Networking issues accessing Nextcloud behind Caddy + Cloudflare

[toxikat]

Hi all, here with a basic networking issue I'm struggling with.

Basic description: I cannot access my nextcloud on my local network nor remotely. A week ago, everything was working fine, so I'm a bit surprised that there were some issues.



Setup:

1. TrueNAS core 13.0-U2
2. I have a jail just for Caddy @ 192.168.1.199
   1. Here, I run a "main" Caddy. The Caddyfile is listed at the bottom.
3. Nextcloud lives in a jail @ 192.168.1.70 (subdomain is "my")
   1. Here, I run a "sub" Caddy. also listed at the bottom.
   2. I have also pasted parts of my nextcloud's config.php down
4. I have a jail for Jellyfin @ 192.168.1.101 (subdomain is "watch").
   1. This works externally and locally, which tells me that my port forwarding situation should be ok.
   2. I do not run a caddy here, the main caddy directly reverse proxies jellyfin's ip/port
5. Domain registered on Cloudflare, example.com, all proxied
   1. Here I have an A record for example.com
   2. CNAME records for my subdomains.
   3. SSL/TLS on "Full (Strict)"
6. If any other info is needed, let me know.

Some observations:
1. My server had nearly exactly 1 year of uptime when this became inaccessible. I'm pretty sure this was just a coincidence.
2. My ISP reset my IPV4. I have since updated my cloudflare's example.com to point to the new ipv4.
3. At time of failure, both Jellyfin and Nextcloud were unaccessble, but i was able to get jellyfin up and running after the ipv4 update in cloudflare.

I'm willing to get rid of the Nextcloud's caddyfile if it makes things simpler. I originally set the box up as only having nextcloud, and later on adding other things. If it would make things simpler, would definitely be open to condensing things somehow to only use Caddy jail's caddyfile.

Another note: In my NC's Caddyfile, I have a port declared, ":9010". When I hit this port via my pc locally with `curl 192.168.1.70:9010`, it returns 200 fine. This might be a weak signal but I thought I'd point this out.

Currently, when I try to access `my.example.com`, i get a 502 bad gateway. I have traced the logs as follows:

One thing I want to call out is that in nextcloud's jail's Caddy log (posted down there), there is the line `dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused`. I'm not sure what this means and searching didn't come up with an obvious cause. I'm worried that Nextcloud somehow isn't running, but I'm actually not sure how to check that since I can't access the NC admin console locally (occ runs fine though).

1. In the Caddy jail, I see this caddy log:

Code:

2024/04/01 00: 40: 46.251 error   http.log.access.log0    handled request {
    "request": {
        "remote_ip": "1<some ip>3",
        "remote_port": "13478",
        "proto": "HTTP/2.0",
        "method": "GET",
        "host": "my.example.com",
        "uri": "/",
        "headers": {
            "Cf-Ray": [
                "86b-XXX"
            ],
            "X-Forwarded-Proto": [
                "https"
            ],
            "User-Agent": [
                "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0"
            ],
            "Accept": [
                "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"
            ],
            "Sec-Fetch-Dest": [
                "document"
            ],
            "Cf-Connecting-Ip": [
                "my ipv4"
            ],
            "Sec-Fetch-Site": [
                "none"
            ],
            "Sec-Fetch-User": [
                "?1"
            ],
            "Accept-Encoding": [
                "gzip, br"
            ],
            "Accept-Language": [
                "en-US,en;q=0.5"
            ],
            "Upgrade-Insecure-Requests": [
                "1"
            ],
            "Sec-Fetch-Mode": [
                "navigate"
            ],
            "Cdn-Loop": [
                "cloudflare"
            ],
            "Cf-Ipcountry": [
                "CA"
            ],
            "X-Forwarded-For": [
                "my ipv4"
            ],
            "Cf-Visitor": [
                "{\"scheme\":\"https\"}"
            ],
            "Priority": [
                "u=1"
            ],
            "Cookie": []
        },
        "tls": {
            "resumed": false,
            "version": 772,
            "cipher_suite": 4865,
            "proto": "h2",
            "server_name": "my.example.com"
        }
    },
    "user_id": "",
    "duration": 0.002616458,
    "size": 0,
    "status": 502,
    "resp_headers": {
        "Strict-Transport-Security": [
            "max-age=31536000;"
        ],
        "Content-Length": [
            "0"
        ],
        "Date": [
            "Mon, 01 Apr 2024 00:40:46 GMT"
        ],
        "Server": [
            "Caddy",
            "Caddy"
        ],
        "Alt-Svc": [
            "h3=\":443\"; ma=2592000"
        ]
    }
}

