Nextcloud EC2 + ELB = Login Loop

tuxfoo · November 9, 2021, 11:05pm

Hello,

I am learning terraform and thought a scalable Nextcloud deployment would be a good way to start.

I am making use of AWS:

ELB and Autoscaling
EFS (to sync /var/www/nextcloud/ on all instances)
Nextcloud instances are hosted on EC2 with Apache(might use kerbenetes later)
RDS
S3 bucket to host files
aws_route53_record CNAME for the load balancer

I am using cloud-init to setup nextcloud on the main instance.

- content: |
    <?php
      $AUTOCONFIG = array(
      "dbtype"        => "mysql",
      "dbname"        => "${db_name}",
      "dbuser"        => "${db_user}",
      "dbpass"        => "${db_pass}",
      "dbhost"        => "${db_endpoint}",
      "dbtableprefix" => "",
      "adminlogin"    => "${admin_user}",
      "adminpass"     => "${admin_pass}",
      "directory"     => "${data_dir}",
      "trusted_domains" =>
        array (
        0 => "${domain_name}",
        ),
    );
  path: /home/ubuntu/autoconfig.php
  append: false
- content: |
    <?php
      $CONFIG = array (
        "objectstore" => array( 
          "class" => "OC\\Files\\ObjectStore\\S3",
          "arguments" => array(
            "bucket" => "${s3_bucket_name}",
            "autocreate" => true,
            "use_ssl" => true,
            "region" => "ap-southeast-1"
          ),
        ),
      );
  path: /home/ubuntu/storage.config.php
  append: false
- content: |
    <VirtualHost *:80>
      ServerName ${domain_name}
      DocumentRoot /var/www/nextcloud
      <Directory /var/www/nextcloud/>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
        allow from all
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
        Require all granted
        AddType application/x-httpd-php .php
        <IfModule mod_dav.c>
          Dav off
        </IfModule>
        <IfModule mod_headers.c>
          Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
        </IfModule>
        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
      </Directory>
      ErrorLog  /var/log/apache2/nextcloud_error.log
      CustomLog /var/log/apache2/nextcloud_access.log combined
    </VirtualHost>
  path: /etc/apache2/sites-available/nextcloud.conf
  append: false

The issue I am having is that the setup process completes but when I try to login I get redirected back to the login page. If I bypass the load balancer and use the main instance which is not part of the load balancer I can log in.

The log’s are not showing any useful error messages. I am think that there might be some extra configuration’s that I need to add to autoconfig.php

Any advice?

tuxfoo · November 10, 2021, 12:14am

I needed to enable stickiness which allow’s all requests from a user during a session to be sent to the same instance.

resource "aws_elb" "elb_nextcloud" {
  name               = "nextcloud-elb"
  security_groups = [ aws_security_group.nextcloud_sg.id ]
  subnets = [ module.vpc.public_subnets[0] ]

  listener {
    instance_port     = 80
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }

  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 10
    timeout             = 60
    target              = "HTTP:80/"
    interval            = 300
  }

  tags = merge(
    local.common_tags,
    {
      "Name" = "Nextcloud ELB"
    },
  )
}

resource "aws_lb_cookie_stickiness_policy" "nextcloud_stickiness" {
  name                     = "nextcloud-sticky-policy"
  load_balancer            = aws_elb.elb_nextcloud.id
  lb_port                  = 80
  cookie_expiration_period = 600
}

I will share the terraform code once I have got everything working. I still want to implement distributed redis caching and a few more other things.