[BUG] Security Check Does Not Complete
Opened this issue · 4 comments
Silun commented
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
The Security & setup warnings self check under administration settings -> overview always throw this error:
Error occurred while checking server setup.
There are no related log entries about this, nextcloud.log only contains notices about
[jsresourceloader] Error: Could not find resource files_pdfviewer/js/files_pdfviewer-main.js to load
GET /settings/user
from 111.222.333.13 by admin at Nov 22, 2024, 8:28:33 PM
as well as 2x from right after the installation, but never again:
[cron] Error: Not installed
from ? by -- at Nov 22, 2024, 5:00:00 AM
Expected Behavior
The check should complete.
Steps To Reproduce
Start up the container, go through installation. After login, go to administration settings and be presented the error.
Environment
- OS: Ubuntu 24.04
- How docker service was installed: Via the script on https://get.docker.com
- I am not using a reverse proxy, I am just directly connecting to the container via port 4443 on the host.
- I tried with bind mounts and volumes but the issue remains.CPU architecture
x86-64
Docker creation
---
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:previous
container_name: nextcloud
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- config:/config
- data:/data
ports:
- 4443:443
restart: unless-stopped
volumes:
config:
data:Container logs
# docker logs nextcloud
[migrations] started
[migrations] 01-nginx-site-confs-default: executing...
[migrations] 01-nginx-site-confs-default: succeeded
[migrations] 02-default-location: executing...
[migrations] 02-default-location: succeeded
[migrations] done
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
Linuxserver.io version: 29.0.9-ls21
Build-date: 2024-11-19T11:51:48+00:00
───────────────────────────────────────
Setting resolver to 127.0.0.11
Setting worker_processes to 2
generating self-signed keys in /config/keys, you can replace these with your own keys if required
##################################################################################################
Initializing nextcloud 29.0.9.2 (this can take a while) ...
Setting permissions
New nextcloud instance
Please run the web-based installer on first connect!
Initializing finished
After completing the web-based installer, restart the Nextcloud container to apply default memory caching and transactional file locking configurations.
Alternatively, you can apply your own configurations by editing /config/www/nextcloud/config/config.php following the documentation:
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html
https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/files_locking_transactional.html
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Exception: Not installed in /app/www/public/lib/base.php:284
Stack trace:
#0 /app/www/public/lib/base.php(723): OC::checkInstalled()
#1 /app/www/public/lib/base.php(1189): OC::init()
#2 /app/www/public/cron.php(58): require_once('...')
#3 {main}
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] 02-default-location: skipped
[migrations] done
usermod: no changes
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
Linuxserver.io version: 29.0.9-ls21
Build-date: 2024-11-19T11:51:48+00:00
───────────────────────────────────────
using keys found in /config/keys
System config value memcache.local set to string \OC\Memcache\APCu
System config value filelocking.enabled set to boolean true
System config value memcache.locking set to string \OC\Memcache\APCu
System config value upgrade.disable-web set to boolean true
[custom-init] No custom files found, skipping...
[ls.io-init] done.
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] 02-default-location: skipped
[migrations] done
usermod: no changes
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
Linuxserver.io version: 29.0.9-ls21
Build-date: 2024-11-19T11:51:48+00:00
───────────────────────────────────────
using keys found in /config/keys
[custom-init] No custom files found, skipping...
[ls.io-init] done.
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] 02-default-location: skipped
[migrations] done
usermod: no changes
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
Linuxserver.io version: 29.0.9-ls21
Build-date: 2024-11-19T11:51:48+00:00
───────────────────────────────────────
using keys found in /config/keys
[custom-init] No custom files found, skipping...
[ls.io-init] done.github-actions commented
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
j0nnymoe commented
Happening during initial setup - needs to be tested internally.
https://canary.discord.com/channels/354974912613449730/1311096945913368616
j0nnymoe commented
Bug was happening on ubuntu 24.04 - potentially an issue with the distro/docker packages.
Silun commented
I should add that I always get a 504 gateway time-out error on this machine during installation. After refreshing the page, I am at the login page. Whenever I get the 504 error, the following is also true:
- Nextcloud does not ask me which apps to install, that part gets skipped over
- The first login attempt will fail, the second one will work
- I can see no entries in the log about this at all
And of course the error this issue is about occurs. I have tried to set timeouts to 3600 seconds prior to installation, via the config files in /config/, but to no avail. Nextcloud AIO works without a hitch on the same machine, so if the timeout interrupts the installation and it doesn't quite finish, then it would probably be something specific to LSIO's container - just an idea. I haven't seen this issue with other deployment methods so far.
