Nextcloud not connecting to database properly

TylerDeBoy · February 24, 2019, 2:35am

Nextcloud version: 15.0.5 RC 1 (Latest Daily Build)
Operating system and version: Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-45-generic x86_64)
Apache or nginx version: nginx/1.14.0
PHP version: 7.3

The issue you are facing: After the beta update to 15.0.5 RC 1, no one on the server could log in. I have recreated the database, the database user, and reinstalled nextcloud. I believe there is a bug, or there is a compatibility issue within my Nginx configuration.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

Go to the “User Settings”
Nextcloud will display an error message (“An error occurred during the request. Unable to proceed”)

The output of your Nextcloud log in Admin > Logging:

|Info|core|Bruteforce attempt from detected for action "login".2019-02-23T18:26:39-0800
|Warning|core|Login failed: 'root' 2019-02-23T18:26:38-0800
|Info|core|Bruteforce attempt from detected for action "login". 2019-02-23T18:26:31-0800|

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => <redacted>,
  'passwordsalt' => <redacted>,
  'secret' => <redacted>,
  'trusted_domains' => 
  array (
    0 => <redacted>,
  ),
  'datadirectory' => '/media/WWWData/NextCloud',
  'overwrite.cli.url' => 'https://<redacted>/cloud',
  'dbtype' => 'mysql',
  'version' => '15.0.5.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '3306',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => <redacted>,
  'dbpassword' => <redacted>,
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 1,
  'logfile' => '/var/nextcloud.log',
  'updater.release.channel' => 'daily',
  'updater.secret' => <redacted>,
);

The output of your Apache/nginx/system log in /var/log/____:

2019/02/19 08:04:34 [crit] 2039#2039: *25723 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 184.105.247.194, server: 0.0.0.0:443
2019/02/19 18:16:03 [error] 2039#2039: *29492 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 69.12.72.175, server: <redacted for privacy>, request: "GET /wp-content/plugins/apikey/apikey.php?test=hello HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock$
2019/02/19 18:53:06 [error] 2039#2039: *29721 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:35 [error] 2039#2039: *29895 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:36 [error] 2039#2039: *29899 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:46 [error] 2039#2039: *29896 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:46 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:05 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:06 [error] 2039#2039: *29885 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:08 [error] 2039#2039: *29895 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:08 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:10 [error] 2039#2039: *29885 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:10 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:11:19 [error] 2039#2039: *29960 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:11:20 [error] 2041#2041: *29965 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:51:29 [error] 1784#1784: *2 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 21:45:01 [error] 1784#1784: *962 access forbidden by rule, client: 107.77.205.19, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 21:54:22 [crit] 1784#1784: *1048 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 198.108.66.176, server: 0.0.0.0:443
2019/02/19 22:50:55 [error] 1784#1784: *1299 access forbidden by rule, client: 107.77.205.214, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 00:02:07 [error] 1784#1784: *1456 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 06:57:27 [crit] 1784#1784: *1765 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 208.93.152.20, server: 0.0.0.0:443
2019/02/20 09:56:16 [crit] 1784#1784: *1996 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 184.105.139.70, server: 0.0.0.0:443
2019/02/20 12:43:06 [crit] 1784#1784: *2124 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 208.93.152.20, server: 0.0.0.0:443
2019/02/20 18:37:48 [error] 1784#1784: *2377 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:38 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:38 [error] 1784#1784: *2409 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:40 [error] 1784#1784: *2409 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:47 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:48 [error] 1784#1784: *2403 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:49 [error] 1785#1785: *2411 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:49 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:52 [error] 1784#1784: *2403 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:52 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:52 [error] 1784#1784: *2403 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:57 [error] 1784#1784: *2464 open() "/var/www/ssl/favicon.ico" failed (2: No such file or directory), client: 107.77.205.21, server: <redacted for privacy>, request: "GET /favicon.ico HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:47:11 [error] 1784#1784: *2403 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 107.77.205.21, server: <redacted for privacy>, request: "POST /cloud/updater/index.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock", host: "tdserver.ddns.n$
2019/02/20 18:47:40 [error] 1784#1784: *2479 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:47:41 [error] 1787#1787: *2481 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:47:42 [error] 1785#1785: *2478 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:01 [error] 1784#1784: *2500 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:01 [error] 1784#1784: *2506 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:03 [error] 1784#1784: *2502 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:03 [error] 1785#1785: *2503 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:04 [error] 1784#1784: *2500 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:04 [error] 1785#1785: *2503 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:04 [error] 1784#1784: *2502 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:11 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:12 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:12 [error] 1731#1731: *10 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:59 [error] 1731#1731: *7 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:00 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:03 [error] 1731#1731: *5 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:03 [error] 1731#1731: *7 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:03 [error] 1731#1731: *10 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:04 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:04 [error] 1731#1731: *7 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:04 [error] 1731#1731: *10 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:54:47 [error] 1731#1731: *75 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:54:47 [error] 1731#1731: *66 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:54:52 [error] 1731#1731: *108 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 19:09:16 [error] 1731#1731: *131 access forbidden by rule, client: 107.77.205.210, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 19:11:50 [error] 1731#1731: *149 access forbidden by rule, client: 107.77.205.210, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 19:11:51 [error] 1731#1731: *147 access forbidden by rule, client: 107.77.205.210, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"

Additionally, I am including my Nginx configuration for my site. I have a sneaky suspicion that the “access forbidden by rule” is caused by it. My nextcloud is hosted on my site in my ‘/cloud’ subfolder.

