[Bug]: Guzzle Connection exception when trying to download any apps

muzzah commented 1 year ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] Nextcloud Server is running on 64bit capable CPU, PHP and OS.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

When trying to donwload an app (e.g Calendar) through the interface orr command line (using occ) the request hangs and timesout.

Steps to reproduce

Install fresh installation of nextcloud (I have it in a docker container) behind an Nginx proxy using the apache image.
Setup nextcloud and try installing an app as admin or user
Request hangs and timesout with no app being installed

Expected behavior

App should be installed

Installation method

Community Docker image

Operating system

Debian/Ubuntu

PHP engine version

None

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

Configuration report

{
    "system": {
        "htaccess.RewriteBase": "\/",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "allow_local_remote_servers": true,
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "overwritehost": "[URL]",
        "overwriteprotocol": "https",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "[URL]"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "25.0.2.3",
        "overwrite.cli.url": "https:\/\/[URL]",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "loglevel": 2,
        "maintenance": false
    }
}

List of activated Apps

Enabled:
  - activity: 2.17.0
  - admin_audit: 1.15.0
  - circles: 25.0.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_pdfviewer: 2.6.0
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - firstrunwizard: 2.14.0
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - nextcloud_announcements: 1.14.0
  - notifications: 2.13.1
  - oauth2: 1.13.0
  - password_policy: 1.15.0
  - photos: 2.0.1
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - recommendations: 1.4.0
  - related_resources: 1.0.3
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - support: 1.8.0
  - survey_client: 1.13.0
  - systemtags: 1.15.0
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - updatenotification: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - weather_status: 1.5.0
  - workflowengine: 2.7.0
Disabled:
  - bruteforcesettings
  - encryption
  - files_external
  - suspicious_login
  - twofactor_totp
  - user_ldap

