Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. 
The Basics
- Nextcloud Server version (e.g., 29.x.x):
30.0.8
- Operating system and version (e.g., Ubuntu 24.04):
debian 12
- Web server and version (e.g, Apache 2.4.25):
nginx
- Reverse proxy and version _(e.g. nginx 1.27.2)
caddy
- PHP version (e.g, 8.3):
8.2
- Is this the first time you’ve seen this error? (Yes / No):
yes
- When did this problem seem to first start?
can't say, just realized
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
docker, with php-fpm
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
cloudflare
Summary of the issue you are facing:
When i create a share with expiry, then it’s immediately deleted, when i call the link or i want to view the share-information again. Somehow nextcloud decides to delete it immediately.
the db entry is there initially
nextcloud=# select * from oc_share where expiration is not null order by id desc limit 10;
id | share_type | share_with | password | uid_owner | uid_initiator | parent | item_type | item_source | item_target | file_source | file_target | permissions | stime | accepted | expiration | token | mail_send | share_name | password_by_talk | note | hide_download | label | attributes | password_expiration_time
-------+------------+------------+----------+-------------+---------------+--------+-----------+-------------+-------------+-------------+----------------+-------------+------------+----------+------------------------+-----------------+-----------+------------+------------------+------+---------------+-------+------------+--------------------------
12010 | 3 | | | *** | **** | | file | 46140 | | 46140 | /thd-todos.txt | 1 | 1742545689 | 0 | 2025-03-24 23:00:00+00 | wHbpCQCBFcTc56C | 0 | | f | | 0 | | |
but even though it’s not expired, it’s gone right when trying to retrieve these files.
It needs to do have to something with the installed apps or the configuration somehwere, but I don’t know how I could debug this. On other instances the expiry works fine.
Would really appreciate it if somebody could help me debugging this, where this comes from.
Steps to replicate it (hint: details matter!):
- create a share with expiry
- call it
- it’s gone
Log entries
Nextcloud
not much what i could share here to this problem, logs are very spammy, when setting it to debug level. otherwise no specific error.
{"reqId":"rdIgWDB97bcCC6rbT32d","level":1,"time":"2025-03-21T08:45:50+00:00","remoteAddr":"172.71.164.231","user":"--","app":"core","method":"GET","url":"/s/bjN9XDXT4WQ3wD5","message":"Bruteforce attempt from \"172.71.164.231\" detected for action \"ShareController::showShare\".","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0","version":"30.0.8.1","data":{"app":"core"}}
Configuration
Nextcloud
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"wir.treibhausdonaufeld.at"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "30.0.8.1",
"overwrite.cli.url": "https:\/\/wir.treibhausdonaufeld.at",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"overwritehost": "wir.treibhausdonaufeld.at",
"overwriteprotocol": "https",
"overwritewebroot": "",
"skeletondirectory": "",
"maintenance": false,
"mail_sendmailmode": "smtp",
"mail_smtpmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "tls",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"filelocking.enabled": true,
"loglevel": 2,
"default_phone_region": "AT",
"app_install_overwrite": [
"files_texteditor",
"deck"
],
"maintenance_window_start": 1
}
}
Apps
The output of occ app:list (if possible).
Enabled:
- activity: 3.0.0
- admin_audit: 1.20.0
- app_api: 4.0.6
- bruteforcesettings: 3.0.0
- calendar: 5.2.0
- circles: 30.0.0
- cloud_federation_api: 1.13.0
- collectives: 2.16.1
- comments: 1.20.1
- contacts: 7.0.4
- contactsinteraction: 1.11.0
- dashboard: 7.10.0
- dav: 1.31.1
- deck: 1.14.4
- drawio: 3.0.3
- external: 5.5.2
- federatedfilesharing: 1.20.0
- federation: 1.20.0
- files: 2.2.0
- files_downloadlimit: 3.0.0
- files_external: 1.22.0
- files_fulltextsearch: 31.0.0
- files_pdfviewer: 3.0.0
- files_reminders: 1.3.0
- files_sharing: 1.22.0
- files_trashbin: 1.20.1
- files_versions: 1.23.0
- firstrunwizard: 3.0.0
- forms: 5.0.4
- fulltextsearch: 30.0.1
- fulltextsearch_elasticsearch: 30.0.1
- impersonate: 1.17.1
- logreader: 3.0.0
- lookup_server_connector: 1.18.0
- mail: 4.3.1
- notifications: 3.0.0
- oauth2: 1.18.1
- onlyoffice: 9.7.0
- password_policy: 2.0.0
- polls: 7.4.1
- privacy: 2.0.0
- provisioning_api: 1.20.0
- settings: 1.13.0
- suspicious_login: 8.0.0
- systemtags: 1.20.0
- terms_of_service: 4.3.0
- text: 4.1.0
- theming: 2.6.0
- theming_customcss: 1.18.0
- thesearchpage: 1.2.10
- twofactor_backupcodes: 1.19.0
- twofactor_totp: 12.0.0-dev
- updatenotification: 1.20.0
- viewer: 3.0.0
- webhook_listeners: 1.1.0-dev
- welcome: 1.2.1
- workflowengine: 2.12.0