Why I have connections to Akamai technologies?

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 12.0.2): 13.0.5
Operating system and version (eg, Ubuntu 17.04): CentOS 7
Apache or nginx version (eg, Apache 2.4.25): Nginx 1.15.2
PHP version (eg, 7.1): 7.2.8

The issue you are facing:
I’ve been thinking what is the purpose of the connectios to Akamai technologies? Some times when someone connects to my Nextcloud, server connects to Akamai. I know that many companies are using Akamai’s services, but why Nextcloud?

Is this the first time you’ve seen this error? (Y/N): n

Steps to replicate it:

  1. Start collecting log from connections out
  2. Read log
11:32:36.063563 IP my.vps.com.47587 > a95-100-96-226.deploy.static.akamaitechnologies.com
12:07:52.037326 IP my.vps.com.50644 > a23-46-210-169.deploy.static.akamaitechnologies.com
and so on

The output of your Nextcloud log in Admin > Logging:

PASTE HERE

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

PASTE HERE

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE
2

One suspect is the app store. It loads a lot of external content from different locations (each app developer hosts his own code at his chosen location). After that there is the app server itself, but it doesn’t use akami as far as I know.

Some apps might also load external content: weather app, radio app, news app, …

3

At the moment I have enabled the apps listed below.

  • Collaborative tags
  • Comments
  • Deleted files
  • External storage support
  • File sharing
  • Gallery
  • Log Reader
  • Monitoring
  • Password policy
  • PDF viewer
  • Preview Generator
  • Update notification
  • Versions
  • Video player

And still have connections to Akamai.

Testing now what happens if I block connections in and out from/to 23.64.0.0/14, 23.32.0.0/11 and 95.100.97.255/23… Page loads ok and basic things looks ok.

If it’s the app store, am I missing updates or/and somethin else?

4

Hi,

How exactly did you discover this connection? Simple netstat (or ss) or somewhere in the nextcloud logs?

If it was netstat/ ss could you check which process opened the connection to akamai?
netstat -anp
ss -anp

5

With tcpdump
tcpdump -ni any -w ~/synconnections.pcap tcp[13] == 2 and src host my.vps.ip
That command shows synconnections out.

With this command (or similar, can’t remember…)
while true;do ss -ntap -o state established 'dst 23.48.32.1/16 or dst 23.46.210.1/16' >> test; sleep 1; done
I got
23.48.32.99:80 users:(("nginx",pid=1175,fd=25)) timer:(on,400ms,0)
Destinations are Akamai Technologies.

Most of the connections starts to Akamai when someone visits my Nextcloud. There are few connections to Akamai, which start without any sign in the logs. (access.log, journalctl…)

To the people whose reading this. Those connections are very probably “good connections”. I’m just very interested why those happens. :wink: