NC and Redis >6 - "Redis Exception. Wrongpass invalid Username-password"

I am trying to install a new Nextcloud Server (27.1.3) and have found several Guides (in english and german), f.e. [1] and [2]. I am facing the Problem of continous error messages in the Nextcloud Log:
“Redis Exception. Wrongpass invalid Username-password” from the Apps “Core” and “WebDav”, resulting f.e. in an inabilty to delete files.

The reason seems to be the new security feature in Redis, starting with version 6, using ACLs for authentication. The “old way” using the “requirepass”-directive to set a password is mentioned as still valid for backwards-compatibility [3].

That is not the case in my setup, as i have the above mentioned errors.

Scenarios i tried:

  1. Using the default settings in the nextcloud-config (‘host’ => ‘/var/run/redis/redis-server.sock’, ‘port’ => 6379, ‘password’ => ‘my_password’,) with the corresponding settings in the redis-config file

  2. using the default settings in the nextcloud-config, but adding the user/password definitions as listed in “/nextcloud/config/config.sample.php” line 1449 and 1450 (‘host’ => ‘/var/run/redis/redis-server.sock’, ‘port’ => 6379, ‘user’ => ‘default’, ‘password’ => ‘my_password’,)

  3. switched zu unix domain sockets as mentioned in several guides and adapted the redis.config as well as the Nextcloud-config accordingly, f.e. (‘host’ => ‘/var/run/redis/redis-server.sock’, ‘port’ => 0, ‘user’ => ‘default’, ‘password’ => ‘my_password’,)

  4. additionally tried creating a user in redis via “redis-cli” with the Name “default” and “my_password” and checked the credentials by logging into redis-cli with the username/password. It worked in redis-cli bit still produces errors within Nextcloud

Does anyone has a similar Problem with a new installation and suggestions what to try next?

[1] “Example installation on Ubuntu 22.04.03 LTS with Apache2, APCu, redis and mariadb behind a NGINX proxy, no Docker, no Snap”

[2] “Nextcloud auf Ubuntu Server 22.04 LTS mit nginx, PostgreSQL/MariaDB, PHP, Let’s Encrypt, Redis und Fail2ban”

[3] “ACL Redis Access Control List”

I use Redis server v=7.2.3 and have no problems at all!

Why do you use password authentication? Is your redis-server not on the same box as your nextcloud, on a different server with its port 6379 exposed to the internet?

If your redis-server runs on the same box as your nextcloud, you should use unixsocket with port 0
If port 0 is specified, redis will not listen on a TCP socket, so it will not be exposed to any network. In that case you only have to add your webserver user to the redis group and your nextcloud can connect without any password authentication at all.

This is a configuration that works for all of my servers:

/etc/redis/redis.conf

bind 127.0.0.1 ::1
protected-mode no
port 0
unixsocket /run/redis/redis-server.sock
unixsocketperm 770
timeout 0
daemonize yes
pidfile /run/redis/redis-server.pid

config/config.php

 'memcache.local' => '\\OC\\Memcache\\Redis',
 'memcache.distributed' => '\\OC\\Memcache\\Redis',
 'filelocking.enabled' => true,
 'memcache.locking' => '\\OC\\Memcache\\Redis',
 'redis' => 
 array (
   'host' => '/run/redis/redis-server.sock',
   'port' => 0,
   'timeout' => 0,
 ),

I hope this helps!

Much luck,
ernolf

Hello ernolf,

thank you for your suggestions, unfortunatly they didn’t help.

Some things to note:

  1. the path to redis-server.sock and .pid is “/var/run/redis/”,
    which is a symlink to “/run/redis/”. Maybe because of my distribution (Ubuntu 22.04 LTS)

  2. The line " ‘memcache.distributed’ => ‘\OC\Memcache\Redis’," creates a Server error and produces the log-entry “ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?”
    So i had to omit that.

Other than these two issues i replicated your settings but still have the issue of not been able to delete files. Trying that produces the same error as in ä2 “ERR AUTH called without any password configured for the default user. Are you sure your configuration is correct?”, but doesn’t create a Server error.

Edit: i failed to mention that i upgraded to Redis 7.2.3 beforehand


  • Did you add your webserver-user (propably www-data) to the group redis?

check if www-data is member of redis group:

grep "^redis" /etc/group

add www-data to group:

sudo usermod -aG redis www-data 

  • Did you remove all password releted settings from your /etc/redis/redis.conf?

You can post your confiig here.

grep config from redis.conf:

sudo grep -Ev "(^\s*#|^\s*$)" /etc/redis/redis.conf

(Before you paste (Ctrl-v) that output here, press Ctrl-e please, to get it in a fenced code block for better readability)


Yes, /var/run is a symlink to /run for backwards compatibility. But I did not mention the /var part in my suggestion.


Much luck,
ernolf

1 Like

Hello ernolf,

www-data was a member of the redis group and there was no password setting in the redis.conf.

Unfortuntly that didn’t solve the problem.

I have reinstalled the system and installed NC according to the guides i posted - this time it went through without a problem. I must have made an error durign my first install.

Thank you for your help, ernolf.

1 Like