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"JT0ldKeNKYhIK0aMqZzL","level":3,"time":"2023-01-10T11:57:32+00:00","remoteAddr":"192.168.160.3","user":"nobunaga","app":"settings","method":"POST","url":"/settings/apps/enable","message":"could not enable apps","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:108.0) Gecko/20100101 Firefox/108.0","version":"25.0.2.3","exception":{"Exception":"GuzzleHttp\\Exception\\ConnectException","Message":"cURL error 28: Operation timed out after 120001 milliseconds with 0 out of 0 bytes received (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://objects.githubusercontent.com/github-production-release-asset-2e65be/426190307/1080c7bb-cace-4dec-a838-f1a017fb734b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230110%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230110T115532Z&X-Amz-Expires=300&X-Amz-Signature=9952f69a8c82b796bbc8e5e76c8af7a5b6106a4e70eb2868dd91ab5dd1264763&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=426190307&response-content-disposition=attachment%3B%20filename%3Dpreviewgenerator-v5.1.1.tar.gz&response-content-type=application%2Foctet-stream","Code":0,"Trace":[{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":158,"function":"createRejection","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":[{"__class__":"GuzzleHttp\\Handler\\EasyHandle","sink":{"__class__":"GuzzleHttp\\Psr7\\LazyOpenStream"},"headers":[],"response":null,"request":{"__class__":"GuzzleHttp\\Psr7\\Request"},"options":{"verify":"/var/www/html/data/files_external/rootcerts.crt","timeout":120,"sink":"/tmp/oc_tmp_IFNSoW-.tar.gz","nextcloud":{"allow_local_address":true},"synchronous":true,"0":"And 7 more entries, set log level to debug to see all entries"},"errno":28,"onHeadersException":null,"createResponseException":null},[28,"Operation timed out after 120001 milliseconds with 0 out of 0 bytes received",0,"https://objects.githubusercontent.com/github-production-release-asset-2e65be/426190307/1080c7bb-cace-4dec-a838-f1a017fb734b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230110%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230110T115532Z&X-Amz-Expires=300&X-Amz-Signature=9952f69a8c82b796bbc8e5e76c8af7a5b6106a4e70eb2868dd91ab5dd1264763&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=426190307&response-content-disposition=attachment%3B%20filename%3Dpreviewgenerator-v5.1.1.tar.gz&response-content-type=application%2Foctet-stream",null,"And 36 more entries, set log level to debug to see all entries"]]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":110,"function":"finishError","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":[{"__class__":"GuzzleHttp\\Handler\\CurlHandler"},{"__class__":"GuzzleHttp\\Handler\\EasyHandle","sink":{"__class__":"GuzzleHttp\\Psr7\\LazyOpenStream"},"headers":[],"response":null,"request":{"__class__":"GuzzleHttp\\Psr7\\Request"},"options":{"verify":"/var/www/html/data/files_external/rootcerts.crt","timeout":120,"sink":"/tmp/oc_tmp_IFNSoW-.tar.gz","nextcloud":{"allow_local_address":true},"synchronous":true,"0":"And 7 more entries, set log level to debug to see all entries"},"errno":28,"onHeadersException":null,"createResponseException":null},{"__class__":"GuzzleHttp\\Handler\\CurlFactory"}]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php","line":47,"function":"finish","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":[{"__class__":"GuzzleHttp\\Handler\\CurlHandler"},{"__class__":"GuzzleHttp\\Handler\\EasyHandle","sink":{"__class__":"GuzzleHttp\\Psr7\\LazyOpenStream"},"headers":[],"response":null,"request":{"__class__":"GuzzleHttp\\Psr7\\Request"},"options":{"verify":"/var/www/html/data/files_external/rootcerts.crt","timeout":120,"sink":"/tmp/oc_tmp_IFNSoW-.tar.gz","nextcloud":{"allow_local_address":true},"synchronous":true,"0":"And 7 more entries, set log level to debug to see all entries"},"errno":28,"onHeadersException":null,"createResponseException":null},{"__class__":"GuzzleHttp\\Handler\\CurlFactory"}]},{"file":"/var/www/html/lib/private/Http/Client/DnsPinMiddleware.php","line":113,"function":"__invoke","class":"GuzzleHttp\\Handler\\CurlHandler","type":"->","args":["*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php","line":35,"function":"OC\\Http\\Client\\{closure}","class":"OC\\Http\\Client\\DnsPinMiddleware","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":31,"function":"__invoke","class":"GuzzleHttp\\PrepareBodyMiddleware","type":"->","args":["*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php","line":71,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php","line":107,"function":"__invoke","class":"GuzzleHttp\\RedirectMiddleware","type":"->","args":["*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php","line":73,"function":"checkRedirect","class":"GuzzleHttp\\RedirectMiddleware","type":"->","args":[{"__class__":"GuzzleHttp\\Psr7\\Request"},"*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/promises/src/FulfilledPromise.php","line":41,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\RedirectMiddleware","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/promises/src/TaskQueue.php","line":48,"function":"GuzzleHttp\\Promise\\{closure}","class":"GuzzleHttp\\Promise\\FulfilledPromise","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php","line":248,"function":"run","class":"GuzzleHttp\\Promise\\TaskQueue","type":"->","args":[true]},{"file":"/var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php","line":224,"function":"invokeWaitFn","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php","line":269,"function":"waitIfPending","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php","line":226,"function":"invokeWaitList","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php","line":62,"function":"waitIfPending","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php","line":187,"function":"wait","class":"GuzzleHttp\\Promise\\Promise","type":"->","args":[]},{"file":"/var/www/html/lib/private/Http/Client/Client.php","line":218,"function":"request","class":"GuzzleHttp\\Client","type":"->","args":["get","https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.1.1/previewgenerator-v5.1.1.tar.gz",["/var/www/html/data/files_external/rootcerts.crt",120,"/tmp/oc_tmp_IFNSoW-.tar.gz",[true],["Nextcloud Server Crawler","gzip"],"And 1 more entries, set log level to debug to see all entries"]]},{"file":"/var/www/html/lib/private/Installer.php","line":295,"function":"get","class":"OC\\Http\\Client\\Client","type":"->","args":["https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.1.1/previewgenerator-v5.1.1.tar.gz",["/tmp/oc_tmp_IFNSoW-.tar.gz",120]]},{"file":"/var/www/html/apps/settings/lib/Controller/AppSettingsController.php","line":448,"function":"downloadApp","class":"OC\\Installer","type":"->","args":["previewgenerator"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":225,"function":"enableApps","class":"OCA\\Settings\\Controller\\AppSettingsController","type":"->","args":[["previewgenerator"],[]]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":133,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Settings\\Controller\\AppSettingsController"},"enableApps"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":172,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Settings\\Controller\\AppSettingsController"},"enableApps"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":298,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Settings\\Controller\\AppSettingsController","enableApps",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},["settings.AppSettings.enableApps"]]},{"file":"/var/www/html/lib/base.php","line":1047,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/settings/apps/enable"]},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","Line":210,"message":"could not enable apps","exception":{},"CustomMessage":"could not enable apps"}}

