Nextcloud 17.0.1.1 with PHP-FPM on shared session with Redis5 cluster

example

longer
example
here

Nextcloud version 17.0.1.1:
Operating system and version CentOS Linux release 7.7.1908 (Core):
Apache or nginx version nginx-1.16.1-1.el7.ngx.x86_64:
PHP version php72-2.0-1.el7.remi.x86_64:

The issue you are facing:
PHP-FPM Session handler is via redis5 cluster.
Nodes are behind AWS ALB. Log in works fine and once logged in everything works okay.
But when you log out you get an internal server error from Nextcloud:

Packages:
NGINX:
nginx-mod-http-perl-1.16.1-1.el7.x86_64
nginx-mod-stream-1.16.1-1.el7.x86_64
nginx-mod-mail-1.16.1-1.el7.x86_64
nginx-mod-http-image-filter-1.16.1-1.el7.x86_64
nginx-mod-http-geoip-1.12.2-2.el7.x86_64
nginx-1.16.1-1.el7.ngx.x86_64
nginx-mod-http-xslt-filter-1.16.1-1.el7.x86_64
nginx-all-modules-1.16.1-1.el7.noarch

PHP:
php72-php-json-7.2.24-1.el7.remi.x86_64
php-process-7.2.24-1.el7.remi.x86_64
php72-php-pecl-mysql-1.0.0-0.17.20160812git230a828.el7.remi.x86_64
php-fpm-7.2.24-1.el7.remi.x86_64
php72-php-mbstring-7.2.24-1.el7.remi.x86_64
php72-php-mysqlnd-7.2.24-1.el7.remi.x86_64
php72-php-opcache-7.2.24-1.el7.remi.x86_64
php-common-7.2.24-1.el7.remi.x86_64
php72-php-process-7.2.24-1.el7.remi.x86_64
php72-php-pecl-igbinary-3.0.1-1.el7.remi.x86_64
php-kolab-net-ldap3-1.1.3-1.el7.remi.noarch
php72-php-ldap-7.2.24-1.el7.remi.x86_64
php72-runtime-2.0-1.el7.remi.x86_64
php-fedora-autoloader-1.0.0-1.el7.remi.noarch
php-pear-Net-LDAP2-2.2.0-1.el7.remi.noarch
php-json-7.2.24-1.el7.remi.x86_64
php-xml-7.2.24-1.el7.remi.x86_64
php72-php-cli-7.2.24-1.el7.remi.x86_64
php72-php-fpm-7.2.24-1.el7.remi.x86_64
php-pear-1.10.9-4.el7.remi.noarch
php-pecl-apcu-5.1.18-1.el7.remi.7.2.x86_64
php72-php-pecl-memcached-3.1.4-1.el7.remi.x86_64
php72-php-pecl-redis5-5.1.1-1.el7.remi.x86_64
php72-php-pecl-msgpack-2.0.3-1.el7.remi.x86_64
php72-php-common-7.2.24-1.el7.remi.x86_64
php-ldap-7.2.24-1.el7.remi.x86_64
php72-php-xml-7.2.24-1.el7.remi.x86_64
php72-2.0-1.el7.remi.x86_64
php72-php-pear-1.10.9-4.el7.remi.noarch
php-opcache-7.2.24-1.el7.remi.x86_64
php72-php-gd-7.2.24-1.el7.remi.x86_64
php72-php-intl-7.2.24-1.el7.remi.x86_64
php-pdo-7.2.24-1.el7.remi.x86_64
php72-php-pdo-7.2.24-1.el7.remi.x86_64
php72-php-pecl-imagick-3.4.4-1.el7.remi.x86_64
php-mysqlnd-7.2.24-1.el7.remi.x86_64
php72-php-imap-7.2.24-1.el7.remi.x86_64
php-cli-7.2.24-1.el7.remi.x86_64
php72-php-pecl-zip-1.15.5-1.el7.remi.x86_64

Is this the first time you’ve seen this error? Y:
Yes since shared session cache is configured in php-fpm

Steps to replicate it:

1. Log in.
2. log out
3. Log in for the same user will be denied at the next attempt until redis cache is flushed

The output of your Nextcloud log in Admin > Logging:

{"reqId":"GafSnMzl2X6wde4z7oZU","level":3,"time":"2020-01-05T16:22:48+01:00","remoteAddr":"10.2.2.12","user":"--","app":"index","method":"POST","url":"\/login","message":{"Exception":"ErrorException","Message":"Failed to create(read) session ID: redis (path: tcp:\/\/10.1.1.1:6379)","Code":0,"Trace":[{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Session\/Internal.php","line":137,"function":"trapError","class":"OC\\Session\\Internal","type":"->","args":[0,"Failed to create(read) session ID: redis (path: tcp:\/\/10.1.1.1:6379)"]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Session\/CryptoSessionData.php","line":157,"function":"regenerateId","class":"OC\\Session\\Internal","type":"->","args":[true,false]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/User\/Session.php","line":362,"function":"regenerateId","class":"OC\\Session\\CryptoSessionData","type":"->","args":[]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/CompleteLoginCommand.php","line":43,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/ALoginCommand.php","line":39,"function":"process","class":"OC\\Authentication\\Login\\CompleteLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/LoggedInCheckCommand.php","line":50,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/ALoginCommand.php","line":39,"function":"process","class":"OC\\Authentication\\Login\\LoggedInCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/EmailLoginCommand.php","line":58,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/ALoginCommand.php","line":39,"function":"process","class":"OC\\Authentication\\Login\\EmailLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/UidLoginCommand.php","line":54,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/ALoginCommand.php","line":39,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/ALoginCommand.php","line":39,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/PreLoginHookCommand.php","line":52,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Authentication\/Login\/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/core\/Controller\/LoginController.php","line":298,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":170,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/AppFramework\/App.php","line":126,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"core.login.tryLogin"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"core.login.tryLogin"}]},{"file":"\/var\/www\/cl_nextcloud\/lib\/base.php","line":1000,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/login"]},{"file":"\/var\/www\/cl_nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/var\/www\/cl_nextcloud\/lib\/private\/Session\/Internal.php","Line":183,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (X11; Fedora; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36","version":"17.0.1.1"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

php_value[session.save_handler] = redis
php_value[session.save_path]    = "tcp://10.1.1.1:6379"
php_value[session.lazy_write]    = 0
php_value[redis.session.lock_expire] = 0
php_value[redis.session.lock_retries] = 10
php_value[redis.session.lock_wait_time] = 2000
php_value[redis.session.locking_enabled] = 0

Relevant secion from nextcloud’s config:

  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis.cluster' =>
  array (
    'seeds' =>
    array (
      0 => '10.1.1.1:6379',
      1 => '10.1.1.2:6379',
      2 => '10.1.1.3:6379',
    ),
    'timeout' => 0.0,
    'read_timeout' => 0.0,
    'failover_mode' => 1,
    'password' => '',
  ),

The output of your Apache/nginx/system log in /var/log/____:

There is no error in the logs…

Can you please help what i’m doing wrong?

Thank you!

Can you show this section a bit more ?

Also I wanted to know did you tried redis sentinel setup?