# PHP Traffic
upstream php-handler {
    server 127.0.0.1:9000;
}

# Download Server
server {
    listen 65403 default_server;
    listen [::]:65403 default_server;
    server_name <redacted for privacy>;
    root /var/www/non-ssl;
    autoindex on;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/<redacted for privacy>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<redacted for privacy>/privkey.pem;
 # managed by Certbot
}

# Redirect to HTTPS/SSL
server {
    listen 80;
    listen [::]:80;
    server_name <redacted for privacy>;
    return 301 https://$server_name$request_uri;
}

# Main SSL Server
server {
    # Listen on Port 443
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # SSL/Server Options
    server_name <redacted for privacy>;
    ssl_certificate /etc/letsencrypt/live/<redacted for privacy>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<redacted for privacy>/privkey.pem; # managed by Certbot

    # Header Options
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;
    fastcgi_hide_header X-Powered-By;

    # Directory Options
    root /var/www/ssl;
    index index.php;

    # Fix for Posts 404
    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

    # URL Redirections
    location /downloads {
        return 301 https://<redacted for privacy>:65403;
    }
    location /plex {
        return 301 https://app.plex.tv/;
    }

    # Allow Access to robots.txt
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny Access to PHP Monitor
    location ^~ /cloud/ocs/v2.php {
        deny all;
    }

    # PHP Options
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    }

    # Deny Access to Sensitive Files
    location ~ ^/(license.txt|readme.html|pihole|\.ht|db_structure\.xml|README) {
        deny all;
    }

    # Set Static Pages to Expire
    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
        expires 30d;
        access_log off;
    }

    ###### --- Nextcloud Configuration --- ######
    location = /.well-known/carddav {
      return 301 $scheme://$host/cloud/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/cloud/remote.php/dav;
    }
    location ^~ /cloud {

       # set max upload size
       client_max_body_size 10000M;
       fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;

        location /cloud {
            rewrite ^ /cloud/index.php$request_uri;
        }

        location ~ ^\/cloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
            deny all;
        }
        location ~ ^\/cloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location ~ ^\/cloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {
            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }

        location ~ ^\/cloud\/(?:updater|ocs-provider|ocm-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ ^\/cloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif)$ {
            try_files $uri /cloud/index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers  (It is intended
            # to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read
            # into this topic first.
            # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            add_header Referrer-Policy no-referrer;

            # Optional: Don't log access to assets
            access_log off;
        }

        location ~ ^\/cloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /cloud/index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}

Bernie_O · February 24, 2019, 7:02am

I haven’t looked through your entire nginx-configuration, but:

this location directive is responsible for the “access forbidden by rule” error messages in your nginx log.

Additionaly you seem to have bruteforce entries for user “root” in your database, which also might lead to timeouts when trying to login.
You can delete them with emptying the table [PREFIX]bruteforce_attempts in your database. Be aware that if the table fills again - someone might try to attack your server.

TylerDeBoy · February 24, 2019, 11:04am

Cool thanks! I disabled access to the monitor, because it contains information that the public doesn’t need to see. Plus I don’t even use it, so why have it enabled.

Yeah the brute force entries were my attempts at
my login. That is my Dorm’s IP address.

Anyway, since there are no errors found in any logs pertaining to database/users, I am assuming this is just a bug with RC 1?

Bernie_O · February 24, 2019, 3:05pm

I don‘t know what „PHP Monitor“ is, but that ocs-API is also used by clients. They might not work anymore as expected, if access to the resource is denied.

What do you mean with „this“?

TylerDeBoy · February 24, 2019, 5:03pm

The PHP monitor is like an xml-style report on system resources. Its not very useful lol.

I meant like the user problem is a glitch with this version

TylerDeBoy · February 24, 2019, 7:44pm

Figured out what was wrong. For what ever reason my backup script bugged out and restored a configuration file that was from 2018. That script made Nginx connect through ‘localhost:9000’ instead of ‘php7.3-fpm.sock’, making a complete disconnect between the two services. That was a fun 10 hours lol

tflidd · February 25, 2019, 7:51am

The release candidate, beta releases, daily builds are development versions, it’s more likely that something is broken there and it should only be used for testing. Errors can directly be submitted to github. Normal setups should not use these versions!

TylerDeBoy · February 26, 2019, 1:08am

Yeah I know. I just like to get stuff before everyone else haha