Slow log in on NextCloud 10

tx7 · August 26, 2016, 5:45pm

I just updated to NC10, and I notice that it take more than 10 secs to log in.
Anybody else have this issue?

config.php

    <?php
$CONFIG = array (
  'instanceid' => 'ocboc03zyp7e',
  'passwordsalt' => 'removed',
  'secret' => 'removed',
  'trusted_domains' =>
  array (
    0 => '192.168.1.97',
    1 => 'localhost',
    2 => 'abc.xyz.com',
  ),
  'datadirectory' => '/media/54bf67db-da31-4c50-bb3c-27140944b223/www/nextcloud/data',
  'overwrite.cli.url' => 'https://abc.xyz.com',
  'dbtype' => 'mysql',
  'version' => '9.1.0.16',
  'dbname' => 'owncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_admin',
  'dbpassword' => 'random_characters',
  'logtimezone' => 'EST',
  'installed' => true,
  'log_type' => 'owncloud',
  'log_authfailip' => true,
  'allow_user_to_change_display_name' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    0 =>
    array (
      0 => 'localhost',
      1 => 11211,
    ),
  ),
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
 'mail_from_address' => 'user1',
  'mail_domain' => 'yahoo.com',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.mail.yahoo.com',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'abc@yahoo.com',
  'mail_smtppassword' => 'xxxxx',
  'theme' => '',
  'loglevel' => 2,
  'maintenance' => false,
  'htaccess.RewriteBase' => '/',
  'updater.release.channel' => 'stable',
);

tflidd · August 26, 2016, 8:18pm

Could be the new bruteforce-protection
You can try to delete previous failed login attempts:

tx7 · August 26, 2016, 8:23pm

Hello,

I cleared the log, and restart Nginx, but same slow effect!
Is the brute-force protection enabled by default?
If so, how can I disable it?
I’m using Fail2Ban is good for me.

tflidd · August 26, 2016, 11:34pm

Yes, you can disable it in your config.php, add:

    'auth.bruteforce.protection.enabled' => false,

tx7 · August 27, 2016, 12:32am

I added the code, and restarted Nginx service.

Still slow…

tflidd · August 27, 2016, 6:49am

Can you see what’s happening during these 10s? Is there a high load of the php or mysql process? You could also increase the log level of your services to obtain more information.

tx7 · August 27, 2016, 11:45am

Ok, my system just woke up today, I logged in fast just like before.
So, I guess the system need to be reboot after the changes are made.
It is resolved.

Thanks.

pierreozoux · September 13, 2016, 11:59am

I hit the exact same issue, and the solution was clearly:

Thanks!

Tom_Alperin · September 25, 2016, 7:13am

A nice addition to the brute force prevention might be a reset on successful login. I think this feature is going to get turned off by many due to the inconvienience. Having the timer reset after a successful login would eliminate the inconvienience without decreasing security.