Nextcloud - Can't Login Redirect Loop to Login Page - Log Entry for /login Says Logout Occurred

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • Nextcloud Hub 10 (31.0.4)
• Operating system and version (e.g., Ubuntu 24.04):
  • Ubuntu 24.04
• Web server and version (e.g, Apache 2.4.25):
  • docker image
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • nginx:latest
• PHP version (e.g, 8.3):
  • docker image
• Is this the first time you’ve seen this error? (Yes / No):
  • yes
• When did this problem seem to first start?
  • this morning was when I first noticed. I don’t normally login via the web interface. Could have been happening for a while (up to 2 weeks)
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • docker, image: image: nextcloud
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • This happens on LAN and off LAN (cloudflared)

Client: Docker Engine - Community
 Version:           28.1.1
 API version:       1.49
 Go version:        go1.23.8
 Git commit:        4eba377
 Built:             Fri Apr 18 09:52:14 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          28.1.1
  API version:      1.49 (minimum version 1.24)
  Go version:       go1.23.8
  Git commit:       01f442b
  Built:            Fri Apr 18 09:52:14 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.27
  GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
 runc:
  Version:          1.2.5
  GitCommit:        v1.2.5-0-g59923ef
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Summary of the issue you are facing:

Cannot login to nextcloud.
Last I know it was workling was a few weeks back. I still have 1 browser session that is logged in.
This is occurring on multiple browsers on multiple PCs. Incogneito and non-incogneito.
After entering password, get a redirect to https://nextcloud.-domain.tld-/login?direct=1&user=-user-
This happens with a good password, or a bad password. With users that have OTP set, they don’t get the OTP prompt, just the same redirect
When viewing logs, there are no logs created on good/bad login GUI interface
In audit.log
{"reqId":"OTx2BYy6wHo2ZhKhclr4","level":1,"time":"2025-04-27T05:56:10+00:00","remoteAddr":"-IP-","user":false,"app":"admin_audit","method":"POST","url":"/login","message":"Logout occurred","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36","version":"31.0.4.1","data":{"app":"admin_audit"}}

Created a new admin user, same issue

Overview section of NC:
There are some warnings regarding your setup.

• 40 errors in the logs since April 20, 2025, 1:48:55 AM

• This seems to be due to loggin in debug mode

Security section of NC:
Your remote address was identified as “-IP-” and is not actively throttled at the moment.

docker exec -ti -u www-data nextcloudapp php occ integrity:check-core
clean
docker exec -ti -u www-data nextcloudapp php occ maintenance:repair
seems fine
docker exec -ti -u www-data nextcloudapp php occ update:check
up to date

docker exec -ti -u www-data nextcloudapp php occ maintenance:repair --include-expensive
This was needed to clear some errors
same with:
docker exec -ti -u www-data nextcloudapp php occ db:add-missing-indices

Steps to replicate it (hint: details matter!):

1. Start docker (same process as I’ve been using for the last 4 years. docker compose to start nextcloud, redis, DB, nginx
2. Try to login immediately, or anytime after 30s post container start

