Logins taking a very long time, maybe due to Misconfiguration?

ℹ️ Support
, , ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 30.0.3
  • Operating system and version (e.g., Ubuntu 24.04):
    • Nextcloud Docker running on Fedora Linux 41
  • Web server and version (e.g, Apache 2.4.25):
    • Docker, whatever Webserver is embedded in the container
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • Traffic 3.2.0
  • PHP version (e.g, 8.3):
    • Guess PHP 8.3? Or what’s running in the official Docker container.
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yep
  • When did this problem seem to first start?
    • After Deploying the Installation
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Nextcloud Docker
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • No

Summary of the issue you are facing:

I recently Deployed a new Nextcloud Instance on my Home, hosted for a small Volunteering Organisation. Some of my users are complaining about the Login taking much time.
In the Web UI I can see this Error Message:

  • Die Konfiguration des Reverse-Proxy-Headers ist falsch. Dies stellt ein Sicherheitsproblem dar und kann es einem Angreifer ermöglichen, seine IP-Adresse so zu fälschen, wie sie für Nextcloud sichtbar ist. Weitere Informationen findest du in der Dokumentation :arrow_upper_right:.
    (English Translation: The Configuration of the Reverse Proxy Header is wrong)
    I guess this might be the root cause for the very long time it takes to login?

Log entries

I can’t find any relevant Log Entries.

Configuration

Here a few Infos about my Setup:
My Home uses NAT, the IP changes from time to time, so I am using DynDNS. I have some Port Forwarding in my home to a Traefik Reverse Proxy. My Nextcloud Installation is reachable by this Reverse Proxy.
The Reverse Proxy is on the IP 192.168.177.103, the Nextcloud on the IP 192.168.177.103 - so entirely different VMs.
I am pretty sure I am doing something wrong about my Configuration in Nextclouds config.php or on my reverse Proxy Config?
Or is my Login Problem maybe caused by something entirely different?

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "htaccess.RewriteBase": "\/",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "upgrade.disable-web": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "172.20.10.13:8080",
            "192.168.177.110:8080",
            "mynextcloud.tld",
            "www.mynextcloud.tld",
            "192.168.177.103"
        ],
        "trustes_proxies": [
            "192.168.177.103"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.3.2",
        "overwritehost": "mynextcloud.tld",
        "overwriteprotocol": "https",
        "overwritewebroot": "\/",
        "overwritecondaddr": "^192\\.168\\.177.\\103$",
        "overwrite.cli.url": "",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "maintenance_window_start": 1,
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "loglevel": 2
    }
}

Apps

The output of occ app:list (if possible).

Enabled:
  - activity: 3.0.0
  - bruteforcesettings: 3.0.0
  - calendar: 5.0.6
  - cloud_federation_api: 1.13.0
  - contactsinteraction: 1.11.0
  - dav: 1.31.1
  - federatedfilesharing: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - firstrunwizard: 3.0.0
  - impersonate: 1.17.0
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - provisioning_api: 1.20.0
  - recommendations: 3.0.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - support: 2.0.0
  - survey_client: 2.0.0
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - updatenotification: 1.20.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - weather_status: 1.10.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - admin_audit: 1.20.0
  - app_api: 4.0.3 (installed 4.0.0)
  - circles: 30.0.0 (installed 30.0.0)
  - comments: 1.20.1 (installed 1.7.0)
  - dashboard: 7.10.0 (installed 7.0.0)
  - encryption: 2.18.0
  - federation: 1.20.0 (installed 1.7.0)
  - files_external: 1.22.0
  - nextcloud_announcements: 2.0.0 (installed 1.5.0)
  - photos: 3.0.2 (installed 3.0.2)
  - privacy: 2.0.0 (installed 1.1.0)
  - suspicious_login: 8.0.0
  - systemtags: 1.20.0 (installed 1.6.0)
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - user_ldap: 1.21.0

Tips for increasing the likelihood of a response

  • Use the preformatted text formatting option in the editor for all log entries and configuration output.
  • If screenshots are useful, feel free to include them.
    • If possible, also include key error output in text form so it can be searched for.
  • Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
2

These are two times the same IPs.

But yes, your proxy settings are wrong.
If you click on the link that the error provides, you will find:

A reverse proxy can define HTTP headers with the original client IP address, and Nextcloud can use those headers to retrieve that IP address. Nextcloud uses the de-facto standard header ‘X-Forwarded-For’ by default, but this can be configured with the forwarded_for_headers parameter. This parameter is an array of PHP lookup strings, for example ‘X-Forwarded-For’ becomes ‘HTTP_X_FORWARDED_FOR’. Incorrectly setting this parameter may allow clients to spoof their IP address as visible to Nextcloud, even when going through the trusted proxy! The correct value for this parameter is dependent on your proxy software.

1 Like
3

Good Morning,

thanks for pointing out my mistake on the IPs.
I meant that the Traffic Reverse Proxy runs on 192.168.177.103,
while Nextcloud runs on 192.168.177.110.

I think I read the linked message at some point - but still don’t really understand what I have to do on my traefik for this.

My traffic config is pretty simple atm:

http:
    middlewares:
        nextcloud-redirectregex:
            redirectRegex:
                permanent: true
                regex: "https://(.*)/.well-known/(?:card|cal)dav"
                replacement: "https://mynextcloud.tld/remote.php/dav
    services:
      nextcloud-service:
        loadBalancer:
          servers:
            - url: "http://192.168.177.110:8080"
    routers:
      next cloud:
        rule: "Host(`mynextcloud.tld`)"
        service: "nextcloud-service"
4

I don’t use Traefik.
On NGINX it looks something like this:

proxy_set_header Upgrade           $http_upgrade;
proxy_set_header Connection        $connection_upgrade;
proxy_set_header X-Real-IP         $remote_addr;
proxy_set_header Forwarded         $proxy_add_forwarded;
proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host  $host;
proxy_set_header X-Forwarded-Port  $server_port;

Pretty sure you will find an equivalent for Traefik.

5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.