Nextcloud version (13.0.1):
Operating system and version (Ubuntu 16.04 Server 64 bit):
Apache or nginx version (eg, Apache 2.4.218):
PHP version (7.0.25):
The issue you are facing:
Nextcloud is too slow to load the log files.
The problem is that, since i updated to nextcloud 13.0.0, the web interface is very slow, also the app on my iPhone takes very long to load the files. I tried updating to 13.0.1, which succeeded, but it is all very slow. The server usage is very low (normal) so it is not like it is overloading my server.
Loading the log in page is very fast, logging in with a wrong password gives back a fast response from te server, but the moment i log in with the correct credentials, the slowness starts.
I am talking about waiting 20 minutes to log in and load the files section.
I have no idea what is going on, any help is welcome.
If triggered, brute force protection makes requests coming from an IP on a bruteforce protected controller with the same action slower and slower for a 24 hour period.
I am trying to login with different IP’s, from different location’s (School, work, 4G Mobile data).
My server is located at home, and my network speed is more then adequate 500/500 fibre.
CPU is at 3% and memory is 400MB of 6GB, disk i/o is also low. I am running this on a 2tb mirror.
I decided to use cloudflare’s https reverse proxy after the update and disabled all the SSL settings on the original server. then nextcloud’s webpage took forever to load.
I don’t know why it matters but after I re-enable letsencrypt SSL conf in apache, the problem was magically solved. Maybe because nextcloud have detected that I was using https on the server and made some configuration for that, and after I disable SSL, the configurations are messed up, which causes nextcloud stuck in some loop?
Disabling bruteforce protection should not been taken as a solution, this is just removing warnings. There are two possibilities why that happens, if you are lucky you have a misconfigured client or app that uses wrong credentials and triggers the protection, or, if you are not so lucky, there is a bruteforce attack going on, in that case you have just enabled the attacker to permanently try different passwords until he finds his way in, without the timeconsuming protection. So better find out what is triggering that.
Go in to settings look at logs if there is alot of errors critical fail and so on post them here old
its safe to disable Bruteforce can use other stuff to block bruteforce ex fail2ban or even in router to stop bruteforce. There is alot of ways to stop bruteforce .