Log entries

Nothing relevant in GUI log viewer, even on debug mode

|Debug|no app in context|Exceptiondirty table reads: SELECT * FROM `*PREFIX*user_status` WHERE `user_id` = :dcValue1|Apr 27, 2025, 1:55:40 AM||
| --- | --- | --- | --- | --- |
|Debug|dav|User Raider is currently NOT available, but we are NOT overwriting status [status: online, messageId: null]|Apr 27, 2025, 1:55:40 AM||
|Debug|dav|Found 2 applicable event(s), changing user status|Apr 27, 2025, 1:55:40 AM||
|Debug|no app in context|Exceptiondirty table reads: SELECT * FROM `*PREFIX*user_status` WHERE `user_id` = :dcValue1|Apr 27, 2025, 1:55:40 AM||
|Debug|dav|User Raider is currently NOT available, but we are NOT overwriting status [status: online, messageId: null]|Apr 27, 2025, 1:55:40 AM||
|Debug|dav|Found 2 applicable event(s), changing user status|Apr 27, 2025, 1:55:40 AM||
|Debug|core|RuntimeExceptionThe loading of lazy AppConfig values have been triggered by app "core"|Apr 27, 2025, 1:55:40 AM||
|Debug|no app in context|Exceptiondirty table reads: SELECT * FROM `*PREFIX*user_status` WHERE `user_id` = :dcValue1|Apr 27, 2025, 1:55:38 AM||
|Debug|dav|User Raider is currently NOT available, but we are NOT overwriting status [status: online, messageId: null]|Apr 27, 2025, 1:55:38 AM||
|Debug|dav|Found 2 applicable event(s), changing user status|Apr 27, 2025, 1:55:38 AM||
|Debug|no app in context|Exceptiondirty table reads: SELECT * FROM `*PREFIX*user_status` WHERE `user_id` = :dcValue1|Apr 27, 2025, 1:55:34 AM||
|Debug|dav|User Raider is currently NOT available, but we are NOT overwriting status [status: online, messageId: null]|Apr 27, 2025, 1:55:34 AM||
|Debug|dav|Found 2 applicable event(s), changing user status|

audit.log:
{"reqId":"OTx2BYy6wHo2ZhKhclr4","level":1,"time":"2025-04-27T05:56:10+00:00","remoteAddr":"-IP-","user":false,"app":"admin_audit","method":"POST","url":"/login","message":"Logout occurred","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36","version":"31.0.4.1","data":{"app":"admin_audit"}}

Nextcloud

The entry in audit.log get logged on every login attempt. Not sure why a login would trigger a ‘Logout occurred’ event.

Web Browser

Nothing in web dev console
Traffic flow is:
POST: https://nextcloud.-domain-/login
HTTP 303
Get location header:
/login?direct=1&user=-user-
GET https://nextcloud.-domain-/login?direct=1&user=-user-
HTTP 200

and a bunch of images/css/etc.

Web server / Reverse Proxy

same as above the https status calls

Configuration

Nextcloud

config:list system
{
    "system": {
        "htaccess.RewriteBase": "\/",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.-domain-",
            "nextcloud.-domain2-"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.4.1",
        "overwriteprotocol": "https",
        "overwrite.cli.url": "https:\/\/nextcloud.-domain-",
        "installed": true,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "socialsharing_twitter",
            "tasks",
            "bruteforcesettings",
            "onlyoffice",
            "spreed",
            "cookbook",
            "money",
            "otpmanager",
            "gestion"
        ],
        "onlyoffice": {
            "verify_peer_off": true,
            "jwt_header": "-scrubbed-"
        },
        "maintenance": false,
        "maintenance_window_start": 5,
        "allow_local_remote_servers": true,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_sendmailmode": "smtp",
        "mail_smtpsecure": "tls",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mysql.utf8mb4": true,
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "loglevel": 1,
        "theme": "",
        "default_phone_region": "CA",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "memories.exiftool": "\/var\/www\/html\/custom_apps\/memories\/bin-ext\/exiftool-amd64-glibc",
        "memories.vod.path": "\/var\/www\/html\/custom_apps\/memories\/bin-ext\/go-vod-amd64",
        "enabledPreviewProviders": [
            "OC\\Preview\\Image"
        ]
    }
}

