Nextcloud docker 502 error at first login attemt

Mechanikum · April 7, 2023, 2:31pm

At first attempt to open my nextcloud after booting client machine it gives out HTTP 502 error, then, after first refresh, I can see a login screen, but page needs to be refreshed once more to be able to login. Same behavior observed while attempting to connect to webDAV via file explorer, few connection errors, one or two login errors and then it connects

docker-compose.yaml

version: '2'

volumes:
  nextcloud:
  db:

services:
  db:
    image: mariadb:10.6
    restart: always
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=PASSWORD
      - MYSQL_PASSWORD=PASSWORD
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  app:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - nextcloud:/var/www/html
      - type: bind
        source: /mnt/data/nextcloud/data
        target: /var/www/html/data
      - type: bind
        source: /mnt/data/nextcloud/data_nextcloud
        target: '/var/www/html/data_nextcloud'
      - type: bind
        source: /home/user/stable-diffusion-webui/models
        target: /mnt/stable-diffusion-models
    environment:
      - MYSQL_PASSWORD=PASSWORD
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db

nginx config for nextcloud subdomain

server {
    server_name nextcloud.exampledomain.org;

    access_log /var/log/nginx/nextcloud.access.log;
    error_log /var/log/nginx/nextcloud.error.log;

    client_max_body_size 0;
    underscores_in_headers on;
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;

    location / {
        proxy_pass "http://localhost:8080/";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_headers_hash_max_size 512;
        proxy_headers_hash_bucket_size 64;
        proxy_buffers 16 4k;
        proxy_buffer_size 2k;

        proxy_connect_timeout 3600;
        proxy_send_timeout 3600;
        proxy_read_timeout 3600;
        send_timeout 3600;
   }
    location /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
   }

    location /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
   }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/exampledomain.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/exampledomain.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_stapling on;
    ssl_stapling_verify on;
}

conifg.php inside docker

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => 'oc6l5gma90hk',
  'passwordsalt' => 'SALT',
  'secret' => 'SECRET',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'nextcloud.example.com',
  ),
  'trusted_proxies' =>
  array (
    0 => 'localhost',
  ),
  'overwritehost' => 'nextcloud.example.com',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '',
  'overwritecondaddr' => '',
  'overwrite.cli.url' => 'https://nextcloud.example.com',
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '26.0.0.11',
  'dbname' => 'nextcloud',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'PASSWORD',
  'installed' => true,
  'maintenance' => false,
);

nextcloud logs are clear about this problem, nginx logs: nextcloud.access.log; and nextcloud.error.log does not contain anything suspicious too, it feels like a problem tied to nginx and docker interaction. (I have few more web applications on this host and they do not show such behavior)

wwe · April 7, 2023, 5:08pm

hi @Mechanikum welcome to the forum

good first post!

you architechture is like this

depending on the DNS config (split brain?) you client access the nginx reverse proxy directly using internal IP or via external IP through your router. You have to follow the path starting from one side e.g. client - check where it connects to, review the logs of the next hop (if there is nothing to see increase log level). If you see this system works well go one step further until you find the system where you see both incoming request and 502 error… once you find the guilty system analyze why this happens. If don’t see the initial request with 502 result the problem occurs on step earlier…

Mechanikum · April 7, 2023, 5:35pm

The problem is: behavior is inconsistent and appears only on windows clients. My linux system is able to access nextcloud host without any refreshes of the page.

nginx access log for loading page which is 502 looks like this and its absolutely normal
(IPADDRESS) - - [07/Apr/2023:17:28:20 +0000] “GET / HTTP/1.1” 502 166 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0”

Then request is passed to docker, and is present in its logs
2023-04-07T17:28:20.435341393Z (IPADDRESS) - - [07/Apr/2023:17:28:19 +0000] “GET / HTTP/1.0” 302 2062 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0”

As far as I can see the issue is on the nginx side (after all he is the one who returns 502), but honestly I have no ideas what can be a solution

wwe · April 7, 2023, 5:40pm

302 is a redirect, likely to the login page… maybe Nginx doesn’t like it for some reason… but the problem is related to Nginx it makes no sense the problem occurs on Windows and not on Linux… but the general advice remains - you need to increase Nginx log verbosity to further troubleshoot the issue there…

Mechanikum · April 7, 2023, 5:59pm

Tested it one few more systems. Issue is only valid for windows hosts, disappears after first attempt to load page and shows up only after rebooting. So it might be related to nextcloud (or docker) itself after all. Also logs for:
Attempt finished in 502:

2023-04-07T17:28:20.435341393Z (IPADDRESS) - - [07/Apr/2023:17:28:19 +0000] "GET / HTTP/1.0" 302 2062 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0"

Successful attempt:

2023-04-07T17:33:51.762398842Z (IPADDRESS) - - [07/Apr/2023:17:33:51 +0000] "GET / HTTP/1.0" 302 1720 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0"
2023-04-07T17:33:51.868693747Z (IPADDRESS) - - [07/Apr/2023:17:33:51 +0000] "GET /login HTTP/1.0" 200 7969 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0"

wwe · April 7, 2023, 8:34pm

I’m running NC 25 and 26 with docker/Apache behind traefik reverse proxy without issues with Windows/Linux/Android/iOS. The problem not related to NC itself… it is related to your personal config… Please follow the advice you received.

I think you better take closer look on your client… what is the difference before/after reboot?