Moved Nextcloud to a new system behind Nginx Proxy manager and now login fails

ℹ️ Support
, ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 31.0.6-apache (container)
  • Operating system and version (e.g., Ubuntu 24.04):
    • Debian 12.11 using rootless podman
  • Web server and version (e.g, Apache 2.4.25):
    • nextcloud container 31.0.6-apache (container)
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • nginx-proxy-manager 2.12.3
  • PHP version (e.g, 8.3):
    • 8.3.22 (Inside container)
  • Is this the first time you’ve seen this error? (Yes / No):
    • YES
  • When did this problem seem to first start?
    • After migration to a new system.
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Podman Pods
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • No

Summary of the issue you are facing:

Once Nextcloud was up and running on the new system, my mobile apps connected to the instance no problem, but I am unable to log in via the web interface and since that doesn’t work, the desktop app cannot log in either.
[…]

Steps to replicate it (hint: details matter!):

  1. backup database dump

  2. shutdown old host

  3. create pod for nextcloud, mysql and redis.
    podman pod create
    -p 8080:80
    -p 4430:443
    –network slirp4netns:port_handler=slirp4netns
    nextcloud

  4. create containers inside of pod.

  5. Start DB contianer and restore database.
    podman run --detach
    –restart on-failure
    -e=“MYSQL_DATABASE=nextcloud”
    -e=“MYSQL_USER=nextclouddb”
    -e=“MYSQL_PASSWORD=”
    -e=“MYSQL_ROOT_PASSWORD=”
    –volume /var/www/NC_Mariadb_Data:/var/lib/mysql
    –pod nextcloud
    –name nextcloud-db
    Docker Hub Container Image Library | App Containerization
    –transaction-isolation=READ-COMMITTED
    –log-bin=binlog --binlog-format=ROW

  6. start redis server container.
    podman run --detach
    –restart on-failure
    –pod nextcloud
    –name nextcloud-redis
    Docker Hub Container Image Library | App Containerization
    redis-server --requirepass “”

  7. start nextcloud container

  8. open web browser and attempt to log in.
    podman run --detach
    –restart on-failure
    –pod nextcloud
    -e=“REDIS_HOST=127.0.0.1”
    -e=“REDIS_HOST_PASSWORD=”
    -e=“MYSQL_HOST=127.0.0.1”
    -e=“MYSQL_DATABASE=”
    -e=“MYSQL_USER=”
    -e=“MYSQL_PASSWORD=”
    –volume /var/www/nextcloud:/var/www/html
    –name nextcloud-app
    Docker Hub Container Image Library | App Containerization

Log entries

d6447e0c44bf 10.89.0.15 - - [25/Jun/2025:21:35:02 +0000] “POST /login HTTP/1.1” 303 1396 “Login – Nextcloud” “Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0”
d6447e0c44bf 10.89.0.15 - - [25/Jun/2025:21:35:03 +0000] “GET /login?direct=1&user=venohm HTTP/1.1” 200 10338 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0”
d6447e0c44bf 10.89.0.15 - - [25/Jun/2025:21:35:03 +0000] “GET /apps/side_menu/css/stylesheet?v=6 HTTP/1.1” 200 1468 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0”
d6447e0c44bf 10.89.0.15 - - [25/Jun/2025:21:35:03 +0000] “GET /apps/theming/image/logo?v=1 HTTP/1.1” 404 25085 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0”
d6447e0c44bf 10.89.0.15 - - [25/Jun/2025:21:35:03 +0000] “GET /apps/theming/image/background?v=1 HTTP/1.1” 404 25085 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0”
d6447e0c44bf 10.89.0.15 - - [25/Jun/2025:21:35:03 +0000] “GET /apps/side_menu/nav/items HTTP/1.1” 200 745 “Login – Nextcloud” “Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/14
0.0”
d6447e0c44bf 10.89.0.15 - - [25/Jun/2025:21:35:03 +0000] “GET /apps/side_menu/js/config HTTP/1.1” 200 1073 “Login – Nextcloud” “Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/1
40.0”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:05 +0000] “GET /index.php/204 HTTP/1.1” 204 686 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:05 +0000] “GET /index.php/204 HTTP/1.1” 204 686 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:06 +0000] “GET /status.php HTTP/1.1” 200 899 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:06 +0000] “PROPFIND /remote.php/dav/files/glitchy/ HTTP/1.1” 207 1031 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_64 OsArc
hitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:06 +0000] “GET /ocs/v1.php/cloud/capabilities?format=json HTTP/1.1” 200 5035 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_6
4 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:06 +0000] “GET /ocs/v2.php/apps/files/api/v1/directEditing?format=json HTTP/1.1” 200 1141 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchit
ecture: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:06 +0000] “GET /ocs/v2.php/apps/terms_of_service/terms?format=json HTTP/1.1” 404 981 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitectur
e: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:06 +0000] “GET /ocs/v2.php/apps/user_status/api/v1/user_status?format=json HTTP/1.1” 200 922 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArc
hitecture: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:06 +0000] “GET /ocs/v1.php/cloud/user?format=json HTTP/1.1” 200 1261 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_64 OsArch
itecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:07 +0000] “GET /remote.php/dav/avatars/glitchy/128.png HTTP/1.1” 200 2632 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_64 O
sArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:07 +0000] “GET /ocs/v2.php/apps/notifications/api/v2/notifications?format=json HTTP/1.1” 304 764 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen Clien
tArchitecture: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:07 +0000] “PROPFIND /remote.php/dav/files/glitchy/ HTTP/1.1” 207 2091 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArchitecture: x86_64 OsArc
hitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:07 +0000] “GET /ocs/v2.php/core/navigation/apps?absolute=true&format=json HTTP/1.1” 304 730 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArch
itecture: x86_64 OsArchitecture: x86_64)”
d6447e0c44bf 10.89.0.15 - glitchy [25/Jun/2025:21:35:07 +0000] “GET /ocs/v2.php/core/navigation/apps?absolute=true&format=json HTTP/1.1” 304 730 “-” “Mozilla/5.0 (Linux) mirall/3.16.6daily (Nextcloud, garuda-6.15.2-zen1-1-zen ClientArch
itecture: x86_64 OsArchitecture: x86_64)”