Then, in my Nextcloud jail, I see

Code:

2024/04/01 00: 44: 02.489 ERROR   http.log.error.log0     dialing backend: dial tcp 127.0.0.1: 9000: connect: connection refused   {
    "request": {
        "remote_ip": "192.168.1.199 (caddy jail ip)",
        "remote_port": "45585",
        "proto": "HTTP/2.0",
        "method": "GET",
        "host": "my.example.com",
        "uri": "/",
        "headers": {
            "Accept": [
                "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"
            ],
            "Accept-Language": [
                "en-US,en;q=0.5"
            ],
            "Cookie": [],
            "Cf-Ipcountry": [
                "CA"
            ],
            "Sec-Fetch-Site": [
                "none"
            ],
            "X-Forwarded-For": [
                "some public ipv4 i dont know, probs cloudflares"
            ],
            "Cdn-Loop": [
                "cloudflare"
            ],
            "Priority": [
                "u=1"
            ],
            "Accept-Encoding": [
                "gzip, br"
            ],
            "Sec-Fetch-Dest": [
                "document"
            ],
            "Cf-Connecting-Ip": [
                "2xxx7"
            ],
            "Sec-Fetch-User": [
                "?1"
            ],
            "Cf-Ray": [
                "86xxd9c-xxx"
            ],
            "X-Forwarded-Host": [
                "my.example.com"
            ],
            "User-Agent": [
                "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0"
            ],
            "X-Forwarded-Proto": [
                "https"
            ],
            "Sec-Fetch-Mode": [
                "navigate"
            ],
            "Upgrade-Insecure-Requests": [
                "1"
            ],
            "Cf-Visitor": [
                "{\"scheme\":\"https\"}"
            ]
        },
        "tls": {
            "resumed": false,
            "version": 772,
            "cipher_suite": 4865,
            "proto": "h2",
            "server_name": "my.example.com"
        }
    },
    "duration": 0.000706038,
    "status": 502,
    "err_id": "qqu6epghb",
    "err_trace": "reverseproxy.statusError (reverseproxy.go:1272)"
}

# Caddy jail's Caddyfile:

Code:

root@caddy:/usr/local/www # cat Caddyfile
{
        email <my email>
}

:2020 {
        respond "sample text"
}


my.example.com {
        log {
                output file /var/log/caddy/nextcloud-access.log
                level DEBUG
        }

        reverse_proxy https://my.example.domain # nextcloud aliased via /etc/hosts

}

watch.example.com {
        reverse_proxy 192.168.1.101:8096 # jellyfin
}

/etc/hosts

Code:

root@caddy:~ # cat /etc/hosts
# $FreeBSD$
... lots of comments
#
::1                     localhost localhost.my.domain
127.0.0.1               localhost localhost.my.domain caddy
#
... whole bunch of comments
#
192.168.1.199   caddy

192.168.1.70    my.example.com

# Nextcloud jail's Caddyfile:

Code:

{
        # debug
        #acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
        email <my email>
        default_sni my.example.com
}

:9010 {
        respond "nc"
}

my.example.com {
        root * /usr/local/www/nextcloud
        file_server
        log {
                output file /var/log/my.example.com.log
        }

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true
        }

        tls {
                dns cloudflare <redacted key, not even sure if this is correct anymore tbh>
        }

        header {
                # enable HSTS
                Strict-Transport-Security max-age=31536000;
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/webfinger /index.php/.well-known/webfinger 301
        redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}

nextcloud's config.php

Code:

