Login to NextCloud takes up to 15sec

šŸš§ Installation
1

hi Folks,
my login to NextCloud on my own Server (Ubuntu 16.04, 2GB RAM, Xeon 1245) is very low. Up to 15sec!
WordPress, MediaWiki, Roundcude on the server are much more faster.

I checked my Apache log files could not find any error.

I must confessā€¦ when I installed NextCloud I accidentally enabled all installed Apache2 mod.
So I tried to diable not needed mods.
Here are my loaded Apache2 modsā€¦ maybe I need one more?

access_compat_module (shared) actions_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_svn_module (shared) authz_user_module (shared) autoindex_module (shared) cache_module (shared) cgi_module (shared) core_module (static) dav_fs_module (shared) dav_lock_module (shared) dav_module (shared) dav_svn_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) fcgid_module (shared) filter_module (shared) headers_module (shared) http_module (static) log_config_module (static) log_debug_module (shared) logio_module (static) mime_module (shared) mpm_prefork_module (shared) negotiation_module (shared) php7_module (shared) proxy_fcgi_module (shared) proxy_module (shared) rewrite_module (shared) session_module (shared) setenvif_module (shared) socache_shmcb_module (shared) so_module (static) ssl_module (shared) status_module (shared) suexec_module (shared) unixd_module (static)

and here is my Apache2 conf foe the domain

<code>
    <VirtualHost *:80>
    SuexecUserGroup "#1021" "#1021"
    ServerName domain.tld
    DocumentRoot /home/domain.tld/public_html
    ErrorLog /var/log/virtualmin/domain.tld_error_log
    CustomLog /var/log/virtualmin/domain.tld_access_log combined
    ScriptAlias /cgi-bin/ /home/domain.tld/cgi-bin/
    DirectoryIndex index.html index.htm index.php index.php4 index.php5
    <Directory /home/domain.tld/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php7.0 .php7.0
    AddType application/x-httpd-php7.0 .php
    Action application/x-httpd-php7.0 /cgi-bin/php7.0.cgi
    </Directory>
    <Directory /home/domain.tld/cgi-bin>
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    </Directory>
    RewriteEngine on
    RemoveHandler .php
    RemoveHandler .php7.0
    php_admin_value engine Off
    RedirectPermanent / https://domain.tld
    </VirtualHost>
    <VirtualHost 1.2.3.4:443>
    SuexecUserGroup "#1021" "#1021"
    ServerName domain.tld
    DocumentRoot /home/domain.tld/public_html
    ErrorLog /var/log/virtualmin/domain.tld_error_log
    CustomLog /var/log/virtualmin/domain.tld_access_log combined
    ScriptAlias /cgi-bin/ /home/domain.tld/cgi-bin/
    DirectoryIndex index.html index.htm index.php index.php4 index.php5
    <Directory /home/domain.tld/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php7.0 .php7.0
    AddType application/x-httpd-php7.0 .php
    Action application/x-httpd-php7.0 /cgi-bin/php7.0.cgi
    </Directory>
    <Directory /home/domain.tld/cgi-bin>
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    </Directory>
    RewriteEngine on
    RemoveHandler .php
    RemoveHandler .php7.0
    php_admin_value engine Off
    SSLEngine on
    SSLCertificateFile /home/domain.tld/ssl.cert
    SSLCertificateKeyFile /home/domain.tld/ssl.key
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCACertificateFile /home/domain.tld/ssl.ca
    </VirtualHost>
</code>

and my config.php

<code>
<?php
$CONFIG = array (
  'instanceid' => 'oc782*',
  'passwordsalt' => 'jat**',
  'secret' => 'Bgna*',
  'trusted_domains' =>
  array (
    0 => 'domain.tld',
  ),
  'datadirectory' => '/home/domain.tld/data',
  'overwrite.cli.url' => 'http://domain.tld',
  'dbtype' => 'mysql',
  'version' => '11.0.3.2',
  'dbname' => 'name',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'name',
  'dbpassword' => 'password',
  'logtimezone' => 'UTC',
  'installed' => true,
);
</code>
2

Please have a look in your bruteforcetable. You can do that with phpmyadmin or in the terminal:
DONā€™T FORGET TO MAKE A DATABASE BACKUP!

mysql
USE nextcloud;
SHOW tables;
SELECT * FROM oc_bruteforce_attempts;

Lists the bruteforce entries
For removing rows:

DELETE FROM oc_bruteforce_attempts WHERE IP=ā€œnnn.nnn.nnn.nnn.ā€;
SELECT * FROM oc_bruteforce_attempts;
exit

1 Like
3

ahhhā€¦ i got some hitsā€¦ my moms S3 wasent set up to the new NextCloudā€¦still using the old OwnCloud login on same domain as the new installation.

EDIT
Itā€™s really faster now!

1 Like
4

Can I temporary disable this function?

5

Here you might find some info on how to disable the check:

6

For nc 11 you can set
'auth.bruteforce.protection.enabled' => false',
in config.php

For nextcloud 12 there will be an app to handle the bruteforcesettingsā€¦

7
'auth.bruteforce.protection.enabled' => 'false',
1 Like
8

Any infos for nc14? the actual bruteforce system is just broken down nextcloud with apps.