Update from 27 to 28: DB access denied for user nextcloud

andre_x · February 5, 2024, 4:17pm

I’m using NextCloud behind a Cloudflare tunnel.

Nextcloud version: 28.0.2
Operating system and version: Ubuntu 22.04
Apache or nginx version (eg, Apache 2.4.25): DOCKER IMAGE
PHP version (eg, 7.4): replace me

The issue you are facing:
I’ve just updated from 27.x to 28.0.2 and now the pages works once every 5 times. The other times I get:

Internal Server Error

The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.

Sometimes in the classic NextCLoud UI, sometimes in an empty page, just plain text.
In the logs I just see the 500 error without any hint:
"GET /settings/apps HTTP/1.1" 500 2659 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

Is this the first time you’ve seen this error? Yes

Steps to replicate it:

Update from 27.x to 28
Try to load any Nextcloud page

The output of your Nextcloud log in Admin > Logging:
No Log files, but in the config.php it’s enable

'log_type' => 'owncloud',
'logfile' => '/var/log/nextcloud.log',
'loglevel' => '2',

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'xxxxxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'mydomain.com',
  ),
  'datadirectory' => '/var/www/html/data',
  'overwrite.cli.url' => 'https://mydomain.com',
  'dbtype' => 'mysql',
  'version' => '28.0.2.5',
  'dbname' => 'nextcloud',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxxxxxxxxxxxxxxxxxx',
  'installed' => true,
  'theme' => '',
  'mail_from_address' => 'xxxxxxxxxxxx',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_domain' => 'domain.com',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'xxxxxxxxxxxxxxxx@gmail.com',
  'mail_smtppassword' => 'xxxxxxxxxxxxxxxxxxxxxxx',
  'mail_smtpsecure' => 'tls',
  'maintenance' => false,
  'log_type' => 'owncloud',
  'logfile' => '/var/log/nextcloud.log',
  'loglevel' => '2',
  'log_rotate_size' => '104857600',
  'app_install_overwrite' =>
  array (
    0 => 'gpxpod',
    1 => 'issuetemplate',
    2 => 'twofactor_admin',
  ),
  'encryption.legacy_format_support' => false,
  'encryption.key_storage_migrated' => false,
  'updater.release.channel' => 'stable',
  'default_phone_region' => 'IT',
  'trusted_proxies' =>
  array (
    0 => '172.20.0.250',
  ),
  'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'overwriteprotocol' => 'https',
  'mysql.utf8mb4' => true,
  'twofactor_enforced' => 'true',
  'twofactor_enforced_groups' =>
  array (
  ),
  'twofactor_enforced_excluded_groups' =>
  array (
    0 => 'No_2FA_TEMP',
  ),
  'memories.exiftool' => '/var/www/html/custom_apps/memories/bin-ext/exiftool-amd64-glibc',
  'memories.gis_type' => 1,
  'memories.vod.path' => '/var/www/html/custom_apps/memories/bin-ext/go-vod-amd64',
);

The output of your Apache/nginx/system log in /var/log/____:
I’m using the official (as per the documentation) docker container, where are those logs?

The only logs I can see are the dockers:

"GET /remote.php/dav/files/Userxy/InstantUpload/WhatsApp%20Images/IMG-20240205-WA0011.jpg HTTP/1.1" 500 2659 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.27.0"
"GET /apps/files/api/v1/stats HTTP/1.1" 500 702 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

Reading around I’ve found that somebody noticed slowness like mine when the origin IP was the Cloudflare IP and not the original one. In my logs I see that all the requests are made by the Cloudflare IP. I’ve checked the configuration and the trusted_proxies is there with the correct IP.
The only thing that changed between having no errors and now is the Nextcloud and CLoudflare container updates.

I’ve tried to execute this:
sudo docker exec --user www-data nextcloud-app php occ db:add-missing-indices
And I always get:

An unhandled exception has been thrown:
Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'172.20.0.3' (using password: YES) in /var/www/html/lib/private/DB/Connection.php:139
Stack trace:
#0 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(1654): OC\DB\Connection->connect()
#1 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(1081): Doctrine\DBAL\Connection->getWrappedConnection()
#2 /var/www/html/lib/private/DB/Connection.php(261): Doctrine\DBAL\Connection->executeQuery('SELECT * FROM `...', Array, Array, NULL)
#3 /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(337): OC\DB\Connection->executeQuery('SELECT * FROM `...', Array, Array, NULL)
#4 /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(377): Doctrine\DBAL\Query\QueryBuilder->executeQuery()
#5 /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php(280): Doctrine\DBAL\Query\QueryBuilder->execute()
#6 /var/www/html/lib/private/AppConfig.php(421): OC\DB\QueryBuilder\QueryBuilder->execute()
#7 /var/www/html/lib/private/AppConfig.php(187): OC\AppConfig->loadConfigValues()
#8 /var/www/html/lib/private/AppConfig.php(377): OC\AppConfig->getApps()
#9 /var/www/html/lib/private/App/AppManager.php(128): OC\AppConfig->getValues(false, 'enabled')
#10 /var/www/html/lib/private/App/AppManager.php(149): OC\App\AppManager->getInstalledAppsValues()
#11 /var/www/html/lib/private/legacy/OC_App.php(231): OC\App\AppManager->getInstalledApps()
#12 /var/www/html/lib/private/AppFramework/Bootstrap/Coordinator.php(90): OC_App::getEnabledApps()
#13 /var/www/html/lib/base.php(700): OC\AppFramework\Bootstrap\Coordinator->runInitialRegistration()
#14 /var/www/html/lib/base.php(1200): OC::init()
#15 /var/www/html/console.php(48): require_once('/var/www/html/l...')
#16 /var/www/html/occ(11): require_once('/var/www/html/c...')