nextcloud# cat nextcloud/config/config.php
<?php
$CONFIG = array (
  'passwordsalt' => 'xxx',
  'secret' => '3gxxxsZ',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'my.example.domain',
    2 => '192.168.1.70',
    3 => '191.168.1.199',
  ),
  'datadirectory' => '/mnt/files',
  'dbtype' => 'mysql',
  'version' => '24.0.7.1',
  'overwrite.cli.url' => 'https://my.example.domain/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/tmp/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 's8LBxxxx4IA==',
  'installed' => true,
  'instanceid' => 'oclxxx9y',
  'logtimezone' => 'America/xx',
  'default_phone_region' => 'US',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'logrotate_size' => '104847600',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'overwritehost' => 'my.example.domain',
  'overwriteprotocol' => 'https',
  'htaccess.RewriteBase' => '/',
  'maintenance' => false,
  'theme' => '',
  'preview_max_memory' => 4096,
  'preview_max_filesize_image' => 256,
  'enabledPreviewProviders' =>
  array (
    0 => 'OC\\Preview\\Image',
    1 => 'OC\\Preview\\HEIC',
    2 => 'OC\\Preview\\TIFF',
    3 => 'OC\\Preview\\Movie',
    4 => 'OC\\Preview\\MKV',
    5 => 'OC\\Preview\\MP4',
    6 => 'OC\\Preview\\AVI',
  ),
  'memories.ffmpeg_path' => '/usr/local/bin/ffmpeg',
  'memories.ffprobe_path' => '/usr/local/bin/ffprobe',
  'memories.transcoder' => '/usr/local/www/nextcloud/apps/memories/exiftool-bin/go-vod-amd64',
  'memories.no_transcode' => false,
  'memories.qsv' => false,
  'memories.gis_type' => 1,
);

 

[victort]

So the only thing that changed is your ISP?

Have you tried proxying to Nextcloud via IP instead of the domain?

 

[toxikat]

So the only thing that changed is your ISP?

Have you tried proxying to Nextcloud via IP instead of the domain?

Thanks for the reply,

That's the only thing I noticed that did change. It might have been some other cause before my ISP changed my IPv4, but I did not notice it. Once my isp changed my ipv4, I knew for sure both sites were down.

I tried to change my Caddy jail's Caddyfile to use this instead, and it's the same result with the same error, `2024/04/01 02:41:33.555 error http.log.access.log0 handled request`. (btw, probably not a big deal but without specifying the transport, I get some x509 cannot verify cert error).

Code:

my.example.com {
        log {
                output file /var/log/caddy/nextcloud-access.log
                level DEBUG
        }

        reverse_proxy https://192.168.1.70 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

I'm not too sure what the implication is, but previously i was using the domain instead of local IP just fine, due to the alias in the /etc/hosts file.

 

[victort]

Thanks for the reply,

That's the only thing I noticed that did change. It might have been some other cause before my ISP changed my IPv4, but I did not notice it. Once my isp changed my ipv4, I knew for sure both sites were down.

I tried to change my Caddy jail's Caddyfile to use this instead, and it's the same result with the same error, `2024/04/01 02:41:33.555 error http.log.access.log0 handled request`. (btw, probably not a big deal but without specifying the transport, I get some x509 cannot verify cert error).

Code:

my.example.com {
        log {
                output file /var/log/caddy/nextcloud-access.log
                level DEBUG
        }

        reverse_proxy https://192.168.1.70 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

I'm not too sure what the implication is, but previously i was using the domain instead of local IP just fine, due to the alias in the /etc/hosts file.

So, a few points here. It looks like your Nextcloud Caddyfile is serving https. There is really no point to that.

1. Change your Nextcloud Caddyfile to read :80 instead of my.example.com because your proxy is handling TLS. Then have your proxy point to 192.168.1.70 (don’t add the https in front, just the IP)

2. There is no security benefit to running your Nextcloud caddyserver on port 443 (https) if you’re using a reverse proxy. It adds unnecessary overhead

 

[toxikat]

So, a few points here. It looks like your Nextcloud Caddyfile is serving https. There is really no point to that.

1. Change your Nextcloud Caddyfile to read :80 instead of my.example.com because your proxy is handling TLS. Then have your proxy point to 192.168.1.70 (don’t add the https in front, just the IP)

2. There is no security benefit to running your Nextcloud caddyserver on port 443 (https) if you’re using a reverse proxy. It adds unnecessary overhead

Hm i think this is getting somewhere but I'm not sure about this new error

Code:

2024/04/01 03:22:30.260 ERROR   http.log.error.log0     tls: first record does not look like a TLS handshake 

In caddy jail, I now have

Code:

my.domain.com {
        log {
                output file /var/log/caddy/nextcloud-access.log
                level DEBUG
        }

        reverse_proxy 192.168.1.70 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

In nextcloud jail, caddyfile is below. I did comment out the entire TLS block because i got this error when trying to start Caddy. Let me know if this is not the right approach to address this.

