 2025, 3:22pm

This is not Nextcloud’s Brute Force Protection.

Since this impacts your ssh access as well, sounds like some other external-to-Nextcloud mechanism / problem.

Do you have any errors from your OS / kernel when this happens? (if you’re lucky it’s logged via journalctl or somewhere in /var/log/ so you can check after recovering access).

In the past it was speculated to be hardware issues - i.e. [SOLVED] NCP on Pi4: Forbidden: You don’t have permission to access this resource & random power off

Then I walk over to the server, pull the plug (electricity), reinsert it, server starts, all seems ok for some hours or about a day. Then I get locked out again.

This really does sound like a hardware / power matter to me.

Keks_Dose · January 19, 2025, 5:39pm

Hey, thank you, good catch: somebody else had that issue!

This is what journalctl -b 1 --system has before crash:

Jan 18 05:40:01 ncpi5 CRON[506877]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Jan 18 05:40:01 ncpi5 CRON[506878]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Jan 18 05:40:01 ncpi5 CRON[506880]: (www-data) CMD (php -f /var/www/nextcloud/cron.php)
Jan 18 05:40:01 ncpi5 CRON[506881]: (root) CMD (/usr/local/bin/ncp-notify-update && /usr/local/bin/ncp-notify-unattended-upgrade)
Jan 18 05:40:02 ncpi5 CRON[506878]: pam_unix(cron:session): session closed for user www-data
Jan 18 05:40:02 ncpi5 CRON[506877]: pam_unix(cron:session): session closed for user root
Jan 18 05:40:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 05:40:09,458] udiskie.udisks2: +++ device_changed: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7
Jan 18 05:40:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 05:40:09,459] udiskie.config: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7 matched {!is_block} -> {ignore}
Jan 18 05:45:01 ncpi5 CRON[506970]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Jan 18 05:45:01 ncpi5 CRON[506971]: (www-data) CMD (php -f /var/www/nextcloud/cron.php)
Jan 18 05:45:01 ncpi5 CRON[506970]: pam_unix(cron:session): session closed for user www-data
Jan 18 05:45:39 ncpi5 systemd[1]: Starting prometheus-node-exporter-apt.service - Collect apt metrics for prometheus-node-exporter...
Jan 18 05:45:39 ncpi5 systemd[1]: Starting prometheus-node-exporter-nvme.service - Collect NVMe metrics for prometheus-node-exporter...
Jan 18 05:45:39 ncpi5 systemd[1]: Starting prometheus-node-exporter-smartmon.service - Collect SMART metrics for prometheus-node-exporter...
Jan 18 05:45:39 ncpi5 systemd[1]: prometheus-node-exporter-smartmon.service: Deactivated successfully.
Jan 18 05:45:39 ncpi5 systemd[1]: Finished prometheus-node-exporter-smartmon.service - Collect SMART metrics for prometheus-node-exporter.
Jan 18 05:45:40 ncpi5 systemd[1]: prometheus-node-exporter-nvme.service: Deactivated successfully.
Jan 18 05:45:40 ncpi5 systemd[1]: Finished prometheus-node-exporter-nvme.service - Collect NVMe metrics for prometheus-node-exporter.
Jan 18 05:45:40 ncpi5 systemd[1]: prometheus-node-exporter-apt.service: Deactivated successfully.
Jan 18 05:45:40 ncpi5 systemd[1]: Finished prometheus-node-exporter-apt.service - Collect apt metrics for prometheus-node-exporter.
Jan 18 05:45:40 ncpi5 systemd[1]: prometheus-node-exporter-apt.service: Consumed 1.658s CPU time.
Jan 18 05:50:01 ncpi5 CRON[507732]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Jan 18 05:50:01 ncpi5 CRON[507734]: (www-data) CMD (php -f /var/www/nextcloud/cron.php)
Jan 18 05:50:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 05:50:09,475] udiskie.udisks2: +++ device_changed: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7
Jan 18 05:50:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 05:50:09,475] udiskie.config: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7 matched {!is_block} -> {ignore}
Jan 18 05:50:10 ncpi5 CRON[507732]: pam_unix(cron:session): session closed for user www-data
Jan 18 05:55:01 ncpi5 CRON[507758]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Jan 18 05:55:01 ncpi5 CRON[507759]: (www-data) CMD (php -f /var/www/nextcloud/cron.php)