Apps

app:list

Enabled:
  - admin_audit: 1.21.0
  - app_api: 5.0.2
  - bruteforcesettings: 4.0.0
  - calendar: 5.2.2
  - cloud_federation_api: 1.14.0
  - contacts: 7.0.6
  - cookbook: 0.11.3
  - cospend: 3.0.11
  - dashboard: 7.11.0
  - dav: 1.33.0
  - federatedfilesharing: 1.21.0
  - files: 2.3.1
  - files_downloadlimit: 4.0.0
  - files_pdfviewer: 4.0.0
  - files_reminders: 1.4.0
  - files_sharing: 1.23.1
  - files_trashbin: 1.21.0
  - files_versions: 1.24.0
  - logreader: 4.0.0
  - lookup_server_connector: 1.19.0
  - notifications: 4.0.0
  - oauth2: 1.19.1
  - password_policy: 3.0.0
  - privacy: 3.0.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - richdocuments: 8.6.4
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - text: 5.0.0
  - theming: 2.6.1
  - twofactor_backupcodes: 1.20.0
  - twofactor_totp: 13.0.0-dev.0
  - updatenotification: 1.21.0
  - user_status: 1.11.0
  - viewer: 4.0.0
  - webhook_listeners: 1.2.0
  - workflowengine: 2.13.0
Disabled:
  - activity: 4.0.0 (installed 2.15.0)
  - circles: 31.0.0 (installed 22.1.0)
  - comments: 1.21.0 (installed 1.11.0)
  - contactsinteraction: 1.12.0 (installed 1.2.0)
  - encryption: 2.19.0
  - federation: 1.21.0 (installed 1.11.0)
  - files_external: 1.23.0
  - firstrunwizard: 4.0.0 (installed 2.11.0)
  - nextcloud_announcements: 3.0.0 (installed 2.0.0)
  - photos: 4.0.0-dev.1 (installed 3.0.2)
  - recommendations: 4.0.0 (installed 1.1.0)
  - related_resources: 2.0.0 (installed 1.5.0)
  - sharebymail: 1.21.0 (installed 1.11.0)
  - support: 3.0.0 (installed 1.5.0)
  - survey_client: 3.0.0 (installed 1.10.0)
  - suspicious_login: 9.0.1
  - systemtags: 1.21.1 (installed 1.11.0)
  - tasks: 0.16.1 (installed 0.16.1)
  - twofactor_nextcloud_notification: 5.0.0
  - user_ldap: 1.22.0
  - weather_status: 1.11.0 (installed 1.4.0)

Thank you for any information/assistance you could provide. I’m stumped by this one, especially the login generating a logout event
Thanks
R

The web interface on the still logged-in browser session works 100% fine. No issues browsing files, using apps, etc.

All of the Nextcloud app clients that sync against nextcloud (Linux/Windows) with their existing creds work fine.

Date/time/timezone are synced with client PCs

Misread the log entry.
When logging in, this is logged:
method: POST
url: /login
message: Logout occurred

I don’t know why a call to the /login endpoint would be logging a message about logging out
-R

Updated to Nextcloud Hub 10 (31.0.4)
Same issue so far.
Happens with Normal account password and device password.

What version of Nextcloud Server did you upgrade from?

Are you doing any customization of the Apache config in the Nextcloud image?

What about your Nginx reverse proxy config?

The two checks I see that could fail here would be.the Origin and CSRF checks. Past that point authentication gets triggered, which would generate a server-side log entry (at the warning level) along the lines of Logon failed xxx.

So this sounds like the failure is occurring prior to actually authenticating.

Perhaps for completeness you can also share your Compose file.

Are you certain your local testing is bypassing Cloudflared? CF WAF (and optimizations like Rocket mode) can impact the login process.

What version of Nextcloud Server did you upgrade from?

• iirc, I started with Nextcloud with Nextcloud 24ish, and over time have upgraded minor release to minor release, and doing major version upgrades when x.0.1 was released

Are you doing any customization of the Apache config in the Nextcloud image?

• Not to my knowledge

What about your Nginx reverse proxy config?