Code:

nextcloud# caddy run --config Caddyfile
2024/04/01 03:27:30.647 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
Error: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies

So with it commented out, NC jail's Caddyfile is now

Code:

:80 {
        root * /usr/local/www/nextcloud
        file_server
        log {
                output file /var/log/my.domain.com.log
        }

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true
        }

#       tls {
#               dns cloudflare xxx
#               dns cloudflare XwGO-xxx-xxx
#       }

        header {
                # enable HSTS
                Strict-Transport-Security max-age=31536000;
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/webfinger /index.php/.well-known/webfinger 301
        redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}

 

[victort]

Hm i think this is getting somewhere but I'm not sure about this new error

Code:

2024/04/01 03:22:30.260 ERROR   http.log.error.log0     tls: first record does not look like a TLS handshake 

In caddy jail, I now have

Code:

my.domain.com {
        log {
                output file /var/log/caddy/nextcloud-access.log
                level DEBUG
        }

        reverse_proxy 192.168.1.70 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

You should remove the transport option.

In nextcloud jail, caddyfile is below. I did comment out the entire TLS block because i got this error when trying to start Caddy. Let me know if this is not the right approach to address this.

Code:

nextcloud# caddy run --config Caddyfile
2024/04/01 03:27:30.647 INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
Error: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies

You can completely remove the TLS block if you are using a reverse proxy.

So with it commented out, NC jail's Caddyfile is now

Code:

:80 {
        root * /usr/local/www/nextcloud
        file_server
        log {
                output file /var/log/my.domain.com.log
        }

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true
        }

#       tls {
#               dns cloudflare xxx
#               dns cloudflare XwGO-xxx-xxx
#       }

        header {
                # enable HSTS
                Strict-Transport-Security max-age=31536000;
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/webfinger /index.php/.well-known/webfinger 301
        redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}

This looks correct.

 

[toxikat]

You should remove the transport option.

You can completely remove the TLS block if you are using a reverse proxy.

This looks correct.

Hmm, some different error this time again, but progress.

Caddy jail log:

Code:

2024/04/01 04:26:08.982 error   http.log.access.log0    handled request 

On the nextcloud jail side, caddy now has error:

Code:

2024/04/01 04:26:08.981 ERROR   http.log.error.log0     dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused 

 

[victort]

Wondering what your php version is. Can you do pkg info and see which version of php is installed?

It seems like your php service might not be running.

 

[toxikat]

Wondering what your php version is. Can you do pkg info and see which version of php is installed?

It seems like your php service might not be running.

Code:

