Unable to login when using redis as memcache

[krisko]

Hi,
I'm unable to login to freshly installed instance with redis enabled.

config.php section:

'memcache.local' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'nextcloud-redis-master',
    'port' => '6379',
  ),

After login, I'm redirected to login?redirect_url=/apps/files/ URL but then the login page just reloads and I'm stuck on login page again. There are no entries in nextloud.log.

It works on 18.0.12 version.

[cluk1]

I had the same issue. In my case it was caused by some special characters contained in the redis password I used.

The underlying issue might be that the session handling is configured to be in the redis db but something in the redis setup is not fully working. That leads to being redirected to the login page indefinitely.

[agates]

If you are using https behind a reverse proxy (for example I have ingress set up with a Linode NodeBalancer), you may need to set overwriteprotocol to https.

This appears to be a known quirk with redis and reverse proxies for any nextcloud setup, because the server can't redirect the user appropriately -- meaning no error until security token lookup.

Note that if you migrate an existing installation that already has app passwords set up, those app passwords work without this workaround.

[krisko]

Thaks for reply,
I didn't ave much time to share my values.yaml file, so here it is now. Maybe someone can pinpoint something wrong in it.

When I've installed nextcloud 18 with this conf it worked perfectly. After upgrade to 19.0.6 it does not work. Doing fresh install with the values.yaml and version 19 does not help either.
You can see that I don't use redis password, and that I have set overwriteprotocol.

---
  image:
    tag: 19.0.6
  ingress:
    enabled: true
  nextcloud:
    host: k3s-vg
    mail:
      enabled: true
      fromAddress: mailname
      domain: domain.eu
      smtp:
        host: smtp.domain.eu
        name: "mail@domain.eu"
        password: somepassword
    configs:
      custom.config.php: |-
        <?php
        $CONFIG = array (
          'overwriteprotocol' => 'https',
          'trusted_proxies'   => ['192.168.1.22'],
          'trusted_domains'   => ['k3s-vg'],
          'memcache.local' => '\\OC\\Memcache\\Redis',
          'filelocking.enabled' => 'true',
        );
  redis:
    enabled: true
    usePassword: false
    global:
      storageClass: longhorn-ssd
  nginx:
    enabled: false
  internalDatabase:
    enabled: false
  externalDatabase:
    enabled: true
    type: postgresql
    host: nextcloud-postgresql
    password: changeme
  postgresql:
    enabled: true
    persistence:
      enabled: true
      existingClaim: lh-nextcloud-db
    postgresqlUsername: nextcloud
    postgresqlPassword: changeme
    postgresqlDatabase: nextcloud
    livenessProbe:
      initialDelaySeconds: 150
    volumePermissions:
      enabled: true
  persistence:
    enabled: true
    existingClaim: lh-nextcloud
    size: 3Gi

EDIT:

Trying install with basic value.yaml and again I'm stuck at login page

---
  image:
    tag: 19.0.6
  ingress:
    enabled: true
  nextcloud:
    host: k3s-vg
    configs:
      custom.config.php: |-
        <?php
        $CONFIG = array (
          'trusted_proxies'   => ['192.168.1.22'],
          'trusted_domains'   => ['k3s-vg'],
          'memcache.local' => '\\OC\\Memcache\\Redis',
          'filelocking.enabled' => 'true',
        );
  redis:
    enabled: true
    usePassword: false
    global:
      storageClass: longhorn-ssd
  internalDatabase:
    enabled: true

[krisko]

Works with following configuration:

    configs:
      zcustom.config.php: |-
        <?php
        $CONFIG = array (
          'overwriteprotocol' => 'https',
          'trusted_domains'   => ['k3s-vg'],
          'memcache.local' => '\\OC\\Memcache\\Redis',
          'filelocking.enabled' => 'true',
          'memcache.distributed' => '\\OC\\Memcache\\Redis',
          'memcache.locking' => '\\OC\\Memcache\\Redis',
          'redis' =>
            array (
              'host' => 'nextcloud-redis-master',
              'password' => 'asdQWEasd',
              'port' => 6379,
            ),
        );

[marvinosswald]

Your config sadly doesn't work for me, how important it the overwriteprotocol to https part ? As it's the only part i changed to http

[tvories]

@marvinosswald when you say the config isn't working, are you having login issues with redis enabled?

[marvinosswald]

yes exactly, to be precise with two replicas and redis.