• My nginx reverse proxy is fairly straight forward:

server {
        #listen  443 ssl http2;
        listen 443 ssl;
        http2 on;
        #listen  443 ssl;
        server_name     nextcloud.-domain-;
        ssl_certificate         /etc/nginx/ssl/wildcard.-domain-/etc/letsencrypt/live/-domain-/fullchain.pem;
        ssl_certificate_key     /etc/nginx/ssl/wildcard.-domain-/etc/letsencrypt/live/-domain-/privkey.pem;
        
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

        location /login {
                proxy_set_header Upgrade           $http_upgrade;
                proxy_set_header Connection        "Upgrade";
                #proxy_http_version 1.1;
                proxy_set_header X-Real-IP         $remote_addr;
                proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Forwarded-Host  $http_host;
                proxy_set_header Host              $http_host;
                proxy_set_header Origin            '';                      # edited+added 25.01.2021 due to #453 may help here
                proxy_max_temp_file_size           0;
                proxy_pass                         http://nextcloudapp:80;
                proxy_redirect                     http:// https://;
                proxy_buffering off;
                proxy_request_buffering off;
        }
        location /index.php/apps/cookbook/api/recipe/ {
                rewrite /index.php/apps/cookbook/api/recipe/(.*) /index.php/apps/cookbook/api/#/recipe/$1  break;
                client_max_body_size 2g;
                proxy_set_header Upgrade           $http_upgrade;
                proxy_set_header Connection        "Upgrade";
                #proxy_http_version 1.1;
                proxy_set_header X-Real-IP         $remote_addr;
                proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Forwarded-Host  $http_host;
                proxy_set_header Host              $http_host;
                proxy_set_header Origin            '';                      # edited+added 25.01.2021 due to #453 may help here
                proxy_max_temp_file_size           0;
                proxy_pass                         http://nextcloudapp:80;
                proxy_redirect                     http:// https://;
                proxy_read_timeout                 300s;
                proxy_buffering off;
                proxy_request_buffering off;
        }
        location / {
                client_max_body_size 4g;
                proxy_set_header Upgrade           $http_upgrade;
                proxy_set_header Connection        "Upgrade";
                #proxy_http_version 1.1;
                proxy_set_header X-Real-IP         $remote_addr;
                proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Forwarded-Host  $http_host;
                proxy_set_header Host              $http_host;
                proxy_set_header Origin            '';                      # edited+added 25.01.2021 due to #453 may help here
                proxy_max_temp_file_size           0;
                proxy_pass                         http://nextcloudapp:80;
                proxy_redirect                     http:// https://;
                proxy_read_timeout                 300s;
                proxy_buffering off;
                proxy_request_buffering off;
        }
}

The two checks I see that could fail here would be.the Origin and CSRF checks. Past that point authentication gets triggered, which would generate a server-side log entry (at the warning level) along the lines of Logon failed xxx.

So this sounds like the failure is occurring prior to actually authenticating.

Perhaps for completeness you can also share your Compose file.

  nextclouddb:
    #image: mariadb
# did testing with pinning to 11.4, no difference
    image: mariadb
    container_name: nextclouddb
    depends_on:
      - adguard
    restart: always
    volumes:
      - /configsssd/nextcloud/db:/var/lib/mysql
      - /data/nextcloud/50-serveradditional.cnf:/etc/mysql/mariadb.conf.d/50-serveradditional.cnf
      - /data/nextcloud/disable_binary_log.cnf:/etc/mysql/mariadb.conf.d/disable_binary_log.cnf
      - /data/backup/nextcloud/db:/backupfolder
  nextcloudredis:
    image: redis:latest
    container_name: nextcloudredis
    depends_on:
      - adguard
    restart: always
    volumes:
      - /configsssd/nextcloud/redis:/var/lib/redis
  nextcloudapp:
    image: nextcloud
    container_name: nextcloudapp
    depends_on:
      - nextclouddb
      - nextcloudredis
      - adguard
    volumes:
      - /data/nextcloud/app:/var/www/html
        #    environment:
        #      - REDIS_HOST=nextcloudredis
    restart: always

Are you certain your local testing is bypassing Cloudflared? CF WAF (and optimizations like Rocket mode) can impact the login process.

• My local testing is bypassing Cloudflare, my internal DNS does direct to the nginx instance IP

Nothing shows in the dev toolkit console when doing a login, other than:

• session heartbeat polling started

Going off what you said, set the Origin header to $http_origin
Not sure why this setup worked for year before all of a sudden being an issue.
Problem solved.
Thank you!