nextcloud# pkg info
ImageMagick6-nox11-6.9.12.63,1 Image processing tools (legacy version)
Imath-3.1.6                    C++/Python lib of 2D/3D vector, matrix, math ops for computer graphics
aom-3.5.0                      AV1 reference encoder/decoder
argp-standalone-1.5.0          Standalone version of arguments parsing functions from GLIBC
autoconf-2.71                  Generate configure scripts and related files
autoconf-switch-20220527       Wrapper script to switch between autoconf versions
avahi-app-0.8_1                Service discovery on a local network
bash-5.2_3                     GNU Project's Bourne Again SHell
boost-libs-1.80.0              Free portable C++ libraries (without Boost.Python)
brotli-1.0.9,1                 Generic-purpose lossless compression algorithm
ca_root_nss-3.83               Root certificate bundle from the Mozilla Project
cups-2.4.2                     Common UNIX Printing System
curl-7.85.0                    Command line tool and library for transferring data with URLs
cyrus-sasl-2.1.28              RFC 2222 SASL (Simple Authentication and Security Layer)
dav1d-1.0.0_2                  Small and fast AV1 decoder
dbus-1.14.4,1                  Message bus system for inter-application communication
dbus-glib-0.112                GLib bindings for the D-BUS messaging system
expat-2.4.9                    XML 1.0 parser written in C
ffmpeg-4.4.3,1                 Realtime audio/video encoder/converter and streaming server
fftw3-3.3.10_2                 Fast C routines to compute the Discrete Fourier Transform
fontconfig-2.14.0,1            XML-based font configuration API for X Windows
freetype2-2.12.1_2             Free and portable TrueType font rendering engine
fribidi-1.0.12                 Free Implementation of the Unicode Bidirectional Algorithm
galera-25.3.37_1               Synchronous multi-master replication engine
gamin-0.1.10_10                File and directory monitoring system
gdbm-1.23                      GNU database manager
gdk-pixbuf2-2.42.9             Graphic library for GTK+
gettext-runtime-0.21           GNU gettext runtime libraries and programs
ghostscript9-agpl-base-9.56.1_4 PostScript and PDF interpreter
giflib-5.2.1                   Tools and library routines for working with GIF images
git-2.38.1_1                   Distributed source code management tool
glib-2.74.0,2                  Some useful routines of C programming (current stable version)
gmp-6.2.1                      Free library for arbitrary precision arithmetic
gnome_subr-1.0                 Common startup and shutdown subroutines used by GNOME scripts
gnupg-2.3.3_3                  Complete and free PGP implementation
gnutls-3.7.7                   GNU Transport Layer Security library
go-1.19,2                      Meta-port for the default version of the Go programming language
go119-1.19.3                   Go programming language
graphite2-1.3.14               Rendering capabilities for complex non-Roman writing systems
gsfonts-8.11_8                 Standard Fonts for Ghostscript
harfbuzz-5.2.0                 OpenType text shaping engine
help2man-1.49.2                Automatically generating simple manual pages from program output
highway-1.0.1                  Performance-portable, length-agnostic SIMD with runtime dispatch
htop-3.2.2                     Better top(1) - interactive process viewer
icu-71.1,1                     International Components for Unicode (from IBM)
indexinfo-0.3.1                Utility to regenerate the GNU info page index
jansson-2.14                   C library for encoding, decoding, and manipulating JSON data
jbig2dec-0.19                  Decoder implementation of the JBIG2 image compression format
jbigkit-2.1_1                  Lossless compression for bi-level images such as scanned pages, faxes
jpeg-turbo-2.1.4               SIMD-accelerated JPEG codec which replaces libjpeg
lame-3.100_4                   Fast MP3 encoder kit
lcms2-2.13.1                   Accurate, fast, and small-footprint color management engine
libICE-1.0.10,1                Inter Client Exchange library for X11
libSM-1.2.3,1                  Session Management library for X11
libX11-1.7.2,1                 X11 library
libXau-1.0.9                   Authentication Protocol library for X11
libXdmcp-1.1.3                 X Display Manager Control Protocol library
libXext-1.3.4,1                X11 Extension library
libXfixes-6.0.0                X Fixes extension library
libarchive-3.6.1,1             Library to create and read several streaming archive formats
libargon2-20190702             Memory hard password hashing program and library
libass-0.16.0                  Portable ASS/SSA subtitle renderer
libassuan-2.5.5                IPC library used by GnuPG and gpgme
libdaemon-0.14_1               Lightweight C library that eases the writing of UNIX daemons
libde265-1.0.8                 Open source h.265 video codec
libdeflate-1.14                Fast, whole-buffer DEFLATE-based compression library
libdrm-2.4.113,1               Userspace interface to kernel Direct Rendering Module services
libedit-3.1.20210910,1         Command line editor library
libepoll-shim-0.0.20220703     Small epoll implementation using kqueue