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

Unable to access logs.  Cannot log in.

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

PASTE

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

container logs have no output during the attempted login.

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "htaccess.RewriteBase": "\/",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.venohm.duckdns.org"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.6.2",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/cloud.venohm.duckdns.org",
        "overwriteprotocol": "https",
        "dbport": "3306",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "installed": true,
        "default_language": "en",
        "default_locale": "en_US",
        "default_phone_region": "US",
        "theme": "",
        "loglevel": 3,
        "maintenance": false,
        "app_install_overwrite": [
            "breezedark",
            "news",
            "music",
            "side_menu"
        ],
        "twofactor_enforced": "false",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        }
    }
}

Apps

The output of occ app:list (if possible).

Enabled:

  • activity: 4.0.0
  • app_api: 5.0.2
  • bookmarks: 15.1.1
  • bruteforcesettings: 4.0.0
  • calendar: 5.3.3
  • circles: 31.0.0
  • cloud_federation_api: 1.14.0
  • comments: 1.21.0
  • contacts: 7.1.3
  • contactsinteraction: 1.12.0
  • cookbook: 0.11.3
  • dashboard: 7.11.0
  • dav: 1.33.0
  • deck: 1.15.1
  • federatedfilesharing: 1.21.0
  • federation: 1.21.0
  • files: 2.3.1
  • files_downloadlimit: 4.0.0
  • files_pdfviewer: 4.0.0
  • files_reminders: 1.4.0
  • files_sharing: 1.23.1
  • files_trashbin: 1.21.0
  • files_versions: 1.24.0
  • firstrunwizard: 4.0.0
  • groupfolders: 19.1.1
  • logreader: 4.0.0
  • lookup_server_connector: 1.19.0
  • music: 2.2.0
  • news: 26.0.1
  • nextcloud_announcements: 3.0.0
  • notes: 4.12.1
  • notifications: 4.0.0
  • oauth2: 1.19.1
  • password_policy: 3.0.0
  • photos: 4.0.0-dev.1
  • previewgenerator: 5.8.0
  • privacy: 3.0.0
  • profile: 1.0.0
  • provisioning_api: 1.21.0
  • recommendations: 4.0.0
  • related_resources: 2.0.0
  • serverinfo: 3.0.0
  • settings: 1.14.0
  • sharebymail: 1.21.0
  • side_menu: 5.1.1
  • spreed: 21.1.0
  • support: 3.0.0
  • survey_client: 3.0.0
  • suspicious_login: 9.0.1
  • systemtags: 1.21.1
  • tasks: 0.16.1
  • text: 5.0.0
  • theming: 2.6.1
  • twofactor_admin: 4.8.0
  • twofactor_backupcodes: 1.20.0
  • twofactor_nextcloud_notification: 5.0.0
  • twofactor_totp: 13.0.0-dev.0
  • twofactor_webauthn: 2.2.0
  • user_status: 1.11.0
  • viewer: 4.0.0
  • weather_status: 1.11.0
  • webhook_listeners: 1.2.0
  • workflowengine: 2.13.0
    Disabled:
  • admin_audit: 1.21.0
  • encryption: 2.19.0
  • files_external: 1.23.0
  • notify_push: 1.1.0 (installed 1.1.0)
  • updatenotification: 1.21.0 (installed 1.14.0)
  • user_ldap: 1.22.0

And please, let me know if there is any additional information I can provide.

