EDIT: I gave myself a hint on what to check: Updating php-fpm reset the /var/lib/php/fpm user:group ownership I set so nextcloud could not access session and cache folders anymore. After fixing the ownership everything works again.
Nextcloud version: 13.0.2.1
Operating system and version: CentOS 7.4
Apache or nginx version: nginx 1.14.0 (also tested with 1.13.12)
PHP version: 7.2.5
php-fpm: 5.4.16-43.el7_4.1
The issue you are facing:
When I try to login via Web UI I get redirected to the login page again. This started either after I upgraded to nextcloud 13.0.2 coming from 13.0.1 or after I upgraded php-fpm (after I updated nextcloud). There were no errors during the upgrade.I tried both local and ldap users and I also tried disabling various apps using occ. The post request when I login responds with a 303 code. Other methods of accessing data (Contacts/Calendar/Desktop app/Android app) work fine.
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- login using web UI
The output of your Nextcloud log in Admin > Logging:
N.A.: Can't login
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'version' => '13.0.2.1',
'instanceid' => '***REMOVED***',
'passwordsalt' => '***REMOVED***',
'secret' => '***REMOVED***',
'trusted_domains' =>
array (
0 => 'nextcloud01.ipa.mydomain.com',
1 => 'proxy01.ipa.mydomain.com',
2 => 'next.mydomain.com',
3 => 'mydomain.com',
),
'knowledgebaseenabled' => true,
'datadirectory' => '/mnt/freenas/data/nextcloud/data',
'overwriteprotocol' => 'https',
'forcessl' => true,
'overwrite.cli.url' => 'https://nextcloud01.ipa.mydomain.com',
'dbtype' => 'pgsql',
'dbname' => 'nextcloud',
'dbhost' => 'postgresql01.ipa.mydomain.com',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => '***REMOVED***',
'dbpassword' => '***REMOVED***',
'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => 'true',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
'installed' => true,
'auth.bruteforce.protection.enabled' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_from_address' => 'nextcloud',
'mail_domain' => 'mydomain.com',
'mail_smtpauthtype' => 'PLAIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'mail.mydomain.com',
'mail_smtpport' => '587',
'mail_smtptimeout' => '30',
'mail_smtpname' => '***REMOVED***',
'mail_smtppassword' => '***REMOVED***',
'cipher' => 'AES-256-CFB',
'enable_avatars' => true,
'has_internet_connection' => true,
'check_for_working_webdav' => true,
'check_for_working_wellknown_setup' => true,
'check_for_working_htaccess' => true,
'ldapIgnoreNamingRules' => false,
'ldapUserCleanupInterval' => 51,
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'enable_previews' => true,
'preview_max_x' => 2048,
'preview_max_y' => 2048,
'preview_max_scale_factor' => 1,
'preview_max_filesize_image' => 50,
'preview_libreoffice_path' => '/usr/bin/libreoffice',
'preview_office_cl_parameters' => ' --headless --nologo --nofirststartwizard --invisible --norestore --convert-to pdf --outdir ',
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\MP3',
6 => 'OC\\Preview\\TXT',
),
'hashingCost' => 12,
'blacklisted_files' =>
array (
0 => '.htaccess',
),
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
1 => 'HTTP_FORWARDED_FOR',
),
'trusted_proxies' =>
array (
0 => '***REMOVED IP4***',
1 => '***REMOVED IP6***',
),
'htaccess.RewriteBase' => '/',
'appstoreenabled' => true,
'appcodechecker' => true,
'updatechecker' => true,
'updater.release.channel' => 'stable',
'logfile' => '/var/log/nextcloud/nextcloud.log',
'logdateformat' => 'Y-m-d H:i:s',
'logtimezone' => 'Europe/Berlin',
'log_query' => false,
'cron_log' => true,
'log_rotate_size' => '10485760',
'loglevel' => 0,
'filesystem_check_changes' => 1,
'cache_path' => '/srv/www/cache/',
'theme' => '',
'maintenance' => false,
);
nextcloud log:
{"reqId":"6Bw67oq40HhiURID4dn2","level":0,"time":"2018-05-08 23:24:36","remoteAddr":"","user":"--","app":"no app in context","method":"GET","url":"\/apps\/files\/","message":"Current user is not logged in","userAgent":"Mozilla\ /5.0 (X11; Linux x86_64; rv:52.0) Gecko\/20100101 Firefox\/52.0","version":"13.0.2.1"}
