Slow web interface with nginx, can't resolve ocm-provider & ocs-provider

Nextcloud version: 24.0.1
Operating system: Raspbian Lite (Debian 11, Bullseye) on Raspberry Pi 400
nginx version: Nginx 1.18.0
PHP version: 8.0 (php8.0, php8.0-cli and php8.0-fpm packages at 8.0.18)

The issue you are facing:
To preface, I set up Nextcloud on my Raspberry Pi 400 with Apache to begin with, and it was smooth as butter, however I need the bandwidth limiting functionality that nginx has, and made the switch. I’m completely new to managing my own server (this is my first time setting one up) so I accept I must have done something wrong somewhere during that.

With Apache, I set up Nextcloud with a working Crontab that executes every five minutes, as well as MariaDB, APCu and Redis; APCu for local caching, and Redis for distributed cache as well as locking.

Now with nginx, the web interface is slow as molasses, images sometimes don’t load in, and even just entering the “Apps” menu will throw either error 503, 522 or a bubble saying “An error occured during the request. Unable to proceed.” in the top right. A refresh if I run into this error gets me past it.

Going to “Settings → Administration/Overview” **sometimes **shows me “Your web server is not properly set up to resolve “/ocm-provider/”” (as well as “/ocs-provider”), sometimes only one of those two, or none of them.
It also sometimes throws me one to three red lines stating “Error occurred whilst checking server setup.”

That being said, the apps list rarely loads in as it’s stuck with the spinning loading animation.
If I try to go to “Settings → Administration/Logging”, it has the same problem. If it does load in and I try to download the log, I run into error 503 again. Refreshing initiates the log download, so I do have the log but I’m not getting any wiser from it.

Generally I get 503’s a lot, sometimes full and sometimes partial pages load until I CTRL+F5.
I feel like I’ve tried everything I found on the forum!

Is this the first time you’ve seen this error?: Yep

Steps to replicate it:

  1. Set up Nextcloud with Apache, APCu and Redis, make sure everything is smooth
  2. Install Nginx, adjust configuration files and remove Apache
  3. Try using the web interface

The output of your Nextcloud log in Admin > Logging:
Here are the 428 most recent lines in the log. I stripped it down to that because everything above are just duplicates of line 428.

nextcloud.log

The contents of /etc/nginx/nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	limit_conn_zone $binary_remote_addr zone=addr:15m;

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

        server {
	  listen 80 default_server;
	  server_name _;
	  return 301 https://$host$request_uri;
	}

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
}



#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

The contents of /etc/nginx/conf.d/nextcloud.conf:

upstream php-handler {
    # server 127.0.0.1:9000;
    # I tried commenting out the .sock line below and using only the above, as well as both, but no difference.
    server unix:/var/run/php/php8.0-fpm.sock;
}

# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
    "" "";
    default "immutable";
}


server {
    listen 80;
    listen [::]:80;
    server_name [My Domain];

    # Prevent nginx HTTP Server Detection
    server_tokens off;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443      ssl http2;
    listen [::]:443 ssl http2;
    server_name [My Domain];

    # Path to the root of your installation
    root /var/www/nextcloud;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    ssl_certificate     /etc/cloudflare/[My Domain].pem;
    ssl_certificate_key /etc/cloudflare/[My Domain].key;

    # Prevent nginx HTTP Server Detection
    server_tokens off;

    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

    # set max upload size and increase upload timeout:
    client_max_body_size 32G;
    client_body_timeout 300s;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    #pagespeed off;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri;

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        # Required for legacy support
        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;

        fastcgi_max_temp_file_size 0;
    }

    location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463, $asset_immutable";
        access_log off;     # Optional: Don't log access to assets

        location ~ \.wasm$ {
            default_type application/wasm;
        }
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
        limit_conn addr 1;
    }

    # Here's a supposed workaround for ocm-provier and ocs-provider errors I found somewhere on the Nextcloud forums.
    # But it didn't work for me at all no matter where I put it within this file.
    # location ~ ^/(?:ocm-provider|ocs-provider).* { rewrite ^ /index.php$request_uri; }
}

The output of your config.php file:

Expand to see config.php
<?php
$CONFIG = array (
  'instanceid' => '[Honestly just redacting this just in case]',
  'passwordsalt' => '[Salty treat]',
  'secret' => '[Secret, duh!]',
  'trusted_domains' =>
  array (
    0 => '192.168.0.50',
    1 => '[I'd rather not share my domain unless I need to]',
  ),
  'trusted_proxies' =>
  array (
    [IP addresses withheld]
  ),
  'datadirectory' => '/nfs/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '24.0.1.1',
  'overwrite.cli.url' => 'http://192.168.0.50/nextcloud',
  'dbname' => 'nextclouddb',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '',
  'dbpassword' => '',
  'installed' => true,
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'default_phone_region' => 'NO',
  'preview_max_x' => 2048,
  'preview_max_y' => 2048,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
  ),
  'maintenance' => false,
  'theme' => '',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => 2,
);

The output of your nginx log in /var/log/error.log and access.log:

Both are stripped to the last 4.5 hours of activity:

error.log

access.log

Output errors in nextcloud.log in /var/www/:

Sorry, but I genuinely can’t apply the filters on that page, even with Live Update turned OFF the page goes blank when I click the filters, and 503’s when I refresh.
HOWEVER, the only errors I can perceive on that page are duplicates of the following. Expand this list to see it:

The error in question

Swift_TransportException: Connection could not be established with host 127.0.0.1 :stream_socket_client(): Unable to connect to 127.0.0.1:25 (Connection refused)

Swift_Transport_StreamBuffer->{closure}("*** sensiti ... *")

/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php - line 264:

stream_socket_client()

/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php - line 58:

Swift_Transport_StreamBuffer->establishSocketConnection()

/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php - line 143:

Swift_Transport_StreamBuffer->initialize()

/var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Mailer.php - line 65:

Swift_Transport_AbstractSmtpTransport->start()

/var/www/nextcloud/lib/private/Mail/Mailer.php - line 195:

Swift_Mailer->send()

/var/www/nextcloud/apps/notifications/lib/MailNotifications.php - line 215:

OC\Mail\Mailer->send()

/var/www/nextcloud/apps/notifications/lib/MailNotifications.php - line 166:

OCA\Notifications\MailNotifications->sendEmailToUser()

/var/www/nextcloud/apps/notifications/lib/BackgroundJob/SendNotificationMails.php - line 49:

OCA\Notifications\MailNotifications->sendEmails()

/var/www/nextcloud/lib/public/BackgroundJob/Job.php - line 79:

OCA\Notifications\BackgroundJob\SendNotificationMails->run()

/var/www/nextcloud/lib/public/BackgroundJob/TimedJob.php - line 95:

OCP\BackgroundJob\Job->execute()

/var/www/nextcloud/cron.php - line 151:

OCP\BackgroundJob\TimedJob->execute()

Other notes:
I’ve monitored the activity on my Raspberry Pi with htop and iotop, and nothing is out of the ordinary while using Nextcloud. Other sites using PHP on the Raspberry Pi load and function fine.

I have not and never set up an SMTP server, and I do not want to either, or need one at all.

Thank you so much in advance, and apologies it got so lengthy. Appreciate any help I can get!