But the DB is up and running because I can connect to it:

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| nextcloud          |
| performance_schema |
+--------------------+

What have I done?

andre_x · February 6, 2024, 5:14am

I Just realized that I didn’t put NC in maintenance mode before the update. Could this have caused the problem?

andre_x · February 6, 2024, 8:11am

Following the guide of @wwe in this post I’ve solved the problem of the origin IP, but the problem persist.

andre_x · February 6, 2024, 9:02am

Trying to use the DB from app container I get access denied , even if the user has access from %. I’ve created a new user ‘nextcloud’@‘172.20.0.3’ and now I don’t have any problem to connect to the DB (I have to understand how to make this to work across container restart), but I keep getting 500 Internal server error one out of 5/10 times.

andre_x · February 6, 2024, 9:33am

Ok, I’ve found the problem.
I’ve finally looked at the nextcloud.log (I forgot it existed…ops! ) and I’ve found that it still can’t connect to the DB, but I don’t understand why!
I’ve installed mysql-client in nextcloud-app container and I can connect to the nextcloud db with the nextcloud user without any problem.
Nextcloud.log:

{"reqId":"BQKVlnPrG2DY21Ji2V6R","level":3,"time":"2024-02-06T11:34:07+00:00","remoteAddr":"78.138.33.135","user":"--","app":"index","method":"GET","url":"/apps/calendar/dayGridMonth/now","message":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'172.20.0.3' (using password: YES)","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0","version":"28.0.2.5","exception":{"Exception":"Doctrine\\DBAL\\Exception","Message":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'172.20.0.3' (using password: YES)","Code":1045,"Trace":[{"file":"/var/www/html/3rdparty/doctrine/dbal/src/Connection.php","line":1654,"function":"connect","class":"OC\\DB\\Connection","type":"->","args":[]},{"file":"/var/www/html/3rdparty/doctrine/dbal/src/Connection.php","line":1081,"function":"getWrappedConnection","class":"Doctrine\\DBAL\\Connection","type":"->","args":[]},{"file":"/var/www/html/lib/private/DB/Connection.php","line":261,"function":"executeQuery","class":"Doctrine\\DBAL\\Connection","type":"->","args":["SELECT * FROM `oc_appconfig`",[],[],null]},{"file":"/var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php","line":337,"function":"executeQuery","class":"OC\\DB\\Connection","type":"->","args":["SELECT * FROM `oc_appconfig`",[],[],null]},{"file":"/var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php","line":377,"function":"executeQuery","class":"Doctrine\\DBAL\\Query\\QueryBuilder","type":"->","args":[]},{"file":"/var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php","line":280,"function":"execute","class":"Doctrine\\DBAL\\Query\\QueryBuilder","type":"->","args":[]},{"file":"/var/www/html/lib/private/AppConfig.php","line":421,"function":"execute","class":"OC\\DB\\QueryBuilder\\QueryBuilder","type":"->","args":[]},{"file":"/var/www/html/lib/private/AppConfig.php","line":187,"function":"loadConfigValues","class":"OC\\AppConfig","type":"->","args":[]},{"file":"/var/www/html/lib/private/AppConfig.php","line":377,"function":"getApps","class":"OC\\AppConfig","type":"->","args":[]},{"file":"/var/www/html/lib/private/App/AppManager.php","line":128,"function":"getValues","class":"OC\\AppConfig","type":"->","args":[false,"enabled"]},{"file":"/var/www/html/lib/private/App/AppManager.php","line":149,"function":"getInstalledAppsValues","class":"OC\\App\\AppManager","type":"->","args":[]},{"file":"/var/www/html/lib/private/legacy/OC_App.php","line":231,"function":"getInstalledApps","class":"OC\\App\\AppManager","type":"->","args":[]},{"file":"/var/www/html/lib/private/AppFramework/Bootstrap/Coordinator.php","line":90,"function":"getEnabledApps","class":"OC_App","type":"::","args":[]},{"file":"/var/www/html/lib/base.php","line":700,"function":"runInitialRegistration","class":"OC\\AppFramework\\Bootstrap\\Coordinator","type":"->","args":[]},{"file":"/var/www/html/lib/base.php","line":1200,"function":"init","class":"OC","type":"::","args":[]},{"file":"/var/www/html/index.php","line":37,"args":["/var/www/html/lib/base.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/DB/Connection.php","Line":139,"message":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'172.20.0.3' (using password: YES)","exception":{},"CustomMessage":"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'172.20.0.3' (using password: YES)"}}

jtr · February 6, 2024, 3:31pm

None of these things happy during a general update of the Docker image unless you changed something else or are doing something unusual.

Can you post your Docker Compose file?

Is this how you upgraded?

docker compose pull
docker compose up -d

?

Also, please provide the output of occ config:list system rather then posting your raw config.php. The Docker image uses multiple config files. You likely aren’t seeing your real config.

andre_x · February 6, 2024, 5:48pm

I’ve discovered that the container was pointing to the wrong db container (because I had more than 1 with the same name).
I’ve chenged them all, I’ve even used the IP instead of the name, but nextcloud app is still pointing to the wrong container because I’ve done a netstat and I can see my connection when I connect manually with mysql client (from inside the nextcloud app container), but I can’t see any other connection.
I don’t understand how it can point to another container if I use the IP of the correct one…

andre_x · February 7, 2024, 8:18am

Problem solved: the config.php still had
'dbhost' => 'db' instead of 'dbhost' => 'nextcloud-db'

system · February 15, 2024, 8:18am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.