Jan 18 05:55:02 ncpi5 CRON[507758]: pam_unix(cron:session): session closed for user www-data
Jan 18 05:58:01 ncpi5 CRON[507771]: pam_unix(cron:session): session opened for user daemon(uid=1) by (uid=0)
Jan 18 05:58:01 ncpi5 CRON[507772]: (daemon) CMD (test -x /usr/bin/debsecan && /usr/bin/debsecan --cron)
Jan 18 05:58:01 ncpi5 CRON[507771]: pam_unix(cron:session): session closed for user daemon
Jan 18 06:00:01 ncpi5 CRON[507779]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Jan 18 06:00:01 ncpi5 CRON[507780]: (www-data) CMD (php -f /var/www/nextcloud/cron.php)
Jan 18 06:00:01 ncpi5 CRON[507779]: pam_unix(cron:session): session closed for user www-data
Jan 18 06:00:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 06:00:09,477] udiskie.udisks2: +++ device_changed: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7
Jan 18 06:00:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 06:00:09,477] udiskie.config: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7 matched {!is_block} -> {ignore}
Jan 18 06:00:39 ncpi5 systemd[1]: Starting prometheus-node-exporter-apt.service - Collect apt metrics for prometheus-node-exporter...
Jan 18 06:00:39 ncpi5 systemd[1]: Starting prometheus-node-exporter-nvme.service - Collect NVMe metrics for prometheus-node-exporter...
Jan 18 06:00:39 ncpi5 systemd[1]: Starting prometheus-node-exporter-smartmon.service - Collect SMART metrics for prometheus-node-exporter...
Jan 18 06:00:39 ncpi5 systemd[1]: prometheus-node-exporter-smartmon.service: Deactivated successfully.
Jan 18 06:00:39 ncpi5 systemd[1]: Finished prometheus-node-exporter-smartmon.service - Collect SMART metrics for prometheus-node-exporter.
Jan 18 06:00:40 ncpi5 systemd[1]: prometheus-node-exporter-nvme.service: Deactivated successfully.
Jan 18 06:00:40 ncpi5 systemd[1]: Finished prometheus-node-exporter-nvme.service - Collect NVMe metrics for prometheus-node-exporter.
Jan 18 06:00:41 ncpi5 systemd[1]: prometheus-node-exporter-apt.service: Deactivated successfully.
Jan 18 06:00:41 ncpi5 systemd[1]: Finished prometheus-node-exporter-apt.service - Collect apt metrics for prometheus-node-exporter.
Jan 18 06:00:41 ncpi5 systemd[1]: prometheus-node-exporter-apt.service: Consumed 1.675s CPU time.
Jan 18 06:05:01 ncpi5 CRON[508543]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Jan 18 06:05:01 ncpi5 CRON[508544]: (www-data) CMD (php -f /var/www/nextcloud/cron.php)
Jan 18 06:05:01 ncpi5 CRON[508543]: pam_unix(cron:session): session closed for user www-data
Jan 18 06:09:01 ncpi5 CRON[508553]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Jan 18 06:09:01 ncpi5 CRON[508554]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jan 18 06:09:01 ncpi5 CRON[508553]: pam_unix(cron:session): session closed for user root
Jan 18 06:09:09 ncpi5 systemd[1]: Starting phpsessionclean.service - Clean php session files...
Jan 18 06:09:09 ncpi5 sessionclean[508567]: Cannot load Zend OPcache - it was already loaded
Jan 18 06:09:09 ncpi5 systemd[1]: phpsessionclean.service: Deactivated successfully.
Jan 18 06:09:09 ncpi5 systemd[1]: Finished phpsessionclean.service - Clean php session files.
Jan 18 06:10:01 ncpi5 CRON[508679]: pam_unix(cron:session): session opened for user www-data(uid=33) by (uid=0)
Jan 18 06:10:01 ncpi5 CRON[508680]: (www-data) CMD (php -f /var/www/nextcloud/cron.php)
Jan 18 06:10:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 06:10:09,476] udiskie.udisks2: +++ device_changed: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7
Jan 18 06:10:09 ncpi5 udiskie[601]: DEBUG [2025-01-18 06:10:09,476] udiskie.config: /org/freedesktop/UDisks2/drives/WDC_WD40EFPX_68C6CN0_WD_WXE2A92JH5V7 matched {!is_block} -> {ignore}
Jan 18 06:10:10 ncpi5 CRON[508679]: pam_unix(cron:session): session closed for user www-data

I’ll look how to disable this prometheus-node-exporter.

system · February 7, 2025, 2:20pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.