Unable to log into nextcloud

A post was split to a new topic: Login issue on mobile devices

I agree and definitely it would be great the logs live in only one place. but this is a drawback of running complex system build of different components - and this is your job as sysadmin to educate about involved components and locate all the logs this components write.

regarding the above log snippet I have two observations

  • I donā€™t observe any POST request when you submit the password. In my logs there is oneā€¦
  • it looks like you access the system using IPv6. I was under impression IPv6 doesnā€™t work well with docker - please review you DNS, routing, firewall etc to verify the system everything works well with IPv6 (for quick test you could ā€œbreakā€ the IPv6 with hosts file ā€œ:: cloud.defariahome.comā€ or your local DNS server in case you run one)

What can I say? It didnā€™t put out a POST I guess. Here it is again:

2603:8000:3602:5720:8d53:448f:91dd:6808 - - [23/Oct/2022:13:31:53 -0700] "GET / HTTP/1.1" 302 899 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0"
2603:8000:3602:5720:8d53:448f:91dd:6808 - - [23/Oct/2022:13:31:53 -0700] "GET /index.php/login HTTP/1.1" 200 6774 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0"
2603:8000:3602:5720:8d53:448f:91dd:6808 - - [23/Oct/2022:13:32:07 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1689 "-" "-"
2603:8000:3602:5720:8d53:448f:91dd:6808 - andrew [23/Oct/2022:13:31:06 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1571 "-" "-"
2603:8000:3602:5720:8d53:448f:91dd:6808 - - [23/Oct/2022:13:32:57 -0700] "GET /favicon.ico HTTP/1.1" 404 649 "https://cloud.defariahome.com/index.php/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0"

I donā€™t do my own DNS. I use 1.1.1.1 and 1.0.0.1.

I have moved and had gotten a new ISP. I have been using Synologyā€™s DDNS (synology.me). This caused my IPv4 address to change so I changed the IPv4 address but I had no idea what to set the new IPv6 address to. Honestly, I didnā€™t even know if I was using IPv6 at all. It was set to 2603:8000:3602:5720:211:32ff:fed1:7025. However, when I go to places like https://test-ipv6.com/ it tells me ā€œYour IPv6 address on the public Internet appears to be 2603:8000:3602:5720:8d53:448f:91dd:6808ā€. I tried changing the IPv6 address in the Synology DDNS configuration and now all of my docker applications return with:

Secure Connection Failed

An error occurred during a connection to cloud.defariahome.com. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Suspicious things remain:

  • My DNS has not really changed except as noted above (having to change my IPv4 address due to my move in Synologyā€™s DDNS)
  • None of my other docker apps have any problems being accessed (maybe none of them use IPv6 and only NC does?)
  • Nextcloud connects and presents the login screen so all of that is working. It may be possible that Nextcloud is connecting and presenting the initial login dialog then switches over to IPv6 to continue. Seems dumb. And other users, like my newly created admin user login so if itā€™s the case that NC switches to IPv6 then thatā€™s working for admin.
  • Perhaps I need to set my IPv6 default gateway? Itā€™s currently stated as fe80::e65e:1bff:fef5:aa97.

Hereā€™s what is returned from nslookup(1) on the Synology:

Jupiter:nslookup cloud.defariahome.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
cloud.defariahome.com	canonical name = defaria.synology.me.
Name:	defaria.synology.me
Address: 75.80.5.95
Name:	defaria.synology.me
Address: 2603:8000:3602:5720:211:32ff:fed1:7025

Jupiter:

When I change the IPv6 address and re-perform the nslookup I see that itā€™s updated:

Jupiter:nslookup cloud.defariahome.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
cloud.defariahome.com	canonical name = defaria.synology.me.
Name:	defaria.synology.me
Address: 75.80.5.95
Name:	defaria.synology.me
Address: 2603:8000:3602:5720:8d53:448f:91dd:6808

Jupiter:

But then everything fails with the error about not being able to provide a secure connection.

Since I saw there was a way to turn off the External Address(IPv6) on Synology I disabled it. My docker apps work but Nextcloud still fails the same way. I donā€™t think IPv6 is the probelm though Iā€™m still confused why sites report my IPv6 address is different than what seems to be working for me in Synology.

The line above shows you are accessing your server via IPv6. If this is a problem or not I canā€™t say now.

