Hi.
I’ve set up a Nextcloud instance with Docker, official image + jwilder/nginx-proxy + jrcs/docker-letsencrypt-nginx-proxy-companion.
I have an issue i can’t resolve for the moment.
The access_log is increasing a lot due to multiples incoming TCP connections.
It can get 1G per hour ! And i’ve got a full disk in a few days.
At the beggining, it was the volume docker impacted. I’ve managed to resolve it with my docker-compose in proxy service :
logging:
options:
max-size: 100m
Indeed, i’ve tried everything to limit the size of access_log, without success.
I have set a my_proxy.conf in /etc/nginx/conf.d (mounted on the host, unbuntyu server 18.04).
I’ve set inside :
client_max_body_size 10G;
client_body_buffer_size 16k;
client_header_buffer_size 1k;
access_log off;
worker_processes 4;
worker_connections 50;
client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;
keepalive_requests 10;
keepalive_timeout 15s;
Results :
access_log is still here even with access_log off;
And i didn’t find the solution to block incoming IP with the other parameters.
The problem is that it’s completely eating my upload bandwith and Nectloud is slow, very slow. I can see TCP traffic with tcptrack on the host.
Before Docker, i just had an apache reverse proxy on one VM and Nextcloud behind on another VM and i had not that issue. My instance was on the same domain.
I want to keep Docker and docker-compose solution.
Two questions :
- How can I limit access_log file ? It will resolve disk space
- How can I regul traffic to block multiple incoming IP per seconds ? It will resolve performance and bandwith issue.
The best would be to add conf in my_proxy.conf, not to have to modify files within container (not modify the image itself or manage it automatically with docker-compose at least).
Here is my docker-compose file :
version: ‘3’
services:
proxy:
image: jwilder/nginx-proxy:alpine
labels:
- “com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true”
container_name: nextcloud-proxy
networks:
- nextcloud_network
ports:
- 80:80
- 443:443
volumes:
- /mnt/nginx/conf.d:/etc/nginx/conf.d:rw
- /mnt/nginx/log:/var/log/nginx:rw
- /mnt/nginx/vhost.d:/etc/nginx/vhost.d:rw
- /mnt/nginx/html:/usr/share/nginx/html:rw
- /mnt/nginx/certs:/etc/nginx/certs:ro
- /etc/localtime:/etc/localtime:ro
- /docker/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
logging:
options:
max-size: 100m
restart: unless-stopped
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nextcloud-letsencrypt
depends_on:
- proxy
networks:
- nextcloud_network
volumes:
- /mnt/nginx/certs:/etc/nginx/certs:rw
- /mnt/nginx/vhost.d:/etc/nginx/vhost.d:rw
- /mnt/nginx/html:/usr/share/nginx/html:rw
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
db:
image: mariadb
container_name: nextcloud-mariadb
networks:
- nextcloud_network
volumes:
- /mnt/nextcloud_db:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=XXXXXXXXX
- MYSQL_PASSWORD=XXXXXXXX
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
restart: unless-stopped
redis:
image: redis:alpine
container_name: redis
networks:
- nextcloud_network
app:
image: nextcloud
container_name: nextcloud-app
networks:
- nextcloud_network
links:
- db
expose:
- “80”
depends_on:
- letsencrypt
- proxy
- db
- redis
volumes:
- /mnt/nextcloud_app/app:/var/www/html
- /mnt/nextcloud_app/config:/var/www/html/config
- /mnt/nextcloud_app/custom_apps:/var/www/html/custom_apps
- /mnt/nextcloud_data_users:/var/www/html/data
- /mnt/nextcloud_app/themes:/var/www/html/themes
- /mnt/Fichiers:/mnt/Fichiers
- /mnt/Musique:/mnt/Musique
- /mnt/Films:/mnt/Films
- /mnt/Freebox:/mnt/Freebox
- /etc/localtime:/etc/localtime:ro
environment:
- NEXTCLOUD_DATA_DIR=/var/www/html/data
- NEXTCLOUD_ADMIN_USER=XXXXXXX
- NEXTCLOUD_ADMIN_PASSWORD=XXXXXXXX
- MYSQL_ROOT_PASSWORD=XXXXXXXXX
- MYSQL_PASSWORD=XXXXXXXX
- MYSQL_DATABASE=nextcloud
- MYSQL_HOST=db
- MYSQL_USER=XXXXXXXXX
- NEXTCLOUD_TABLE_PREFIX=oc_
- NEXTCLOUD_TRUSTED_DOMAINS=XXXXXX.XXXXXX.XX
- REDIS_HOST=redis
- VIRTUAL_HOST=XXXXXX.XXXXXXX.XX
- LETSENCRYPT_HOST=XXXXXXX.XXXXXXX.XX
- LETSENCRYPT_EMAIL=
- SMTP_HOST=smtp.gmail.com
- SMTP_SECURE=tls
- SMTP_PORT=587
- SMTP_AUTHTYPE=LOGIN
- SMTP_NAME=
- SMTP_PASSWORD=
- MAIL_FROM_ADDRESS=
- MAIL_DOMAIN=gmail.com
restart: unless-stopped
cron:
image: nextcloud
restart: unless-stopped
volumes:
- nextcloud:/var/www/html
entrypoint: /cron.sh
depends_on:
- db
- redis
collabora:
image: collabora/code
expose:
- 9980
environment:
- domain=XXXXXX\.XXXXXX\.XX
- VIRTUAL_HOST=XXXX.XXXXX.XX
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=9980
- VIRTUAL_PROTO=https
- LETSENCRYPT_HOST=XXXXX.XXXXXX.XX
- LETSENCRYPT_EMAIL=
cap_add:
- MKNOD
networks:
- nextcloud_network
volumes:
nginx-proxy:
letsencrypt:
db:
nextcloud:
networks:
nextcloud_network:
external:
name: nginx-proxy
Thanks for you’re help, i’m a little deseperate because erything works fine (collabora, external storage, etc…) and very fast…at the beginning. After, 2 or 5 minutes, after docker-compose up -d, all those incomings IP eat my bandwith and make access_log file very big.