Nextcloud unable to access S3 files, but when I bash into the container I can curl it

hyoretsu · March 23, 2024, 7:10pm

Title, already made an issue but no response yet.

[Bug]: Can't access files from stored in Amazon S3

opened 08:04PM - 17 Mar 24 UTC

bug 0. Needs triage 28-feedback

### ⚠️ This issue respects the following points: ⚠️ - [X] This is a **bug**, no…t a question or a configuration/webserver/proxy issue. - [X] This issue is **not** already reported on [Github](https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3Abug) OR [Nextcloud Community Forum](https://help.nextcloud.com/) _(I've searched it)_. - [X] Nextcloud Server **is** up to date. See [Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) for supported versions. - [X] I agree to follow Nextcloud's [Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/). ### Bug description I can't access files stored in S3, be it in the built-in editor (SessionAPI error) or locally (fopen Operation timed out). I can curl it just fine inside the `nextcloud-aio-nextcloud` container, but Nextcloud seems unable to. I already tried to bump the default_socket_timeout to 60s. ### Steps to reproduce Store files in Amazon S3 and try to open them. ### Expected behavior They should open effortlessly. ### Installation method Official All-in-One appliance ### Nextcloud Server version 28 ### Operating system Debian/Ubuntu ### PHP engine version None ### Web server Apache (supported) ### Database engine version MySQL ### Is this bug present after an update or on a fresh install? Fresh Nextcloud Server install ### Are you using the Nextcloud Server Encryption module? Encryption is Disabled ### What user-backends are you using? - [X] Default user-backend _(database)_ - [ ] LDAP/ Active Directory - [ ] SSO - SAML - [ ] Other ### Configuration report ```shell { "system": { "default_phone_region": "BR", "maintenance_window_start": 6, "one-click-instance": true, "one-click-instance.user-limit": 100, "memcache.local": "\\OC\\Memcache\\APCu", "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": false }, { "path": "\/var\/www\/html\/custom_apps", "url": "\/custom_apps", "writable": true } ], "appsallowlist": false, "check_data_directory_permissions": false, "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "password": "***REMOVED SENSITIVE VALUE***", "port": 6379 }, "overwritehost": "nextcloud.hyoretsu.com", "overwriteprotocol": "https", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "nextcloud.hyoretsu.com" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "pgsql", "version": "28.0.3.2", "overwrite.cli.url": "https:\/\/nextcloud.hyoretsu.com\/", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "maintenance": false, "loglevel": "2", "app_install_overwrite": [ "nextcloud-aio" ], "log_type": "file", "logfile": "\/var\/www\/html\/data\/nextcloud.log", "log_rotate_size": "10485760", "log.condition": { "apps": [ "admin_audit" ] }, "preview_max_x": "2048", "preview_max_y": "2048", "jpeg_quality": "60", "enabledPreviewProviders": { "1": "OC\\Preview\\Image", "2": "OC\\Preview\\MarkDown", "3": "OC\\Preview\\MP3", "4": "OC\\Preview\\TXT", "5": "OC\\Preview\\OpenDocument", "6": "OC\\Preview\\Movie", "7": "OC\\Preview\\Krita" }, "enable_previews": true, "upgrade.disable-web": true, "mail_smtpmode": "smtp", "trashbin_retention_obligation": "auto, 30", "versions_retention_obligation": "auto, 30", "activity_expire_days": "30", "simpleSignUpLink.shown": false, "share_folder": "\/Shared", "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/", "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726", "updatedirectory": "\/nc-updater", "allow_local_remote_servers": true, "davstorage.request_timeout": 3600, "htaccess.RewriteBase": "\/", "dbpersistent": false, "files_external_allow_create_new_local": false, "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "mail_smtpauth": 1, "mail_sendmailmode": "smtp", "mail_smtpport": "587", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "data-fingerprint": "8c67c1b15e6496261bbb8c9af5872ee9" } } ``` ### List of activated Apps ```shell Enabled: - activity: 2.20.0 - admin_audit: 1.18.0 - audioplayer: 3.4.1 - bruteforcesettings: 2.8.0 - cadviewer: 9.47.1 - camerarawpreviews: 0.8.4 - checksum: 1.2.3 - cloud_federation_api: 1.11.0 - comments: 1.18.0 - dashboard: 7.8.0 - data_request: 1.15.0 - dav: 1.29.1 - deck: 1.12.2 - drawio: 3.0.2 - electronicsignatures: 3.0.0 - end_to_end_encryption: 1.14.3 - epubviewer: 1.6.0 - external: 5.3.1 - federatedfilesharing: 1.18.0 - federation: 1.18.0 - files: 2.0.0 - files_accesscontrol: 1.18.0 - files_bpm: 1.3.0 - files_external: 1.20.0 - files_mindmap: 0.0.30 - files_pdfviewer: 2.9.0 - files_reminders: 1.1.0 - files_sharing: 1.20.0 - files_trashbin: 1.18.0 - firstrunwizard: 2.17.0 - forms: 4.1.1 - googledocsredirect: 1.0.7 - groupfolders: 16.0.4 - health: 2.2.2 - impersonate: 1.15.0 - integration_deepl: 1.1.3 - integration_github: 2.0.7 - integration_google: 2.2.0 - integration_notion: 0.1.4 - integration_reddit: 2.0.3 - integration_slack: 1.1.0 - integration_tmdb: 1.0.3 - integration_twitter: 1.0.7 - keeporsweep: 0.3.0 - logreader: 2.13.0 - lookup_server_connector: 1.16.0 - nextcloud-aio: 0.4.0 - nextcloud_announcements: 1.17.0 - notifications: 2.16.0 - notify_push: 0.6.9 - oauth2: 1.16.3 - password_policy: 1.18.0 - privacy: 1.12.0 - provisioning_api: 1.18.0 - quota_warning: 1.18.0 - recommendations: 2.0.0 - registration: 2.4.0 - related_resources: 1.3.0 - richdocuments: 8.3.2 - serverinfo: 1.18.0 - settings: 1.10.1 - sharebymail: 1.18.0 - sociallogin: 5.6.3 - socialsharing_email: 3.1.0 - socialsharing_facebook: 3.1.0 - socialsharing_telegram: 3.1.0 - socialsharing_twitter: 3.1.0 - support: 1.11.0 - survey_client: 1.16.0 - suspicious_login: 6.0.0 - text: 3.9.1 - theming: 2.3.0 - twofactor_backupcodes: 1.17.0 - twofactor_totp: 10.0.0-beta.2 - user_ldap: 1.19.0 - viewer: 2.2.0 - workflowengine: 2.10.0 Disabled: - circles: 28.0.0-dev (installed 28.0.0-dev) - contactsinteraction: 1.9.0 (installed 1.9.0) - encryption: 2.16.0 - files_versions: 1.21.0 (installed 1.21.0) - photos: 2.4.0 (installed 2.4.0) - systemtags: 1.18.0 (installed 1.18.0) - user_status: 1.8.1 (installed 1.8.1) - weather_status: 1.8.0 (installed 1.8.0) ``` ### Nextcloud Signing status ```shell No errors have been found. ``` ### Nextcloud Logs ```shell https://pastebin.com/N99rDiBb ``` ### Additional info _No response_

jtr · March 24, 2024, 8:41pm

How are you testing via cURL at the command line? Like a pre signed URL or… ?

My setups that are v28.0.3 based have S3 External Storage mounts on them which seem to be functioning fine.

Based on the logs you posted in the Issue, it appears you mounted the External Storage as your account’s root folder rather than a subdirectory under it. Is that correct?

hyoretsu · March 24, 2024, 8:55pm

I don’t know if this is a pre-signed URL or not, but I’m simply cURL’ing the link that fails to fopen. E.g. curl https://hyoretsu-nextcloud.s3.us-east-2.amazonaws.com/Notes/Music.txt

Also yes, S3 is mounted at root.

jtr · March 24, 2024, 9:14pm

Gotcha. Well, without authentication those cURL tests aren’t really downloading your files (unless your bucket is open to the public). You’re most likely getting denied by AWS’s S3 frontend unfortunately it’s not really a valid comparison test.

To test with cURL for real, you’ll need to generate a presigned URL for one of your bucket files via the AWS control panel or CLI. That will allow a better test scenario.

The logs suggest it really is just a standard outbound connectivity matter.

Is your Nextcloud server fairly near to AWS’s us-east data center geographically and network-wise?

hyoretsu · March 25, 2024, 12:48pm

I opened my bucket to the public after I opened the issue, so that isn’t the issue. But I tested with a presigned URL nonetheless, cURL still works fine.

My Nextcloud server’s in an EC2 instance that’s in the same availability center as my S3 bucket. Logically there should be no reason for it not to work.

jtr · March 25, 2024, 1:29pm

In your report you mentioned you recently moved everything to S3. So this worked for a bit then stopped? Can you identify what may have occurred around the time period when it stopped? Had their been a recent update or anything like that?

hyoretsu · March 25, 2024, 6:17pm

I just re-installed Nextcloud (using AIO) from scratch and the same thing’s happening, so that’s not it unfortunately. Just for the record, I’m using a custom network in my docker compose to enable IPv6:

networks:
  default:
    name: nextcloud-aio
    driver: bridge
    enable_ipv6: true
    attachable: true
    ipam:
      driver: default
      config:
        - subnet: 2600:1f16:1cfb:1c00::/56

hyoretsu · March 25, 2024, 6:30pm

Figured it out, I’d forgot to enable IPv6 in Docker in this new instance.

system · April 2, 2024, 6:30pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.