Hi, I'm unable to login to freshly installed instance with redis enabled. <p d

Works with following configuration: <div class="highlight highlight-source-yaml no

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Unable to login when using redis as memcache about helm HOT 16 CLOSED

nextcloud commented on September 7, 2024 1

Unable to login when using redis as memcache

from helm.

Comments (16)

cluk1 commented on September 7, 2024 2

I had the same issue. In my case it was caused by some special characters contained in the redis password I used.

The underlying issue might be that the session handling is configured to be in the redis db but something in the redis setup is not fully working. That leads to being redirected to the login page indefinitely.

from helm.

krisko commented on September 7, 2024 2

Works with following configuration:

    configs:
      zcustom.config.php: |-
        <?php
        $CONFIG = array (
          'overwriteprotocol' => 'https',
          'trusted_domains'   => ['k3s-vg'],
          'memcache.local' => '\\OC\\Memcache\\Redis',
          'filelocking.enabled' => 'true',
          'memcache.distributed' => '\\OC\\Memcache\\Redis',
          'memcache.locking' => '\\OC\\Memcache\\Redis',
          'redis' =>
            array (
              'host' => 'nextcloud-redis-master',
              'password' => 'asdQWEasd',
              'port' => 6379,
            ),
        );

from helm.

agates commented on September 7, 2024 1

If you are using https behind a reverse proxy (for example I have ingress set up with a Linode NodeBalancer), you may need to set overwriteprotocol to https.

This appears to be a known quirk with redis and reverse proxies for any nextcloud setup, because the server can't redirect the user appropriately -- meaning no error until security token lookup.

Note that if you migrate an existing installation that already has app passwords set up, those app passwords work without this workaround.

from helm.

krisko commented on September 7, 2024

Thaks for reply,
I didn't ave much time to share my values.yaml file, so here it is now. Maybe someone can pinpoint something wrong in it.

When I've installed nextcloud 18 with this conf it worked perfectly. After upgrade to 19.0.6 it does not work. Doing fresh install with the values.yaml and version 19 does not help either.
You can see that I don't use redis password, and that I have set overwriteprotocol.

---
  image:
    tag: 19.0.6
  ingress:
    enabled: true
  nextcloud:
    host: k3s-vg
    mail:
      enabled: true
      fromAddress: mailname
      domain: domain.eu
      smtp:
        host: smtp.domain.eu
        name: "[email protected]"
        password: somepassword
    configs:
      custom.config.php: |-
        <?php
        $CONFIG = array (
          'overwriteprotocol' => 'https',
          'trusted_proxies'   => ['192.168.1.22'],
          'trusted_domains'   => ['k3s-vg'],
          'memcache.local' => '\\OC\\Memcache\\Redis',
          'filelocking.enabled' => 'true',
        );
  redis:
    enabled: true
    usePassword: false
    global:
      storageClass: longhorn-ssd
  nginx:
    enabled: false
  internalDatabase:
    enabled: false
  externalDatabase:
    enabled: true
    type: postgresql
    host: nextcloud-postgresql
    password: changeme
  postgresql:
    enabled: true
    persistence:
      enabled: true
      existingClaim: lh-nextcloud-db
    postgresqlUsername: nextcloud
    postgresqlPassword: changeme
    postgresqlDatabase: nextcloud
    livenessProbe:
      initialDelaySeconds: 150
    volumePermissions:
      enabled: true
  persistence:
    enabled: true
    existingClaim: lh-nextcloud
    size: 3Gi

EDIT:

Trying install with basic value.yaml and again I'm stuck at login page

---
  image:
    tag: 19.0.6
  ingress:
    enabled: true
  nextcloud:
    host: k3s-vg
    configs:
      custom.config.php: |-
        <?php
        $CONFIG = array (
          'trusted_proxies'   => ['192.168.1.22'],
          'trusted_domains'   => ['k3s-vg'],
          'memcache.local' => '\\OC\\Memcache\\Redis',
          'filelocking.enabled' => 'true',
        );
  redis:
    enabled: true
    usePassword: false
    global:
      storageClass: longhorn-ssd
  internalDatabase:
    enabled: true

from helm.

marvinosswald commented on September 7, 2024

Your config sadly doesn't work for me, how important it the overwriteprotocol to https part ? As it's the only part i changed to http

from helm.

tvories commented on September 7, 2024

@marvinosswald when you say the config isn't working, are you having login issues with redis enabled?

from helm.

marvinosswald commented on September 7, 2024

yes exactly, to be precise with two replicas and redis.

