Nextcloud version (eg, 10.0.2): 9.0.57
Operating system and version (eg, Ubuntu 16.04): Ubuntu 16.04.2 LTS
Apache or nginx version (eg, Apache 2.4.25): nginx 1.10.0
PHP version (eg, 5.6): php7.0-fpm 7.0.17
Is this the first time you’ve seen this error?: No, I run into this error every time I try to upgrade from ownCloud 8.2.10 to nextcloud 9.0.57 or ownCloud 9.0.8.
Can you reliably replicate it? (If so, please outline steps):
- Upgrade to nextcloud 9.0.57 via
occ upgradecommand - Wait until the upgrade finished successfully
- Edit nginx vHost file following the examples in Nextcloud 9 Server Administration Manual
- Restart php7.0-fpm and nginx
- Try to login with any existing user account to the webinterface
- Got an “504 Gateway Time-out”
The issue you are facing:
Can not log in to the webinterface as any existing user. Got “504 Gateway Time-out” error.
The output of your Nextcloud log in Admin > Logging:
Could not catch that log because I could not log in.
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'trusted_domains' =>
array (
0 => 'nc.my-it-brain.de',
),
'dbtype' => 'mysql',
'version' => '9.0.57.2',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'installed' => true,
'forcessl' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_from_address' => 'owncloud',
'mail_domain' => 'my-it-brain.de',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'loglevel' => '3',
'theme' => '',
'maintenance' => false,
'trashbin_retention_obligation' => 'auto',
'updater.release.channel' => 'stable',
);
The output of your Apache/nginx/system log in /var/log/____:
2017/04/11 19:01:45 [error] 7538#7538: *27723 upstream timed out (110: Connection timed out) while reading response header from upstream, client: XXX.XXX.XXX.XXX, server: nc.my-it-brain.de, request: "POST / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9200", host: "nc.my-it-brain.de"
Here is my vHost configuration file for nextcloud:
## BEGIN NEXTCLOUD CONFIGURATION ###############################################
upstream nc-php-handler {
server 127.0.0.1:9200;
}
server {
listen 80;
listen [::]:80;
server_name nc.my-it-brain.de;
return 301 https://$server_name$request_uri; # enforce https
}
server {
# Listen on Port 443
listen 443 ssl;
listen [::]:443 ssl;
server_name nc.my-it-brain.de;
ssl_certificate /path/to/crt;
ssl_certificate_key /path/to/key;
ssl_ciphers 'some ciphers';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dh_params.pem;
# Add headers to serve security related headers
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /path/to/$host/nextcloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Path to the logfiles
access_log /path/to/nginx_access.log combined;
error_log /path/to/nginx_error.log error;
# Standardconfiguration from owncloud.org following
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_read_timeout 120;
fastcgi_pass nc-php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to assets
access_log off;
}
}
## END NEXTCLOUD CONFIGURATION #################################################
I really got stuck on this. I could not find any mistake in the vhost configuration file. When I try to login I only got the error in nginx error log. There is no entry in the php7.0-fpm.log. I don’t know what’s wrong here, I just could not see it.
Any help would be appreciated.
Kind regards,
Tronde
Edit: I filed the issue 4081 on GitHub, but I’m not certain if this is a bug or a layer 8 issue.