Additional info

I noticed that above the apps directory is detected as not writable I can ping the hostname mentioned in the guzzleexception in the logs

szaimen commented 1 year ago

This sounds like the networking does not work on your instance. Can you check your docker network?

muzzah commented 1 year ago

Networking is working fine. All other docker containers can network without issue. Docker containers can also communicate with one another since the nextcloud instance uses a db in a separate container.

Ive been trying to debug the issue and I can communicate with the github address mentioned in the log. The two things I note are :

the occ config command shows the app directory not writable. Im not sure if this is a problem.
Other command line based network tools work fine

My setup is where Im running a docker in a VM on a Mac Studio. The mounted directories for the nextcloud container are hosted on the studio and mounted through the VM. However I see no other permission issues. Nextcloud install is able to install and setup in to the hosted directories and I even have a user uploading in to their accounts with no issues.

For some reason either the networking code in nextcloud genuinely cannot reach this URL or it can but cannot write to the necessary directory for apps. Any help on how to make the apps directory writable?

This is my docker config

  nextcloud:
    image: nextcloud:25.0.2
    container_name: nextcloud
    depends_on:
      - db
      - proxy
    volumes:
      - /mnt/files/Documents/serverfiles/data/nextcloud:/var/www/html
      - /mnt/files/Documents/serverfiles/data/nextcloud/custom_apps:/var/www/html/custom_apps
      - /mnt/files/Documents/serverfiles/data/nextcloud/apps:/var/www/html/apps
      - /etc/localtime:/etc/localtime:ro
    environment:
      - OVERWRITEHOST=[URL]
      - OVERWRITEPROTOCOL=https
      - MYSQL_PASSWORD=...
      - MYSQL_DATABASE=...
      - MYSQL_USER=...
      - MYSQL_HOST=db
      - NEXTCLOUD_TRUSTED_DOMAINS=[URL]
    restart: unless-stopped

szaimen commented 1 year ago

What are the permissoins of this dir? /mnt/files/Documents/serverfiles/data/nextcloud/custom_apps

muzzah commented 1 year ago

core@universecore:~/dockerconfig$ ls -la /mnt/files/Documents/serverfiles/data/nextcloud/
total 116
drwxr-xr-x  29 core core   928 Jan 10 11:50 .
drwxr-xr-x   6 core core   192 Dec 27 13:04 ..
-rw-r--r--   1 core core  4385 Jan 10 11:50 .htaccess
-rw-r--r--   1 core core   101 Jan 10 11:49 .user.ini
drwxr-xr-x  54 core core  1728 Jan 10 11:49 3rdparty
-rw-r--r--   1 core core 19327 Jan 10 11:49 AUTHORS
-rw-r--r--   1 core core 34520 Jan 10 11:49 COPYING
drwxr-xr-x  50 core core  1600 Jan 10 11:49 apps
drwxr-xr-x  13 core core   416 Jan  4 14:07 config
-rw-r--r--   1 core core  4095 Jan 10 11:49 console.php
drwxr-xr-x  29 core core   928 Jan 10 11:49 core
-rw-r--r--   1 core core  6317 Jan 10 11:49 cron.php
drwxr-xr-x   2 core core    64 Jan 10 12:08 custom_apps
drwxrwx---  11 core core   352 Jan  9 21:18 data
drwxr-xr-x 156 core core  4992 Jan 10 11:49 dist
-rw-r--r--   1 core core   156 Jan 10 11:49 index.html
-rw-r--r--   1 core core  3456 Jan 10 11:49 index.php
drwxr-xr-x   9 core core   288 Jan 10 11:49 lib
-rwxr-xr-x   1 core core   283 Jan 10 11:49 occ
drwxr-xr-x   3 core core    96 Jan 10 11:49 ocm-provider
drwxr-xr-x   5 core core   160 Jan 10 11:49 ocs
drwxr-xr-x   3 core core    96 Jan 10 11:49 ocs-provider
-rw-r--r--   1 core core  3139 Jan 10 11:49 public.php
-rw-r--r--   1 core core  5549 Jan 10 11:49 remote.php
drwxr-xr-x   8 core core   256 Jan 10 11:49 resources
-rw-r--r--   1 core core    26 Jan 10 11:49 robots.txt
-rw-r--r--   1 core core  2452 Jan 10 11:49 status.php
drwxr-xr-x   4 core core   128 Jan  4 13:45 themes
-rw-r--r--   1 core core   383 Jan 10 11:50 version.php

