Unable to login: Current user is not logged in at [...] SecurityMiddleware.php line 143

McNulty · June 23, 2021, 9:51pm

Hey ho!

I just installed NC 21.0.2 (fpm version) with an external mongoDB & redis on K8s. The Ingress (including SSL) is handled by traefik. Unfortunatly I’m not able to login with my admin account so I changed the log level to debug and found:

 Debug   core            OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException: Current user is not logged in at          2021-06-23T21:27:48+00:00
                          .../Middleware/Security/SecurityMiddleware.php line 143

                          0. .../MiddlewareDispatcher.php line 98
                             OC\AppFramework\Middleware\Security\SecurityMiddleware->beforeController(
                               OCA\Dashboard\Controller\DashboardCon ... {},
                               "index"
                             )
                             [...]

My config looks like this:

$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis-master.nextcloud.svc.cluster.local',
    'password' => '[redacted]',
    'port' => 6379,
  ),
  'passwordsalt' => '[redacted]',
  'secret' => '[redacted]',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '[redacted]',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '21.0.2.1',
  'overwrite.cli.url' => 'http://localhost',
  'overwriteprotocol' => 'https',
  'overwritehost' => '[redacted]',
  'dbname' => 'nextcloud',
  'dbhost' => 'mariadb.nextcloud.svc.cluster.local',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '[redacted]',
  'installed' => true,
  'instanceid' => 'ocq2y4s0opkf',
  'loglevel' => 0,
  'maintenance' => false,
);

I checked that the redis connection does actually work using redis-cli and was able to find a bunch of keys so the redis connection should be fine.
Another thing I tried is using APCu instead of redis but that does’nt change anything.
All webrequest are either 200 or 300 so there was nothing to spot as well.
The login page does not show any errors.
I tried to reset my password via occ user:resetpassword but still no success.

Can somebody assist me here?

McNulty · June 25, 2021, 1:13pm

My helm values (might help to spot the issue):

image:
  tag: 21-fpm-alpine

replicaCount: 1

ingress:
  enabled: true
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-security@kubernetescrd
    traefik.ingress.kubernetes.io/router.entrypoints: websecure 

nextcloud:
  host: [redacted]
  existingSecret:
    enabled: true
    secretName: nextcloud-web
    usernameKey: username
    passwordKey: password

  update: 0

  configs:
    trusted-domain.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_domains' =>
        array (
          0 => 'localhost',
          1 => '[redacted]'
        ),
      );

nginx:
  enabled: true

internalDatabase:
  enabled: false

externalDatabase:
  enabled: true
  type: mysql
  host: nextcloud-mariadb
  database: nextcloud
  existingSecret:
    enabled: true
    secretName: nextcloud-mariadb
    usernameKey: mariadb-user
    passwordKey: mariadb-password

mariadb:
  enabled: true
  image:
    tag: 10.5
  existingSecret: nextcloud-mariadb
  master:
    persistence:
      enabled: true
      storageClass: "nfs-fast"

redis:
  enabled: true
  image:
    tag: 6.2
  cluster:
    enabled: false
  master:
    persistence:
      storageClass: "nfs-fast"
  existingSecret: nextcloud-redis
  existingSecretPasswordKey: redis-password
  
persistence:
  enabled: true
  storageClass: "nfs-slow"
  size: 400Gi

livenessProbe:
  enabled: false
readinessProbe:
  enabled: false
startupProbe:
  enabled: false

metrics:
  enabled: true

rbac:
  enabled: true