libevent-2.1.12                API for executing callback functions on events or timeouts
libffi-3.4.2                   Foreign Function Interface
libgcrypt-1.9.4_1              General purpose cryptographic library based on the code from GnuPG
libgd-2.3.3_1,1                Graphics library for fast creation of images
libgpg-error-1.45              Common error values for all GnuPG components
libheif-1.13.0_1               ISO/IEC 23008-12:2017 HEIF file format de- and encoder
libiconv-1.17                  Character set conversion library
libidn-1.38                    Internationalized Domain Names command line tool
libidn2-2.3.3                  Implementation of IDNA2008 internationalized domain names
libimagequant-2.17.0           Image Quantization Library
libinotify-20211018            Kevent based inotify compatible library
libjxl-0.7.0                   JPEG XL reference encoder/decoder
libksba-1.6.0                  Library to make X.509 certificates
liblqr-1-0.4.2                 Easy to use C/C++ seam carving library
libltdl-2.4.7                  System independent dlopen wrapper
liblz4-1.9.4,1                 LZ4 compression library, lossless and very fast
libnghttp2-1.48.0              HTTP/2.0 C Library
libogg-1.3.5,4                 Ogg bitstream library
libpaper-1.1.28                Library providing routines for paper size management
libpciaccess-0.16              Generic PCI access library
libpsl-0.21.1_4                C library to handle the Public Suffix List
libpthread-stubs-0.4           Weak aliases for pthread functions
libraqm-0.9.0                  Library that encapsulates complex text layout logic
libraw-0.20.2_3                Library for manipulating raw images
libssh2-1.10.0,3               Library implementing the SSH2 protocol
libsunacl-1.0.1                Wrapper providing SunOS NFSv4 ACL API
libtasn1-4.18.0                ASN.1 structure parser library
libudev-devd-0.5.0             libudev-compatible interface for devd
libunistring-1.0               Unicode string library
libunwind-20211201_1           Generic stack unwinding library
libv4l-1.23.0                  Video4Linux library
libva-2.16.0                   VAAPI wrapper and dummy driver
libvdpau-1.5                   VDPAU wrapper and tracing library
libvorbis-1.3.7_2,3            Audio compression codec library
libvpx-1.12.0                  VP8/VP9 reference encoder/decoder
libwmf-nox11-0.2.12            Tools and library for converting Microsoft WMF (windows metafile)
libx264-0.164.3095             H.264/MPEG-4 AVC Video Encoding (Library)
libxcb-1.15                    The X protocol C-language Binding (XCB) library
libxml2-2.10.3                 XML parser library for GNOME
libxslt-1.1.37                 XML stylesheet transformation library
libzip-1.9.2                   C library for reading, creating, and modifying ZIP archives
lmdb-0.9.29_1,1                OpenLDAP Lightning Memory-Mapped Database
m4-1.4.19,1                    GNU M4
mariadb103-client-10.3.36      Multithreaded SQL database (client)
mariadb103-server-10.3.36      Multithreaded SQL database (server)
mpdecimal-2.5.1                C/C++ arbitrary precision decimal floating point libraries
nano-6.4                       Nano's ANOther editor, an enhanced free Pico clone
nettle-3.8.1                   Low-level cryptographic library
npth-1.6                       New GNU Portable Threads
oniguruma-6.9.8_1              Regular expressions library compatible with POSIX/GNU/Perl
openexr-3.1.5                  High dynamic-range (HDR) image file format
openjpeg-2.5.0                 Open-source JPEG 2000 codec
openldap26-client-2.6.3        Open source LDAP client implementation
opus-1.3.1                     IETF audio codec
p11-kit-0.24.1_1               Library for loading and enumerating of PKCS#11 modules
p5-Authen-SASL-2.16_1          Perl5 module for SASL authentication
p5-CGI-4.54                    Handle Common Gateway Interface requests and responses
p5-Clone-0.45                  Recursively copy Perl datatypes
p5-Digest-HMAC-1.04            Perl5 interface to HMAC Message-Digest Algorithms
p5-Encode-Locale-1.05          Determine the locale encoding
p5-Error-0.17029               Error/exception handling in object-oriented programming style
p5-GSSAPI-0.28_2               Perl extension providing access to the GSSAPIv2 library
p5-HTML-Parser-3.78            Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.20_1          Some useful data table in parsing HTML
p5-HTTP-Date-6.05              Conversion routines for the HTTP protocol date formats
p5-HTTP-Message-6.37           Representation of HTTP style messages
p5-IO-HTML-1.004               Open an HTML file with automatic charset detection
p5-IO-Socket-INET6-2.72_1      Perl module with object interface to AF_INET6 domain sockets
p5-IO-Socket-SSL-2.075         Perl5 interface to SSL sockets
p5-LWP-MediaTypes-6.04         Guess media type for a file or a URL
p5-Locale-gettext-1.07         Message handling functions
p5-Locale-libintl-1.32         Internationalization library for Perl
p5-Mozilla-CA-20211001         Perl extension for Mozilla CA cert bundle in PEM format
p5-Net-SSLeay-1.92             Perl5 interface to SSL
p5-Socket6-0.29                IPv6 related part of the C socket.h defines and structure manipulators
