(Newbie question) I have nextcloud installed on Ubuntu 20.04 via snap. I can’t access Passwords app anymore it keeps throwing 502 error. I am not sure how can I get access to logs which can help with debugging the issue. I will really appreciate any help or guidance.
From Network tab of browser i can see
https://mycloud.mydomain.com/index.php/apps/passwords/api/1.0/folder/show
https://mycloud.mydomain.com/index.php/apps/passwords/api/1.0/session/open
both are failing with 502.
I found single line in settings > logging which says “Attempt to access expired or nonexistent session”.
That’s not really something that sounds like it would cause this issue.
502 is often a timeout error, so Nextcloud does not answer within the required timeframe.
You should check if there is something going on with the bruteforce detection, if headers are transferred correctly to Nextcloud or if there is some kind of firewall blocking the request.
I have a reverse proxy setup, could that be causing this issue? but why on these two API calls?
server {
listen 80;
server_name mycloud.example.com;
return 301 https://$server_name$request_uri;
}
#server block 2
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mycloud.example.com;
# ssl on;
#ssl_protocols TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate /etc/letsencrypt/live/mycloud.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mycloud.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mycloud.example.com/chain.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/certs/dhparam.pem;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/xml application/xml text/css application/css application/x-javascript application/javascript;
client_max_body_size 2000M;
location / {
proxy_buffers 16 4k;
proxy_buffer_size 2k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://internal-ip:internal-port;
}
}
I really apperciate your help.
When i look at my proxy setup, i see that i also forward the authorization header. that might be the issue:
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
I added these lines, but still getting 502 on the requests I mentioned.
where does this message come from Attempt to access expired or nonexistent session <SESSION_ID> by USERNAME.