2

but I am unable to log in via the web interface

What happens precisely?

Unable to access logs. Cannot log in.

You can access your logs still. Either from inside the Nextcloud app container (at /var/www/html/data/nextcloud.log or, based on your current volume mounts, at /var/www/nextcloud/data/nextcloud.log on your underlying host.

-e=“REDIS_HOST=127.0.0.1”
`-e=“MYSQL_HOST=127.0.0.1”

These are likely incorrect since 127.0.0.1 is not the same in a container environment as it is is in a bare metal one. You probably want these to be nextcloud-redis and nextcloud-db, but didn’t look too closely at your network/DNS config.

Likely unrelated but also worth noting I think:

  • it’s a little unusual to use /var/www on your underlying host to store your db and app container data. If you ever have a web server start up on your underlying host, you risk exposing your data since /var/www will be served. I’m referring to these:
    • –volume /var/www/NC_Mariadb_Data:/var/lib/mysql
    • –volume /var/www/nextcloud:/var/www/html
3

Sorry, I definitely should have given more information here.

I am returned instantly back to the login screen.

Okay, sorry, forgot they were under the nextcloud data directory. Just tailed the logs and nothing was input to the logs during a login attempt.

These containers are running withing a pod. In the same pod, you don’t configure networking, the applications in the containers can access each other through localhost.

And thank you very much for this input. I hadn’t thought that part through. Before the upgrade of hardware, the database used to be on a single database server. I’ve upgraded hardware and am migrating to pods instead of a seperate networked database server. I’ll move that data folder. This is a mounted raid setup for the nextcloud and wanted the database to have the same redundancy. But I can fix this easily enough.

Thanks again for pointing this out.

Also, I’m really starting to suspect my nginx proxy manager config. I previously had an apache server I had configured as the proxy, but wanted to move to a unified proxy server, so moved to a new proxy tool.

Also, this previously ran on a system all it’s own. I did migrate this to rootless podman instead of running the containers as root.

But, the previously connected mobile apps work. It’s only the desktop client and web browsers that do not connect.

I got the config information from here:

4

I am returned instantly back to the login screen.

In that case, the web browser inspector is the first place I’d look. Instructions for what to check are in the support template:

Since mentioned NPM, make sure you have Cache Assets off within it.

5

Okay, this is my weak point, so I got some assistance getting this info. I may be a Linux admin, but web dev stuff is outside of my skill set. I hope the bellow information is helpful.

As for the NPM, I have the Cache Assests set to off as per the instructions I found.

POST to /login

REQ HEADERS: (Cook values hidden)
POST /login HTTP/2
Host: cloud.venohm.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Referer: https://cloud.venohm.duckdns.org/login
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
Origin: https://cloud.venohm.duckdns.org
Sec-GPC: 1
Connection: keep-alive
Cookie: oc4blc84tose=xxxx; oc_sessionPassphrase=xxxxxx; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

RESPONSE HEADERS:
HTTP/2 303 
server: openresty
date: Sat, 28 Jun 2025 19:15:45 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
x-powered-by: PHP/8.3.22
content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'
set-cookie: nc_username=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; secure; HttpOnly
set-cookie: nc_token=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; secure; HttpOnly
set-cookie: nc_session_id=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; secure; HttpOnly
set-cookie: nc_username=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
set-cookie: nc_token=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
set-cookie: nc_session_id=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
x-request-id: edhpkI0Fp7b5BR54Di9V
cache-control: no-cache, no-store, must-revalidate
feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'
location: /login?direct=1&user=venohm
x-nextcloud-bruteforce-throttled: 200ms
x-served-by: cloud.venohm.duckdns.org
X-Firefox-Spdy: h2

the url goes from /login to /login?direct=1&user=USERNAME and the loop continues endlessly, no 404 errors or any 500 errors, just a 303 back to login with the added variables

repeated retries gets the website logo to load up but then redirected back to login again

6

After additional research, I tried adding -e=APACHE_DISABLE_REWRITE_IP=1 to my podman run, but this did not change anything. I am still stuck in the login page loop.

7

Okay,

After investigating and making a few changes to test, I was able to get at least slightly different behavior. Before I could attempt to log in over and over and it just went back to the login pages. Now I get the notification
We have detected multiple invalid login attempts from your IP. Therefore your next login is throttled up to 30 seconds.
Not sure why I’m unable to log in though at the moment. Since I know the password is correct, since I’m using it straight out of my password manager.

8

Okay, for anyone else who may find this through a google search, I finally got the login to work. The issue was the Redis password I used. It contained special characters. Once those I changed the password to letters and numbers only, it worked.