EDIT: sometimes i also land on an apache default Forbidden page but as soon as i reduce the replicas to 1 everything works which makes it a redis issue i guess.

my config:

redis:
  enabled: true # causes nextcloud to miss sessions
  usePassword: true
  password: *****
internalDatabase:
  enabled: false
mariadb:
  enabled: true
  password: *****
hpa:
  enabled: true
  minPods: 2
metrics:
  enabled: true
startupProbe:
  enabled: true
  initialDelaySeconds: 120
cronjob:
  curlInsecure: true
  enabled: false
ingress:
  enabled: true
  apiVersion: networking.k8s.io/v1beta1
nextcloud:
  defaultConfigs:
    \.redis\.config\.php: false
  configs:
    zcustom.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_proxies' => ['10.1.150.0/24'],
        'trusted_domains'   => ['nextcloud.k8s.internal', 'nextcloud','10.1.150.*'],
        'filelocking.enabled' => 'true',
        'memcache.local' => '\\OC\\Memcache\\Redis',
        'memcache.distributed' => '\\OC\\Memcache\\Redis',
        'memcache.locking' => '\\OC\\Memcache\\Redis',
        'redis' =>
          array (
            'host' => 'nextcloud-redis-master',
            'password' => '****',
            'port' => 6379,
          ),
      );
  host: nextcloud.k8s.onprem.svg.de
  password: ****
  extraVolumes:
  - name: samba
    persistentVolumeClaim:
      claimName: nextcloud-smb-mount
  extraVolumeMounts:
  - name: samba
    mountPath: /var/www/samba
resources:
  requests:
    memory: "1500Mi"
    cpu: "900m"
  limits:
    memory: "2500Mi"
    cpu: "1200m"

[tvories]

Can you try editing the nextcloud config map and adding the following: 'password' => getenv('REDIS_HOST_PASSWORD'),

Under redis.config.php:

...
redis.config.php: |-
    <?php
    if (getenv('REDIS_HOST')) {
      $CONFIG = array (
        'memcache.distributed' => '\OC\Memcache\Redis',
        'memcache.locking' => '\OC\Memcache\Redis',
        'redis' => array(
          'host' => getenv('REDIS_HOST'),
          'port' => getenv('REDIS_HOST_PORT') ?: 6379,
          'password' => getenv('REDIS_HOST_PASSWORD'), <-- ADD THIS LINE
        ),
      );
    }
...

[marvinosswald]

i'm trying now, but why could this be better then the string directly ?

EDIT: didn't change the behaviour

[tvories]

Make sure after you change that line that you delete the nextcloud pod and have it redeploy.

The configmap issue is being worked on in #56

[marvinosswald]

i've completely deleted the helm install and redeployed from there still no luck. Anything else i could try or logs to search for ?

[tvories]

What's your ./occ status inside the container?

[marvinosswald]

Console has to be executed with the user that owns the file config/config.php

i'm root and can't open ./occ with the message above.

[tvories]

OK, su to www-data user: su www-data -s /bin/bash and then try and run it again.

[marvinosswald]

Container 1

• installed: true
• version: 19.0.3.1
• versionstring: 19.0.3
• edition:

Log

Conf remoteip disabled.
To activate the new configuration, you need to run:
  service apache2 reload
Configuring Redis as session handler
Initializing nextcloud 19.0.3.1 ...
Initializing finished
New nextcloud instance
Installing with MySQL database
starting nextcloud installation
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
 ->
retrying install...
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
 ->
retrying install...
Nextcloud was successfully installed
setting trusted domains…
System config value trusted_domains => 1 set to string nextcloud.k8s.onprem.svg.de
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.43. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.43. Set the 'ServerName' directive globally to suppress this message
[Mon Feb 08 20:11:48.559323 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.11 configured -- resuming normal operations
[Mon Feb 08 20:11:48.559391 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.1.150.1 - - [08/Feb/2021:20:12:53 +0000] "GET /status.php HTTP/1.1" 200 1587 "-" "kube-probe/1.20+"

Container 2

Nextcloud is not installed - only a limited number of commands are available

• installed: false
• version: 19.0.3.1
• versionstring: 19.0.3
• edition:

Container 2 specific observations

• The container boots the first time and goes into an endless The username is already being used loop until finally failing the installation
• then kubernetes restarts the container because it hit some timeout
• now the new iteration doesn't try to install at all because, i guess, the CAN_INSTALL Flag is already gone
• container 2 becomes ready nonetheless but is actually dead

Logs

Conf remoteip disabled.
To activate the new configuration, you need to run:
  service apache2 reload
Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.40. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.40. Set the 'ServerName' directive globally to suppress this message
[Mon Feb 08 20:12:36.397707 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.11 configured -- resuming normal operations
[Mon Feb 08 20:12:36.397768 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.1.150.1 - - [08/Feb/2021:20:14:38 +0000] "GET /status.php HTTP/1.1" 200 1580 "-" "kube-probe/1.20+"

Very interesting!

Observations:

• The working container, 1, is the one being ready first
• The faulty container, 2, boots second and the container gets restarted in the beginning once every time.
• i have hpa activated with a min pod of 2
• I see a CAN_INSTALL file missing error (see more in Container 2 specific observations)

[marvinosswald]

Solution

One can't have multiple nextcloud containers without a shared persistence !

Added some documentation on the topic: #72