EDIT: sometimes i also land on an apache default Forbidden page but as soon as i reduce the replicas to 1 everything works which makes it a redis issue i guess.

my config:

redis:
  enabled: true # causes nextcloud to miss sessions
  usePassword: true
  password: *****
internalDatabase:
  enabled: false
mariadb:
  enabled: true
  password: *****
hpa:
  enabled: true
  minPods: 2
metrics:
  enabled: true
startupProbe:
  enabled: true
  initialDelaySeconds: 120
cronjob:
  curlInsecure: true
  enabled: false
ingress:
  enabled: true
  apiVersion: networking.k8s.io/v1beta1
nextcloud:
  defaultConfigs:
    \.redis\.config\.php: false
  configs:
    zcustom.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_proxies' => ['10.1.150.0/24'],
        'trusted_domains'   => ['nextcloud.k8s.internal', 'nextcloud','10.1.150.*'],
        'filelocking.enabled' => 'true',
        'memcache.local' => '\\OC\\Memcache\\Redis',
        'memcache.distributed' => '\\OC\\Memcache\\Redis',
        'memcache.locking' => '\\OC\\Memcache\\Redis',
        'redis' =>
          array (
            'host' => 'nextcloud-redis-master',
            'password' => '****',
            'port' => 6379,
          ),
      );
  host: nextcloud.k8s.onprem.svg.de
  password: ****
  extraVolumes:
  - name: samba
    persistentVolumeClaim:
      claimName: nextcloud-smb-mount
  extraVolumeMounts:
  - name: samba
    mountPath: /var/www/samba
resources:
  requests:
    memory: "1500Mi"
    cpu: "900m"
  limits:
    memory: "2500Mi"
    cpu: "1200m"

from helm.

tvories commented on September 7, 2024

Can you try editing the nextcloud config map and adding the following: 'password' => getenv('REDIS_HOST_PASSWORD'),

Under redis.config.php:

...
redis.config.php: |-
    <?php
    if (getenv('REDIS_HOST')) {
      $CONFIG = array (
        'memcache.distributed' => '\OC\Memcache\Redis',
        'memcache.locking' => '\OC\Memcache\Redis',
        'redis' => array(
          'host' => getenv('REDIS_HOST'),
          'port' => getenv('REDIS_HOST_PORT') ?: 6379,
          'password' => getenv('REDIS_HOST_PASSWORD'), <-- ADD THIS LINE
        ),
      );
    }
...

from helm.

marvinosswald commented on September 7, 2024

i'm trying now, but why could this be better then the string directly ?

EDIT: didn't change the behaviour

from helm.

tvories commented on September 7, 2024

Make sure after you change that line that you delete the nextcloud pod and have it redeploy.

The configmap issue is being worked on in #56

from helm.

marvinosswald commented on September 7, 2024

i've completely deleted the helm install and redeployed from there still no luck. Anything else i could try or logs to search for ?

from helm.

tvories commented on September 7, 2024

What's your ./occ status inside the container?

from helm.

marvinosswald commented on September 7, 2024

Console has to be executed with the user that owns the file config/config.php

i'm root and can't open ./occ with the message above.

from helm.

tvories commented on September 7, 2024

OK, su to www-data user: su www-data -s /bin/bash and then try and run it again.

from helm.

marvinosswald commented on September 7, 2024

Container 1

installed: true
version: 19.0.3.1
versionstring: 19.0.3
edition:

Log

Conf remoteip disabled.
To activate the new configuration, you need to run:
  service apache2 reload
Configuring Redis as session handler
Initializing nextcloud 19.0.3.1 ...
Initializing finished
New nextcloud instance
Installing with MySQL database
starting nextcloud installation
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
 ->
retrying install...
Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
 ->
retrying install...
Nextcloud was successfully installed
setting trusted domains…
System config value trusted_domains => 1 set to string nextcloud.k8s.onprem.svg.de
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.43. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.43. Set the 'ServerName' directive globally to suppress this message
[Mon Feb 08 20:11:48.559323 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.11 configured -- resuming normal operations
[Mon Feb 08 20:11:48.559391 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.1.150.1 - - [08/Feb/2021:20:12:53 +0000] "GET /status.php HTTP/1.1" 200 1587 "-" "kube-probe/1.20+"

Container 2

Nextcloud is not installed - only a limited number of commands are available

installed: false
version: 19.0.3.1
versionstring: 19.0.3
edition:

Container 2 specific observations

The container boots the first time and goes into an endless The username is already being used loop until finally failing the installation
then kubernetes restarts the container because it hit some timeout
now the new iteration doesn't try to install at all because, i guess, the CAN_INSTALL Flag is already gone
container 2 becomes ready nonetheless but is actually dead

Logs

Conf remoteip disabled.
To activate the new configuration, you need to run:
  service apache2 reload
Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.40. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.1.150.40. Set the 'ServerName' directive globally to suppress this message
[Mon Feb 08 20:12:36.397707 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.11 configured -- resuming normal operations
[Mon Feb 08 20:12:36.397768 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.1.150.1 - - [08/Feb/2021:20:14:38 +0000] "GET /status.php HTTP/1.1" 200 1580 "-" "kube-probe/1.20+"

Very interesting!

Observations:

The working container, 1, is the one being ready first
The faulty container, 2, boots second and the container gets restarted in the beginning once every time.
i have hpa activated with a min pod of 2
I see a CAN_INSTALL file missing error (see more in Container 2 specific observations)

from helm.

marvinosswald commented on September 7, 2024

Solution

One can't have multiple nextcloud containers without a shared persistence !

Added some documentation on the topic: #72

from helm.

Unable to login when using redis as memcache about helm HOT 16 CLOSED

Comments (16)

Container 1

Log

Container 2

Container 2 specific observations

Logs

Observations:

Solution

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent