Notify_push + apache2 proxy

Hello!

Nextcloud version: 28.0.4
Operating system and version: ubuntu 22.04
Apache or nginx version: Apache/2.4.52
PHP version (eg, 7.4): 8.3.4

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Install notify_push service
  2. Update apache2 configuration
  3. Switch between different Nextcloud pages
  4. Every time the page is loaded, an error appears in the log files

The output of your Apache log:

[Wed Apr 03 17:52:17.887090 2024] [proxy:error] [pid 213176:tid 140142517917248] [client REPLACE:58502] AH10221: proxy: websocket: client flushing failed (-102)
[Wed Apr 03 17:53:04.937202 2024] [proxy:error] [pid 213175:tid 140142937355840] (70014)End of file found: [client REPLACE:58521] AH03307: ap_proxy_transfer_between_connections: error on origin -   ap_pass_brigade

occ notify_push:self-test

✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app

apache2 configuration

<VirtualHost *:80>
    ServerName REPLACE

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName REPLACE
    ServerAdmin REPLACE

    Protocols h2 http/1.1

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options nosniff
    Header set X-Frame-Options SAMEORIGIN

    TraceEnable off

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [R=405,L]

    SSLEngine on
    SSLCertificateChainFile REPLACE
    SSLCertificateFile REPLACE
    SSLCertificateKeyFile REPLACE
    SSLOpenSSLConfCmd Curves secp384r1:X25519:prime256v1

    DocumentRoot /var/www/nextcloud

    <Directory /var/www/nextcloud/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Satisfy Any
        Include /var/www/nextcloud/.htaccess
    </Directory>

    Alias /matterbridge/ /var/www/matterbridge/
    <Directory /var/www/matterbridge/>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    <Directory /ncdata>
        Require all denied
    </Directory>

    <Directory /var/www/nextcloud/config/>
        Require all denied
    </Directory>

    <Files ".ht*">
        Require all denied
    </Files>

    <IfModule mod_dav.c>
        Dav off
    </IfModule>

    <IfModule mod_mime.c>
        AddType text/javascript mjs
    </IfModule>

    <IfModule mod_reqtimeout.c>
        RequestReadTimeout body=0
    </IfModule>

    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud
    SetEnv proxy-sendcl 1

    <IfModule mod_deflate.c>
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE application/rss+xml
        AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
        AddOutputFilterByType DEFLATE application/x-font
        AddOutputFilterByType DEFLATE application/x-font-opentype
        AddOutputFilterByType DEFLATE application/x-font-otf
        AddOutputFilterByType DEFLATE application/x-font-truetype
        AddOutputFilterByType DEFLATE application/x-font-ttf
        AddOutputFilterByType DEFLATE application/x-javascript
        AddOutputFilterByType DEFLATE application/xhtml+xml
        AddOutputFilterByType DEFLATE application/xml
        AddOutputFilterByType DEFLATE font/opentype
        AddOutputFilterByType DEFLATE font/otf
        AddOutputFilterByType DEFLATE font/ttf
        AddOutputFilterByType DEFLATE image/svg+xml
        AddOutputFilterByType DEFLATE image/x-icon
        AddOutputFilterByType DEFLATE text/css
        AddOutputFilterByType DEFLATE text/html
        AddOutputFilterByType DEFLATE text/javascript
        AddOutputFilterByType DEFLATE text/plain
        AddOutputFilterByType DEFLATE text/xml
    </IfModule>

    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/

    LogLevel warn

    ErrorLog ${APACHE_LOG_DIR}/nextcloud.error.log
    CustomLog ${APACHE_LOG_DIR}/nextcloud.access.log combined
</VirtualHost>

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305

SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

notify_push.service

апр 03 17:34:37 REPLACE notify_push[1316]: [2024-04-03 17:34:37.838641 +03:00] WARN [notify_push] src/lib.rs:412: Redis server disconnected, reconnecting in 1s
апр 03 17:34:38 REPLACE notify_push[1316]: [2024-04-03 17:34:38.756218 +03:00] WARN [notify_push::connection] src/connection.rs:94: Invalid credentials

apachectl -M

Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cache_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 fcgid_module (shared)
 filter_module (shared)
 headers_module (shared)
 http2_module (shared)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 proxy_module (shared)
 proxy_fcgi_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)

Any ideas?

Maybe start looking through Setting up Files (High Performance Backend) double check installation steps and the references.

I remember redis is important for notify_push and the error

sounds like something is wrong with it. which doesn’t really match to

Before

/etc/hosts

192.168.1.1 nc.example.com

config.php

  'trusted_proxies' =>
  array (
    0 => '192.168.1.1',
  ),

Now

/etc/hosts

127.0.0.1 nc.example.com

config.php

  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
  ),

Errors are not yet logged in apache2 and notify_push
I’ll write after a while whether the problem is finally resolved

1 Like

Error occurs while restarting redis-server

[notify_push::connection] src/connection.rs:94: Invalid credentials

Today these errors appeared again in the Apache log (nothing was changed) :frowning:

[Fri Apr 05 10:52:37.788582 2024] [proxy:error] [pid 309684:tid 139640233248320] [client REPLACE:61139] AH10221: proxy: websocket: client flushing       failed (-102)
[Fri Apr 05 10:52:40.790753 2024] [proxy:error] [pid 309684:tid 139640031921728] (70014)End of file found: [client REPLACE:61137] AH03307:               ap_proxy_transfer_between_connections: error on origin - ap_pass_brigade

Added the following variable to the Apache configuration (for apache2 version 2.4.52)

# Add
SetEnv proxy-nohalfclose
#
ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/

Errors are not yet logged in Apache
I’ll write after a while whether the problem is finally resolved

1 Like

Such messages are no longer in the log file

1 Like