Edit: After setting the log level to debug, I found this by searching for "timeout" in the ~3000 lines of logs:
{"reqId":"AzPzafGA0RduKb0HH4Cd","level":0,"time":"2024-11-27T02:20:38+00:00","remoteAddr":"77.22.4.123","user":"admin","app":"settings","method":"GET","url":"/settings/ajax/checksetup","message":"Can not connect to local server for running setup checks","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36","version":"29.0.9.2","exception":{"Exception":"GuzzleHttp\\Exception\\ConnectException","Message":"cURL error 28: Failed to connect to 185.85.241.82 port 4444 after 10003 ms: Timeout was reached (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for http://185.85.241.82:4444/ocm-provider/","Code":0,"Trace":[{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":158,"function":"createRejection","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":110,"function":"finishError","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php","line":47,"function":"finish","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":142,"function":"__invoke","class":"GuzzleHttp\\Handler\\CurlHandler","type":"->"},{"file":"/app/www/public/lib/private/Http/Client/DnsPinMiddleware.php","line":123,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php","line":35,"function":"OC\\Http\\Client\\{closure}","class":"OC\\Http\\Client\\DnsPinMiddleware","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":31,"function":"__invoke","class":"GuzzleHttp\\PrepareBodyMiddleware","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php","line":71,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":63,"function":"__invoke","class":"GuzzleHttp\\RedirectMiddleware","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php","line":75,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Client.php","line":333,"function":"__invoke","class":"GuzzleHttp\\HandlerStack","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Client.php","line":169,"function":"transfer","class":"GuzzleHttp\\Client","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Client.php","line":189,"function":"requestAsync","class":"GuzzleHttp\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/lib/private/Http/Client/Client.php","line":494,"function":"request","class":"GuzzleHttp\\Client","type":"->"},{"file":"/config/www/nextcloud/apps/settings/lib/SetupChecks/CheckServerResponseTrait.php","line":145,"function":"request","class":"OC\\Http\\Client\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/config/www/nextcloud/apps/settings/lib/SetupChecks/OcxProviders.php","line":71,"function":"runRequest","class":"OCA\\Settings\\SetupChecks\\OcxProviders","type":"->"},{"file":"/app/www/public/lib/private/SetupCheck/SetupCheckManager.php","line":51,"function":"run","class":"OCA\\Settings\\SetupChecks\\OcxProviders","type":"->"},{"file":"/config/www/nextcloud/apps/settings/lib/Controller/CheckSetupController.php","line":183,"function":"runAll","class":"OC\\SetupCheck\\SetupCheckManager","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":232,"function":"check","class":"OCA\\Settings\\Controller\\CheckSetupController","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":138,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/App.php","line":184,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/Route/Router.php","line":331,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/app/www/public/lib/base.php","line":1058,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/app/www/public/index.php","line":49,"function":"handleRequest","class":"OC","type":"::"}],"File":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","Line":210,"message":"Can not connect to local server for running setup checks","exception":{},"url":"http://185.85.241.82:4444/ocm-provider/","CustomMessage":"Can not connect to local server for running setup checks"}}
Edit2: It was indeed a timeout issue. I followed this reddit post, editing nginx.conf, php.ini and www2.conf:
- Added
fastcgi_read_timeout 86400;to the http section ofnginx.conf - Added
php_admin_value[max_input_time] = 86400andphp_admin_value[max_execution_time] = 86400tophp.ini - Added
php_admin_value[max_input_time] = 86400andphp_admin_value[max_execution_time] = 86400towww2.conf
Of course the timeout is a little on the high side, so I may go a fair bit lower, but all three things got fixed by this:
- The 504 error does not appear any more during installation
- Nextcloud will now ask me which apps to install
- The security check will now complete
Might I suggest that the default values for the container be increased a little bit? Or that some form of hint is dropped when the timeout hits during installation? FAQ entry maybe? Just anything really, so that people don't stumble around in darkness like me. Thanks again for the help troubleshooting :)