2603:8000:3602:5720:8d53:448f:91dd:6808 > seems to be you client IP, which different from your Synology (server) IP. Often there are two different sets of port forwards in the routers, one for each protocol family maybe need to create additional IPv6 port forward for you Synology system additionally to existing IPv4ā€¦

What is definitely a problem is the fact you donā€™t see any POST request, which exactly the piece where you send credentials to your server. in my case I see exactly the same POST request to /login endpoint within browser console and server logs (docker logs) followed by /selectchallenge (2FA provider) - in your case this might be different if you didnā€™t enable multi-factor authentication

as you are lucky to have both working and non-working user in your system I would recommend you to follow the logs of your browser, server and reverse proxy and identify the differenceā€¦

P.S. earlier you posted a POST request - did the log belong to the working request or did something change?

Ok, but what do you say about the oddness of the different IPv6 addresses that I reported?

Doesnā€™t make sense. First I didnā€™t have to port forward an IPv6 address before and secondly, if this were the case then no user would be able to log into NextCloud. Also, which IPv6 would I forward and to where?

Oddly, a POST request pops up about a minute or two after I get the failure message in the browser. Thatā€™s why you didnā€™t see it before. I thought it was done logging stuff. Here it is in this log:

Wizard Jupiter:docker logs nextcloud
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.12. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.12. Set the 'ServerName' directive globally to suppress this message
[Mon Oct 24 12:52:48.064443 2022] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.54 (Debian) PHP/8.0.24 configured -- resuming normal operations
[Mon Oct 24 12:52:48.064524 2022] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:53:01 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1691 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:54:02 -0700] "GET / HTTP/1.1" 302 998 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:12:53:05 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1583 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:54:03 -0700] "GET /index.php/login HTTP/1.1" 200 6770 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:54:08 -0700] "GET /dist/core-common.js?v=fc579593-4 HTTP/1.1" 200 2130444 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:54:09 -0700] "GET /index.php/apps/theming/image/background?v=4 HTTP/1.1" 200 2503060 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:54:09 -0700] "GET /index.php/apps/theming/manifest?v=4 HTTP/1.1" 200 1701 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:54:15 -0700] "POST /index.php/login HTTP/1.1" 303 1238 "-" "Mozilla/5.0 (X11; Linux x86_64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:12:59:36 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1685 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:12:59:36 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1571 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:13:03:33 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1689 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:13:03:33 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1573 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:13:09:09 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1687 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:13:09:09 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1575 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:13:15:55 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1687 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:13:15:55 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1571 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:13:17:51 -0700] "GET /index.php/login HTTP/1.1" 200 6871 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:13:19:10 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1689 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:13:19:10 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1571 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:13:23:17 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1691 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:13:23:17 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1577 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - - [24/Oct/2022:13:28:04 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1691 "-" "-"
2603:8000:3602:5720:c073:9dfd:25eb:8960 - andrew [24/Oct/2022:13:28:04 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1569 "-" "-"
Wizard Jupiter:

Seems to be throwing a 303 which I find here - 303 See Other - HTTP | MDN.

It really seems like Nextcloud is presenting the login screen, taking way too long to authenticate me then switches perhaps to IPv6 or something and gets lost.

BTW why the periodic ā€œGET /remote.php/webdav/ā€ requests? Some of which succeed (200) and some which fail (401)?

As I said before, I donā€™t know where these reverse proxy logs might be. Iā€™ve checked the server logs (AFAICT), the docker logs, and the browser inspect things and have posted all my results. I donā€™t know where else to look or what else to do.

I do see that Synology uses nginx and doesnā€™t even have Apache installed. Looking into the docker container I see that NextCloud is using Apache and Apache logs are wired to stdout and stderr thus appearing in the docker logs.

ok, as you are not ready to accept my assistance Iā€™m out of ideas. I wish you good luck resolving your issueā€¦

Well, thatā€™s extremely dismissive. Where did I say I was not ready to accept your assistance? All I said was it doesnā€™t make sense that I would need to add a port forward for the IPv6 address because I didnā€™t have to do that before and the fact that others are able to successfully login without any additional IPv6 port forward. You gotta admit that that last point surely seems to support that this suggestion doesnā€™t make sense.

But I would be willing to try it however as I pointed out before, I seem to have two different IPv6 addresses that different pieces of software think I have.

The Synology seems to think that the proper IPv6 address is 2603:8000:3602:5720:211:32ff:fed1:7025. In fact, if I change that address in the Synology DDNS settings then all of my other docker apps refuse to connect with ā€œSecure Connection Failedā€ and SSL_ERROR_RX_RECORD_TOO_LONG.

And when I go to places like https://test-ipv6.com it reports my IPv6 address is 2603:8000:3602:5720:8d53:448f:91dd:6808.

So the question would be which of these two IPv6 addresses should I port forward? And, to which port do I forward from and to?

