Nextcloud version (eg, 20.0.5): Nextcloud Hub II (23.0.3)
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04.4 LTS
Apache or nginx version (eg, Apache 2.4.25): nginx 1.18.0-0ubuntu1.3
PHP version (eg, 7.4): php-fpm 2:7.4+75
The issue you are facing:
I’ve noticed that when I have to (re)login, authentication takes a long time and frequently fail with a 504 Bad Gateway.
Investigation led me to time the logins and even successful logins tend to take more than 45 seconds to complete. Oddly, failures (bad username and/or password) responses are almost immediate.
I’ve checked the LDAP server’s response times and watched requests from Nextcloud. The server respond nearly immediately.
Is this the first time you’ve seen this error? No, but it has gotten progressively worse.
I’ve reported this previously: [Bug]: ldap logins take a long time and frequently timeout, 504 Bad Gateway · Issue #31885 · nextcloud/server · GitHub
Steps to replicate it:
- Setup Nextcloud
- Enable LDAP authentication
- Try to use LDAP authentication
The output of your Nextcloud log in Admin > Logging:
The log is 50MB in size, doubt pasting it here would be of much use. Happy to paste relevant recent output.
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
$CONFIG = array (
'default_phone_region' => 'US',
'updatechecker' => false,
'instanceid' => '',
'passwordsalt' => '',
'secret' => '',
'trusted_domains' =>
array (
0 => 'cloud.asgardsrealm.net',
),
'datadirectory' => '/opt/nextcloud/data',
'overwrite.cli.url' => 'https://cloud.asgardsrealm.net',
'dbtype' => 'mysql',
'version' => '23.0.3.2',
'dbname' => 'owncloud',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'dbuser' => '',
'dbpassword' => '',
'logtimezone' => 'UTC',
'installed' => true,
'maintenance' => false,
'loglevel' => 1,
'app.mail.verify-tls-peer' => false,
'appstore.experimental.enabled' => true,
'htaccess.RewriteBase' => '/',
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'theme' => '',
'mysql.utf8mb4' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0,
'password' => '',
'dbindex' => 0,
),
);
The output of your Apache/nginx/system log in /var/log/____
:
access.log:
72.210.60.4 - jamin [30/Apr/2022:10:37:31 -0600] "PROPFIND /remote.php/dav/files/4d9edbbb-d49e-4898-95e1-78abb311b481/ HTTP/1.1" 207 274 "-" "Mozilla/5.0 (Linux) mirall/3.4.4git (Nextcloud, arch-5.17.4-arch1-1 ClientArchitecture: x86_64 OsArchitecture: x86_64)"
72.210.60.4 - - [30/Apr/2022:10:37:38 -0600] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
97.117.119.100 - brent.hiramoto [30/Apr/2022:10:37:46 -0600] "PROPFIND /remote.php/dav/files/484677c3-0a71-43ee-9f47-156c04d37068/ HTTP/1.1" 207 286 "-" "Mozilla/5.0 (Windows) mirall/3.4.1stable-Win64 (build 20211221) (Nextcloud, windows-10.0.19043 ClientArchitecture: x86_64 OsArchitecture: x86_64)"
72.210.60.4 - - [30/Apr/2022:10:37:48 -0600] "POST /index.php/login/v2/poll HTTP/1.1" 404 2 "-" "Mozilla/5.0 (Linux) mirall/3.4.4git (Nextcloud, arch-5.17.4-arch1-1 ClientArchitecture: x86_64 OsArchitecture: x86_64)"
72.210.60.4 - - [30/Apr/2022:10:37:50 -0600] "GET /index.php/apps/logreader/poll?lastReqId=rZNDrhRp6J7GV7LumS9P HTTP/1.1" 200 22 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
72.210.60.4 - jamin [30/Apr/2022:10:37:54 -0600] "PROPFIND /remote.php/dav/files/4d9edbbb-d49e-4898-95e1-78abb311b481/ HTTP/1.1" 207 274 "-" "Mozilla/5.0 (Windows) mirall/3.4.4stable-Win64 (build 20220318) (Nextcloud, windows-10.0.19044 ClientArchitecture: x86_64 OsArchitecture: x86_64)"
error.log:
Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.
No errors in the last week.
Additional Information
In digging further into this, I found this:
Adding the following to my nginx
php
configuration appears to have alleviated the 504 Bad Gateway errors:
fastcgi_read_timeout 180;
However, that doesn’t explain the need for such a long login validation/response window, especially when an invalid username/password gets an almost immediate response.
I’ve timed a few fresh logins after making the above change.
T 000:01:17.649
T 000:01:08.032
T 000:01:14.278
By contrast, I’ve timed a CLI ldapsearch
(with DN binding) from the system running Nextcloud:
real 0m2.282s
user 0m0.027s
sys 0m0.012s
The above includes time for me to type in my password.
Providing my password on the CLI results in a far snappier response:
real 0m0.069s
user 0m0.024s
sys 0m0.014s
I believe this clearly shows that something is happening within Nextcloud that is delaying the acknowledgement and progression of the login.