-
Hello,
Since yesterday and my activation of the U2F/TOTP login on my NextCloud, the login process is very long.
So long as my keepass2android get a timeout, and keepass webDAV PC too...After un-activation and delete plugin, probleme is still there, and with every users.
Any idea ? -
With a 0 loglevel, I didn't see anything.
But logs show that :
Apr 12 08:56:20 172.18.0.1 - - [12/Apr/2018:08:55:49 +0000] "POST /index.php/login HTTP/1.1" 303 1339 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
Apr 12 08:56:20 127.0.0.1 - - [12/Apr/2018:08:56:20 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) mod_perl/2.0.9 Perl/v5.22.1 (internal dummy connection)" -
@saglagla Can you quickly install another instance of nextcloud and check if that is also slow?
-
Okay, so, late in the night, I've solved the issue :
I've add in the conf.php :
'auth.bruteforce.protection.enabled' =>false,
reload the NextCloud instance and the probleme disapear.The anti-ddos embeded in NextCloud probably blacklist my reverse-proxy IP ;
Also, Where is the apache configuration? In order to avoid this, we need to add "remoteIPHeader X-Forwarded-For" in the apache vhost for NextCloud in order to detect the real IP add. -
The nginx reverse proxy in front of the app is already setting that header https://git.cloudron.io/cloudron/box/blob/master/setup/start/nginx/appconfig.ejs#L104
Not sure if apache needs some further configs for this as well? The local apache config of the app is at https://git.cloudron.io/cloudron/nextcloud-app/blob/master/apache/nextcloud.conf
-
@nebulon said in Nextcloud login very long:
The nginx reverse proxy in front of the app is already setting that header https://git.cloudron.io/cloudron/box/blob/master/setup/start/nginx/appconfig.ejs#L104
Not sure if apache needs some further configs for this as well? The local apache config of the app is at https://git.cloudron.io/cloudron/nextcloud-app/blob/master/apache/nextcloud.conf
That's how I understand the documentation here : https://httpd.apache.org/docs/current/en/mod/mod_remoteip.html#remoteipheader
Nginx forward the the header to apache/NextCloud, but apache/NextCloud don't read it as "the real IP"
-
I have opened https://git.cloudron.io/cloudron/nextcloud-app/issues/42 to track this.
-
@girish Okay, good !
Just to precise, I've check oc_bruteforce_attempts and there were a lot of private IPs in the table (regarding this : https://help.nextcloud.com/t/11-0-2-incredibly-slow-login/9475/19 )Drop the table correct the issue also.
-
Hi! I'm having the same problem with the connection. Could you please specify where I can find this table "oc_bruteforce_attempts" exactly? I've tried but couldn't find the "nextcloud" database. Thanks!
-
@yylevas We are looking into fixing https://git.cloudron.io/cloudron/nextcloud-app/issues/42
-
I ran into this as well. Here is a link to an article I wrote detailing the quick fix... (Hosted on Cloudron!)
https://i-am-will.com/fix-nextclouds-slow-logon/Sometimes NextCloud 13 can become inexplicably slow when logging on. One thing that might be happening is you being put on a block list due to entering your password incorrectly. To fix NextCloud's slow logon due to brute force protection, enter this line:
‘auth.bruteforce.protection.enabled’ => 'false',Into this file:
/app/data/config/config.phpYou will need to enter this in the terminal WITHIN the NextCloud app. Go to your CextCloud app and click the terminal button, then click "repair" this will allow you to make changes that stick. Pop in the line above, and finish your repair by clicking "done repair". (Correct me if I'm wrong on any of the details above)
Now this will get you working, but itsnt recommended long term. People trying to hack into your NextCloud are stopped by this. Typically this table clears itself every 48 hours or so.
Good luck!
V/R,
Will
-
We have pushed an update that contains a fix for this (along with Nextcloud 13.0.8)
-
Still no connection
I also tried to reload with adding this line 'auth.bruteforce.protection.enabled' =>false, into /app/data/config/config.php but it didn't help either. -
@yylevas Is there no connection? Or just a very slow login? This might be a different problem all together.
-
Thank you for replying. I found the problem finally! There was something about failed keys exchanging in windows app's log and I turned off "end-to-end encryption" app and it worked. Sorry for misunderstanding, I'm a little new to everything like this.
-
@yylevas No worries! Glad you found the problem. Breaking stuff is the fastest way to learn!