{"reqId":"zk2ZYd4KlI0kzE4bFNcF","level":0,"time":"2018-05-08 23:24:36","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/login?redirect_url=\/apps\/files\/","message":"Scss is disabled for \/srv\/www\/nextcloud\/ core\/css\/jquery-ui-fixes.scss, ignoring","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:52.0) Gecko\/20100101 Firefox\/52.0","version":"13.0.2.1"}
{"reqId":"zk2ZYd4KlI0kzE4bFNcF","level":0,"time":"2018-05-08 23:24:36","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/login?redirect_url=\/apps\/files\/","message":"Scss is disabled for \/srv\/www\/nextcloud\/ core\/css\/server.scss, ignoring","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:52.0) Gecko\/20100101 Firefox\/52.0","version":"13.0.2.1"}
{"reqId":"zk2ZYd4KlI0kzE4bFNcF","level":0,"time":"2018-05-08 23:24:36","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/login?redirect_url=\/apps\/files\/","message":"Scss is disabled for \/srv\/www\/nextcloud\/ core\/css\/share.scss, ignoring","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:52.0) Gecko\/20100101 Firefox\/52.0","version":"13.0.2.1"}
{"reqId":"zk2ZYd4KlI0kzE4bFNcF","level":0,"time":"2018-05-08 23:24:36","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/login?redirect_url=\/apps\/files\/","message":"Scss is disabled for \/srv\/www\/nextcloud\/ core\/css\/jquery.ocdialog.scss, ignoring","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:52.0) Gecko\/20100101 Firefox\/52.0","version":"13.0.2.1"}
nginx error log is empty
nginx access log:
[08/May/2018:21:58:56 +0200] "POST /login?redirect_url=/apps/files/ HTTP/1.1" 303 5 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
[08/May/2018:21:58:56 +0200] "GET /apps/files/ HTTP/1.1" 303 5 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
[08/May/2018:21:58:57 +0200] "GET /login?redirect_url=/apps/files/ HTTP/1.1" 200 11086 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
...
[08/May/2018:21:58:57 +0200] "GET /core/vendor/purify.min.js.map HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
php-fpm error log is empty
php-fpm access log:
2018-05-08T21:58:56+0200 - - - "POST /index.php?redirect_url=/apps/files/" 303 /srv/www/nextcloud/index.php 177.335 4096 78.95%
2018-05-08T21:58:56+0200 - - - "GET /index.php" 303 /srv/www/nextcloud/index.php 129.176 2048 69.67%
2018-05-08T21:58:56+0200 - - - "GET /index.php?redirect_url=/apps/files/" 200 /srv/www/nextcloud/index.php 316.453 4096 75.84%
firefox dev console:
respose cookies for POST login (303 status):
[instance_id]
expires 1970-01-01T00:00:01.000Z
path /
value deleted
response payload is empty
nginx conf:
server {
listen 80;
server_name nextcloud01.ipa.mydomain.com;
return 301 https://nextcloud01.ipa.mydomain.com$request_uri;
}
server {
listen 443 default_server ssl http2;
server_name nextcloud01.ipa.mydomain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nextcloud01.ipa.mydomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/nextcloud01.ipa.mydomain.com.key;
ssl_dhparam /etc/nginx/ssl/dh4096.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 8k;
ssl_session_timeout 10m;
ssl_session_tickets off;
server_tokens off;
charset utf-8;
client_max_body_size 10G;
client_body_buffer_size 10K;
client_header_buffer_size 2k;
large_client_header_buffers 2 2k;
fastcgi_buffers 64 4k;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /srv/www/nextcloud/;
index index.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-fpm;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 86400;
fastcgi_send_timeout 86400;
fastcgi_connect_timeout 86400;
fastcgi_param HTTP_PROXY "";
fastcgi_param PHP_VALUE "open_basedir=/srv/www:/srv/cache:/tmp/:/mnt/freenas/data/nextcloud:/dev/urandom:/var/log/nextcloud:/proc/meminfo
upload_max_filesize = 10G
post_max_size = 10250M
max_execution_time = 86400";
fastcgi_param REMOTE_ADDR $http_x_real_ip;
access_log /var/log/nginx/access.log;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}