szaimen commented 1 year ago

Can yiu try a chmod -R 777 on that dir?

muzzah commented 1 year ago

Just trited that and restarted the docker container. I still see the same problem and the config command shows the directory still not writable

core@universecore:~/data/nextcloud$ ls -la
total 116
drwxr-xr-x  29 www-data www-data   928 Jan 10 11:50 .
drwxr-xr-x   6 core     core       192 Dec 27 13:04 ..
-rw-r--r--   1 core     core      4385 Jan 10 11:50 .htaccess
-rw-r--r--   1 core     core       101 Jan 10 11:49 .user.ini
drwxr-xr-x  54 core     core      1728 Jan 10 11:49 3rdparty
-rw-r--r--   1 core     core     19327 Jan 10 11:49 AUTHORS
-rw-r--r--   1 core     core     34520 Jan 10 11:49 COPYING
drwxrwxrwx  50 core     core      1600 Jan 10 11:49 apps
drwxr-xr-x  13 core     core       416 Jan  4 14:07 config
-rw-r--r--   1 core     core      4095 Jan 10 11:49 console.php
drwxr-xr-x  29 core     core       928 Jan 10 11:49 core
-rw-r--r--   1 core     core      6317 Jan 10 11:49 cron.php
drwxrwxrwx   2 core     core        64 Jan 10 12:08 custom_apps
drwxrwx---  11 core     core       352 Jan  9 21:18 data
drwxr-xr-x 156 core     core      4992 Jan 10 11:49 dist
-rw-r--r--   1 core     core       156 Jan 10 11:49 index.html
-rw-r--r--   1 core     core      3456 Jan 10 11:49 index.php
drwxr-xr-x   9 core     core       288 Jan 10 11:49 lib
-rwxr-xr-x   1 core     core       283 Jan 10 11:49 occ
drwxr-xr-x   3 core     core        96 Jan 10 11:49 ocm-provider
drwxr-xr-x   5 core     core       160 Jan 10 11:49 ocs
drwxr-xr-x   3 core     core        96 Jan 10 11:49 ocs-provider
-rw-r--r--   1 core     core      3139 Jan 10 11:49 public.php
-rw-r--r--   1 core     core      5549 Jan 10 11:49 remote.php
drwxr-xr-x   8 core     core       256 Jan 10 11:49 resources
-rw-r--r--   1 core     core        26 Jan 10 11:49 robots.txt
-rw-r--r--   1 core     core      2452 Jan 10 11:49 status.php
drwxr-xr-x   4 core     core       128 Jan  4 13:45 themes
-rw-r--r--   1 core     core       383 Jan 10 11:50 version.php

{
    "system": {
        "htaccess.RewriteBase": "\/",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "allow_local_remote_servers": true,
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "overwriteprotocol": "https",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "25.0.2.3",
        "overwrite.cli.url": "",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "loglevel": 2,
        "maintenance": false
    }
}

muzzah commented 1 year ago

Still see this in the nextcloud log

[settings] Error: GuzzleHttp\Exception\ConnectException: cURL error 28: Operation timed out after 120001 milliseconds with 0 out of 0 bytes received (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://objects.githubusercontent.com/github-production-release-asset-2e65be/426190307/1080c7bb-cace-4dec-a838-f1a017fb734b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230110%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230110T124403Z&X-Amz-Expires=300&X-Amz-Signature=d3a930a322e72665c894c9e34b6c98424be4a9afeaab5f5722fea2f39ae745b2&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=426190307&response-content-disposition=attachment%3B%20filename%3Dpreviewgenerator-v5.1.1.tar.gz&response-content-type=application%2Foctet-stream at <<closure>>

 0. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 158
    GuzzleHttp\Handler\CurlFactory::createRejection(GuzzleHttp\Handl ... l}, [28,"Operation t ... "])
 1. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 110
    GuzzleHttp\Handler\CurlFactory::finishError(GuzzleHttp\Handler\CurlHandler {}, GuzzleHttp\Handl ... l}, GuzzleHttp\Handler\CurlFactory {})
 2. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php line 47
    GuzzleHttp\Handler\CurlFactory::finish(GuzzleHttp\Handler\CurlHandler {}, GuzzleHttp\Handl ... l}, GuzzleHttp\Handler\CurlFactory {})
 3. /var/www/html/lib/private/Http/Client/DnsPinMiddleware.php line 113
    GuzzleHttp\Handler\CurlHandler->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 4. /var/www/html/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php line 35
    OC\Http\Client\DnsPinMiddleware->OC\Http\Client\{closure}("*** sensitive parameters replaced ***")
 5. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 31
    GuzzleHttp\PrepareBodyMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 6. /var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 71
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 7. /var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 107
    GuzzleHttp\RedirectMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 8. /var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 73
    GuzzleHttp\RedirectMiddleware->checkRedirect(GuzzleHttp\Psr7\Request {}, "*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 9. /var/www/html/3rdparty/guzzlehttp/promises/src/FulfilledPromise.php line 41
    GuzzleHttp\RedirectMiddleware->GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
10. /var/www/html/3rdparty/guzzlehttp/promises/src/TaskQueue.php line 48
    GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise\{closure}("*** sensitive parameters replaced ***")
11. /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php line 248
    GuzzleHttp\Promise\TaskQueue->run(true)
12. /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php line 224
    GuzzleHttp\Promise\Promise->invokeWaitFn()
13. /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php line 269
    GuzzleHttp\Promise\Promise->waitIfPending()
14. /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php line 226
    GuzzleHttp\Promise\Promise->invokeWaitList()
15. /var/www/html/3rdparty/guzzlehttp/promises/src/Promise.php line 62
    GuzzleHttp\Promise\Promise->waitIfPending()
16. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php line 187
    GuzzleHttp\Promise\Promise->wait()
17. /var/www/html/lib/private/Http/Client/Client.php line 218
    GuzzleHttp\Client->request("get", "https://github. ... z", ["/var/www/html/ ... "])
18. /var/www/html/lib/private/Installer.php line 295
    OC\Http\Client\Client->get("https://github. ... z", ["/tmp/oc_tmp_y0I2JM-.tar.gz",120])
19. /var/www/html/apps/settings/lib/Controller/AppSettingsController.php line 448
    OC\Installer->downloadApp("previewgenerator")
20. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 225
    OCA\Settings\Controller\AppSettingsController->enableApps(["previewgenerator"], [])
21. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 133
    OC\AppFramework\Http\Dispatcher->executeController(OCA\Settings\Con ... {}, "enableApps")
22. /var/www/html/lib/private/AppFramework/App.php line 172
    OC\AppFramework\Http\Dispatcher->dispatch(OCA\Settings\Con ... {}, "enableApps")
23. /var/www/html/lib/private/Route/Router.php line 298
    OC\AppFramework\App::main("OCA\\Settings\\ ... r", "enableApps", OC\AppFramework\ ... {}, ["settings.AppSettings.enableApps"])
24. /var/www/html/lib/base.php line 1047
    OC\Route\Router->match("/settings/apps/enable")
25. /var/www/html/index.php line 36
    OC::handleRequest()

POST /settings/apps/enable
from 192.168.160.3 by nobunaga at 2023-01-10T12:46:03+00:00

muzzah commented 1 year ago

One interesting thing to note, whenever I start an interactive shell on the docker container, I cannot run any command. It logs in to the container but the command just hangs.

