Closed krisko closed 3 years ago
cluk1
commented
3 years ago I had the same issue. In my case it was caused by some special characters contained in the redis password I used.
The underlying issue might be that the session handling is configured to be in the redis db but something in the redis setup is not fully working. That leads to being redirected to the login page indefinitely.
agates
commented
3 years ago If you are using https behind a reverse proxy (for example I have ingress set up with a Linode NodeBalancer), you may need to set overwriteprotocol to https.
This appears to be a known quirk with redis and reverse proxies for any nextcloud setup, because the server can't redirect the user appropriately -- meaning no error until security token lookup.
Note that if you migrate an existing installation that already has app passwords set up, those app passwords work without this workaround.
krisko
commented
3 years ago Thaks for reply, I didn't ave much time to share my values.yaml file, so here it is now. Maybe someone can pinpoint something wrong in it.
When I've installed nextcloud 18 with this conf it worked perfectly. After upgrade to 19.0.6 it does not work. Doing fresh install with the values.yaml and version 19 does not help either. You can see that I don't use redis password, and that I have set overwriteprotocol.
---
image:
tag: 19.0.6
ingress:
enabled: true
nextcloud:
host: k3s-vg
mail:
enabled: true
fromAddress: mailname
domain: domain.eu
smtp:
host: smtp.domain.eu
name: "mail@domain.eu"
password: somepassword
configs:
custom.config.php: |-
<?php
$CONFIG = array (
'overwriteprotocol' => 'https',
'trusted_proxies' => ['192.168.1.22'],
'trusted_domains' => ['k3s-vg'],
'memcache.local' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
);
redis:
enabled: true
usePassword: false
global:
storageClass: longhorn-ssd
nginx:
enabled: false
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
host: nextcloud-postgresql
password: changeme
postgresql:
enabled: true
persistence:
enabled: true
existingClaim: lh-nextcloud-db
postgresqlUsername: nextcloud
postgresqlPassword: changeme
postgresqlDatabase: nextcloud
livenessProbe:
initialDelaySeconds: 150
volumePermissions:
enabled: true
persistence:
enabled: true
existingClaim: lh-nextcloud
size: 3GiEDIT:
Trying install with basic value.yaml and again I'm stuck at login page
---
image:
tag: 19.0.6
ingress:
enabled: true
nextcloud:
host: k3s-vg
configs:
custom.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => ['192.168.1.22'],
'trusted_domains' => ['k3s-vg'],
'memcache.local' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
);
redis:
enabled: true
usePassword: false
global:
storageClass: longhorn-ssd
internalDatabase:
enabled: trueWorks with following configuration:
configs:
zcustom.config.php: |-
<?php
$CONFIG = array (
'overwriteprotocol' => 'https',
'trusted_domains' => ['k3s-vg'],
'memcache.local' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'nextcloud-redis-master',
'password' => 'asdQWEasd',
'port' => 6379,
),
);
marvinosswald
commented
3 years ago Your config sadly doesn't work for me, how important it the overwriteprotocol to https part ? As it's the only part i changed to http
tvories
commented
3 years ago @marvinosswald when you say the config isn't working, are you having login issues with redis enabled?
marvinosswald
commented
3 years ago yes exactly, to be precise with two replicas and redis.
EDIT: sometimes i also land on an apache default Forbidden page but as soon as i reduce the replicas to 1 everything works which makes it a redis issue i guess.
my config:
redis:
enabled: true # causes nextcloud to miss sessions
usePassword: true
password: *****
internalDatabase:
enabled: false
mariadb:
enabled: true
password: *****
hpa:
enabled: true
minPods: 2
metrics:
enabled: true
startupProbe:
enabled: true
initialDelaySeconds: 120
cronjob:
curlInsecure: true
enabled: false
ingress:
enabled: true
apiVersion: networking.k8s.io/v1beta1
nextcloud:
defaultConfigs:
\.redis\.config\.php: false
configs:
zcustom.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => ['10.1.150.0/24'],
'trusted_domains' => ['nextcloud.k8s.internal', 'nextcloud','10.1.150.*'],
'filelocking.enabled' => 'true',
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'nextcloud-redis-master',
'password' => '****',
'port' => 6379,
),
);
host: nextcloud.k8s.onprem.svg.de
password: ****
extraVolumes:
- name: samba
persistentVolumeClaim:
claimName: nextcloud-smb-mount
extraVolumeMounts:
- name: samba
mountPath: /var/www/samba
resources:
requests:
memory: "1500Mi"
cpu: "900m"
limits:
memory: "2500Mi"
cpu: "1200m"Can you try editing the nextcloud config map and adding the following: 'password' => getenv('REDIS_HOST_PASSWORD'),
Under redis.config.php:
...
redis.config.php: |-
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
'password' => getenv('REDIS_HOST_PASSWORD'), <-- ADD THIS LINE
),
);
}
...i'm trying now, but why could this be better then the string directly ?
EDIT: didn't change the behaviour
tvories
commented
3 years ago Make sure after you change that line that you delete the nextcloud pod and have it redeploy.
The configmap issue is being worked on in #56
marvinosswald
commented
3 years ago i've completely deleted the helm install and redeployed from there still no luck. Anything else i could try or logs to search for ?
tvories
commented
3 years ago What's your ./occ status inside the container?
marvinosswald
commented
3 years ago Console has to be executed with the user that owns the file config/config.php
i'm root and can't open ./occ with the message above.
tvories
commented
3 years ago OK, su to www-data user: su www-data -s /bin/bash and then try and run it again.
marvinosswald
commented
3 years ago Conf remoteip disabled.
To activate the new configuration, you need to run:
service apache2 reload
Configuring Redis as session handler
Initializing nextcloud 19.0.3.1 ...
Initializing finished
New nextcloud instance
Installing with MySQL database
starting nextcloud installation
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
->
retrying install...
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
->
retrying install...
Nextcloud was successfully installed
setting trusted domains…
System config value trusted_domains => 1 set to string nextcloud.k8s.onprem.svg.de
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.43. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.43. Set the 'ServerName' directive globally to suppress this message
[Mon Feb 08 20:11:48.559323 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.11 configured -- resuming normal operations
[Mon Feb 08 20:11:48.559391 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.1.150.1 - - [08/Feb/2021:20:12:53 +0000] "GET /status.php HTTP/1.1" 200 1587 "-" "kube-probe/1.20+"Nextcloud is not installed - only a limited number of commands are available
The username is already being used loop until finally failing the installationConf remoteip disabled.
To activate the new configuration, you need to run:
service apache2 reload
Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.40. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.40. Set the 'ServerName' directive globally to suppress this message
[Mon Feb 08 20:12:36.397707 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.11 configured -- resuming normal operations
[Mon Feb 08 20:12:36.397768 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.1.150.1 - - [08/Feb/2021:20:14:38 +0000] "GET /status.php HTTP/1.1" 200 1580 "-" "kube-probe/1.20+"Very interesting!
marvinosswald
commented
3 years ago One can't have multiple nextcloud containers without a shared persistence !
Added some documentation on the topic: https://github.com/nextcloud/helm/pull/72
Hi, I'm unable to login to freshly installed instance with redis enabled.
config.php section:
After login, I'm redirected to
login?redirect_url=/apps/files/URL but then the login page just reloads and I'm stuck on login page again. There are no entries in nextloud.log.It works on 18.0.12 version.