Iā€™ve tried to add port forwards for 2603:8000:3602:5720:211:32ff:fed1:7025 to both port 8080 and port 80. Even tried forwarding port 443. Same failure.

Note I have a Google Nest Wifi and Iā€™m told to set port forwards using the Google Home app. When doing the port forward I can choose a device. The device is my Synology and the Google Home app presents me with 2603:8000:3602:5720:211:32ff:fed1:7025 as an IPv6 address for that device. Further (I havenā€™t done IPv6 port forwards before) it only has one edit box for the port. So I added three IPv6 port forwards for that address and ports 80, 8080, and 443. Tried to log into Nextcloud as my user - it failed as before.

Google Nest Wifi has a setting to enable IPv6. I tried disabling that and still had the same problem.

I donā€™t think anything above indicates that Iā€™m not ready to accept your assistance, indeed, Iā€™m trying to do the things you suggest. They are just not working.

I spend lot of time trying to understand your issue, but you didnā€™t seriously follow my adviceā€™s to understand your system, compare working and non-working logs.

I definitely agree from what you posted it makes no sense one use can login and another not (assuming the fact everything is the same)ā€¦ but discussing about what makes sense and what not doesnā€™t head us into right direction.

As you stated you are an engineer I take this statement as kidding - you must be aware the IP address of your client is different from your server. The router must point to the server addressā€¦

I donā€™t really understand what you are looking for - port 80 (often 8080 as well) is for plain http, port 443 is for TLS/SSL secured https. Depending on your setup the one or another can be right but it depends on your setup

Please review your configuration, understand whether your Synology/Nextcloud runs http or https, if there is a reverse proxy or not, collect right log files and come backā€¦ Iā€™ll be happy to assist you.

Which logs exactly?

I see you canā€™t find where I said I was not ready to accept your assistance. I wonder why you charged me with thatā€¦ Anyway

Hereā€™s the docker log of a successful login of admin

2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:08 -0700] "GET / HTTP/1.1" 302 998 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:09 -0700] "GET /index.php/login HTTP/1.1" 200 6771 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:09 -0700] "GET /index.php/apps/theming/image/background?v=4 HTTP/1.1" 200 2503060 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:09 -0700] "GET /dist/core-common.js?v=fc579593-4 HTTP/1.1" 200 2130444 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:10 -0700] "GET /index.php/apps/theming/manifest?v=4 HTTP/1.1" 200 1703 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:19 -0700] "POST /index.php/login HTTP/1.1" 303 1235 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:22 -0700] "GET /index.php/apps/dashboard/ HTTP/1.1" 200 10950 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:23 -0700] "GET /index.php/css/icons/icons-vars.css?v=1666725157 HTTP/1.1" 200 32455 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:23 -0700] "GET /apps/activity/js/activity-dashboard.js?v=fc579593-4 HTTP/1.1" 200 286834 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:23 -0700] "GET /apps/notifications/js/notifications-main.js?v=fc579593-4 HTTP/1.1" 200 351634 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:23 -0700] "GET /apps/activity/js/activity-sidebar.js?v=fc579593-4 HTTP/1.1" 200 330726 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:23 -0700] "GET /apps/viewer/js/viewer-main.js?v=fc579593-4 HTTP/1.1" 200 365177 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:24 -0700] "GET /ocs/v2.php/search/providers?from=%2Fapps%2Fdashboard%2F HTTP/1.1" 200 1024 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:24 -0700] "GET /index.php/apps/recommendations/api/recommendations/always HTTP/1.1" 200 1222 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:24 -0700] "PUT /index.php/apps/user_status/heartbeat HTTP/1.1" 200 890 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:24 -0700] "PUT /index.php/apps/user_status/heartbeat HTTP/1.1" 200 890 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:24 -0700] "GET /index.php/apps/theming/manifest/dashboard?v=4 HTTP/1.1" 200 1701 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:24 -0700] "GET /ocs/v2.php/apps/weather_status/api/v1/location HTTP/1.1" 200 880 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:24 -0700] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 933 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:25 -0700] "GET /ocs/v2.php/apps/weather_status/api/v1/favorites HTTP/1.1" 200 858 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:25 -0700] "GET /index.php/core/preview?fileId=181422&x=250&y=250 HTTP/1.1" 404 761 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:52:25 -0700] "GET /index.php/core/preview?fileId=181419&x=250&y=250 HTTP/1.1" 404 761 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - andrew [25/Oct/2022:13:51:57 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1571 "-" "-"

And hereā€™s an unsuccessful login for my user:

2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:55:01 -0700] "GET / HTTP/1.1" 302 899 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:55:01 -0700] "GET /index.php/login HTTP/1.1" 200 6771 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:55:07 -0700] "POST /index.php/login HTTP/1.1" 303 1238 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - - [25/Oct/2022:13:59:20 -0700] "GET /remote.php/webdav/ HTTP/1.1" 401 1691 "-" "-"
2603:8000:3602:5720:5ac5:64ec:cd69:42a9 - andrew [25/Oct/2022:13:59:20 -0700] "GET /remote.php/webdav/ HTTP/1.1" 200 1579 "-" "-"
2603:8000:3602:5720:85f1:b235:c5cd:22b7 - andrew [25/Oct/2022:14:00:05 -0700] "PROPFIND /remote.php/dav/files/andrew// HTTP/1.1" 207 1391 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.22.2"

The first two lines in the unsuccessful login appeared before it prompted me to log in. There was a long wait and then the 3rd line with POST in it, appeared about a minute after it displayed the error message indicating it failed to log me in. Subsequent lines all seem to be some sort of polling of webdav.

As I see it the log for the successful login has a bunch of GETs after a POST for the login which makes sense, the admin user was able to log in and Nextcloud preceded to do a bunch of GETs getting information and status. Whereas the unsuccessful login does a POST and then seems to time out.

Huh? If something doesnā€™t make logical sense then it surely is heading us in the right direction to not follow that path right? :confused: You can change ā€œdoesnā€™t make senseā€ to ā€œI donā€™t think this is the right path to go downā€ if it makes you feel better.

You should not take my statement as Iā€™m kidding because Iā€™m not. I realize there are different IP addresses for the client and server. But I wasnā€™t talking about that. I was talking about that if I go to https://test-ipv5.com it tells me that my IPv6 address is 2603:8000:3602:5720:5ac5:64ec:cd69:42a9.

However, nslookup says the IPv6 associated with cloud.defariahome.com is 2603:8000:3602:5720:211:32ff:fed1:7025:

Jupiter:nslookup cloud.defariahome.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
cloud.defariahome.com	canonical name = defaria.synology.me.
Name:	defaria.synology.me
Address: 75.80.5.95
Name:	defaria.synology.me
Address: 2603:8000:3602:5720:211:32ff:fed1:7025

Jupiter:

Plus the DDNS setting on the Synology also says that same IPv6 address:

Unfortunately, Synologyā€™s DSM does not show the full IPv6 address but on the previous screen it does:

So my confusion is which IPv6 address represents the serverā€™s address for cloud.defariahome.com? 2603:8000:3602:5720:5ac5:64ec:cd69:42a9 as reported by https://test-ipv6.com or 2603:8000:3602:5720:211:32ff:fed1:7025 as known by DNS with nslookup and who is also configured into the Synology DDNS? My IPv4 address of 75.80.5.95 sure appears to be the IPv4 address of my house as I had to set change that when I moved from the previous IPv4 address before my other docker apps would work.

You said, ā€œOften there are two different sets of port forwards in the routers, one for each protocol family maybe need to create additional IPv6 port forward for you Synology system additionally to existing IPv4ā€¦ā€. I took this to mean maybe I needed to forward an IPv6 port. But which port? The only IPv4 port I have forwarded is 443 to point to my Synology. As I understand it, the reverse proxy will take requests from that secure port, look at the domain name then route the connection to the appropriate port that the docker container is expecting. As I said, I tried all of 80, 8080, and 443. Why 80 and 8080? Well doesnā€™t Nextcloud use 8080? Not sure why I tried to forward 80, but for 443 I thought perhaps the 443 port on IPv4 and IPv6 are separate and distinct and maybe NC started using IPv4, put up the login page, then decided to switch to IPv6 for some reason and then back to :443. It was a simple and quick test to do.

To my knowledge I donā€™t use http, I use only https. Yes, thereā€™s a reverse proxy - that was mentioned in the OP. I collected and reported on all logs that I know about. I mentioned that I donā€™t know where the reverse proxy logs may be. If you can define what the ā€œright log filesā€ are and where they are located Iā€™ll go collect them.

Still canā€™t log in. Anybody else have any ideas?

My server have the same issue. One of my user unable to login when using reverse proxy. But if directly access the server, this user can finally logined in after about 1 minute waiting. This example why nginx (reverse proxy) reports ā€œtime outā€.
Not sure if the login delay is related to the file size of user or not. There are many users under the server.
User A has files size about 900 GB under itā€™s account, it uses about 60 seconds to login in.
User B has file size about 120 GB under itā€™s account, it uses about 10 seconds to login in.
Other users with less files have no login delay.
Still no fixā€¦