I can however run the command without starting an interactive shell

core@universecore:~/data/nextcloud$ docker exec -t nextcloud /bin/bash
root@b33105b778d6:/var/www/html# ls
^C
core@universecore:~/data/nextcloud$ docker exec -t nextcloud ls
3rdparty  console.php  dist    ocm-provider  resources
AUTHORS   core         index.html  ocs       robots.txt
COPYING   cron.php     index.php   ocs-provider  status.php
apps      custom_apps  lib     public.php    themes
config    data         occ     remote.php    version.php
core@universecore:~/data/nextcloud$

Im not sure if I can test a Curl type command from within the container?

szaimen commented 1 year ago

Im not sure if I can test a Curl type command from within the container?

yes, please do so, e.g. curl -vvv https://apps.nextcloud.com

muzzah commented 1 year ago

interesting. I can reach apps.nextcloud.com but not the github url.

core@universecore:~/data/nextcloud$ docker  exec -it nextcloud curl -vvv https://objects.githubusercontent.com
*   Trying 185.199.111.133:443...
* Connected to objects.githubusercontent.com (185.199.111.133) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* Operation timed out after 300664 milliseconds with 0 out of 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 300664 milliseconds with 0 out of 0 bytes received

core@universecore:~/data/nextcloud$ docker  exec -it nextcloud curl -v https://apps.nextcloud.com 
*   Trying 176.9.217.53:443...
* Connected to apps.nextcloud.com (176.9.217.53) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=apps.nextcloud.com
*  start date: Dec 20 01:02:12 2022 GMT
*  expire date: Mar 20 01:02:11 2023 GMT
*  subjectAltName: host "apps.nextcloud.com" matched cert's "apps.nextcloud.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: apps.nextcloud.com
> User-Agent: curl/7.74.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 10 Jan 2023 13:35:49 GMT
< Server: Apache/2.4.52 (Ubuntu)
< Content-Length: 270461
< Vary: Accept-Language,Cookie,Accept-Encoding
< Content-Language: en
< X-Frame-Options: DENY
< Content-Security-Policy: script-src 'self'; form-action 'self' https://github.com; img-src *; connect-src 'self'; default-src 'none'; style-src 'self'; font-src 'self'
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: same-origin
< Content-Type: text/html; charset=utf-8

muzzah commented 1 year ago

I wonder if its a DNS issue. Can I do a DNS lookup in the container? nslookup doesnt seem to be available?

szaimen commented 1 year ago

yes, dns issue. You could try to adjust the dns config of the container but I am out now.

muzzah commented 1 year ago

No I dont think it is. The above log contains

Connected to objects.githubusercontent.com (185.199.111.133) port 443 (#0)

so seems like DNS resolves but for some reason it cannot communicate with it. All other urls with curl work fine

szaimen commented 1 year ago

So maybd the problem is then that github does not have ipv6 afaik?

J0WI commented 1 year ago

This looks like an issue with your Docker instance, not with the Nextcloud image. Can you reproduce this with other images?

joshtrichards commented 1 year ago

Hi @muzzah - I'm 99% certain this is a configuration issue and thus should probably get taken over to https://help.nextcloud.com. But since it's it already gone on quite a bit here I'll add a few notes I see in your setup and maybe we can get this wrapped up.

I see several possible issues, but first:

What version of Docker? What edition for that matter? CE? Desktop?
What OS is the VM running? Or are you simply referring to the Linux VM started by Docker Desktop?
Are you trying to run Docker rootless?

So some issues that I note:

All of your mounts are bind mounts rather than named volumes and thus your underlying OS ownership/permissions matter a great deal since you're not letting Docker manage things. It appears all your files are owned by core which I'm guessing doesn't map to UID/GID 33:33 on your underlying host OS... which is going to cause problems in the container. The easiest way to address this is to chown 33:33 -R /mnt/files/Documents/serverfiles/data/nextcloud from your host.
The issue you're having with interactive access to the container is that you're not telling Docker you want it to to be interactive: either specify -it rather than just -t or - since you're using Compose - use docker compose exec nextcloud bash syntax
You're exec'ing in container as root rather than -u33 (aka: www-data): Try something like docker compose exec -u33 nextcloud bash

Caveat: Some of the above suggestions regarding UID mapping may change depending on your answers to the other questions.

If you are willing, I'd personally test a scenario (not of your live environment - create a second stack) that doesn't use bind mounts at all, but named volumes for your persistent data (like, I believe, every example given in the documentation in this repository).

nextcloud / docker