p5-Text-Unidecode-1.30         US-ASCII transliterations of Unicode text
p5-TimeDate-2.33,1             Perl5 module containing a better/faster date parser for absolute dates
p5-URI-5.12                    Perl5 interface to Uniform Resource Identifier (URI) references
p5-Unicode-EastAsianWidth-12.0 East Asian Width properties
panda-cclient-20130621_2       Mark Crispin's C-client mail access routines forked from UW
pciids-20220807                Database of all known IDs used in PCI devices
pcre2-10.40                    Perl Compatible Regular Expressions library, version 2
perl5-5.32.1_3                 Practical Extraction and Report Language
php80-8.0.25                   PHP Scripting Language
php80-bcmath-8.0.25            The bcmath shared extension for php
php80-bz2-8.0.25               The bz2 shared extension for php
php80-ctype-8.0.25             The ctype shared extension for php
php80-curl-8.0.25              The curl shared extension for php
php80-dom-8.0.25               The dom shared extension for php
php80-exif-8.0.25              The exif shared extension for php
php80-fileinfo-8.0.25          The fileinfo shared extension for php
php80-filter-8.0.25            The filter shared extension for php
php80-ftp-8.0.25               The ftp shared extension for php
php80-gd-8.0.25                The gd shared extension for php
php80-gmp-8.0.25               The gmp shared extension for php
php80-iconv-8.0.25             The iconv shared extension for php
php80-imap-8.0.25              The imap shared extension for php
php80-intl-8.0.25              The intl shared extension for php
php80-ldap-8.0.25              The ldap shared extension for php
php80-mbstring-8.0.25          The mbstring shared extension for php
php80-mysqli-8.0.25            The mysqli shared extension for php
php80-opcache-8.0.25           The opcache shared extension for php
php80-pcntl-8.0.25             The pcntl shared extension for php
php80-pdo-8.0.25               The pdo shared extension for php
php80-pdo_mysql-8.0.25         The pdo_mysql shared extension for php
php80-pecl-APCu-5.1.21         APC User Caching
php80-pecl-imagick-3.5.1       PHP wrapper to the ImageMagick/GraphicsMagick library version 6
php80-pecl-memcache-8.0        Memcached extension
php80-pecl-redis-5.3.5         Extension to access Redis
php80-pecl-smbclient-1.0.6     Smbclient wrapper extension
php80-phar-8.0.25              The phar shared extension for php
php80-posix-8.0.25             The posix shared extension for php
php80-session-8.0.25           The session shared extension for php
php80-simplexml-8.0.25         The simplexml shared extension for php
php80-xml-8.0.25               The xml shared extension for php
php80-xmlreader-8.0.25         The xmlreader shared extension for php
php80-xmlwriter-8.0.25         The xmlwriter shared extension for php
php80-xsl-8.0.25               The xsl shared extension for php
php80-zip-8.0.25               The zip shared extension for php
php80-zlib-8.0.25              The zlib shared extension for php
pinentry-1.2.1                 Collection of simple PIN or passphrase entry dialogs
pinentry-curses-1.2.1          Curses version of the GnuPG password dialog
pkg-1.19.0                     Package manager
pkgconf-1.8.0_1,1              Utility to help to configure compiler and linker flags
png-1.6.37_1                   Library for manipulating PNG images
poppler-data-0.4.11            Poppler encoding data
popt-1.18_1                    Getopt(3) like library with a number of enhancements, from Redhat
py39-dnspython-2.2.1_1,1       DNS toolkit for Python
py39-importlib-metadata-4.8.1  Read metadata from Python packages
py39-markdown-3.3.7            Python implementation of Markdown
py39-setuptools-63.1.0         Python packages installer
py39-zipp-3.4.0                Backport of pathlib-compatible object wrapper for zip files
python39-3.9.15                Interpreted object-oriented programming language
readline-8.1.2                 Library for editing command lines as they are typed
redis-7.0.5                    Persistent key-value database with built-in net interface
rsync-3.2.5                    Network file distribution/synchronization utility
samba412-4.12.15_4             Free SMB/CIFS and AD/DC server and client for Unix
screen-4.9.0_6                 Multi-screen window manager
shared-mime-info-2.2_1         MIME types database from the freedesktop.org project
sqlite3-3.39.3,1               SQL database engine in a C library
sudo-1.9.12p1                  Allow others to run commands as root
svt-av1-1.2.1                  Scalable AV1 encoder
talloc-2.3.4                   Hierarchical pool based memory allocator
tdb-1.4.7,1                    Trivial Database
tevent-0.13.0                  Talloc based event loop library
texinfo-6.8_3,1                Typeset documentation system with multiple format output
tiff-4.4.0                     Tools and library routines for working with TIFF images
unixODBC-2.3.11                ODBC library suite for Unix
vim-9.0.0379                   Improved version of the vi editor (console flavor)
vmaf-2.3.1                     Perceptual video quality assessment based on multi-method fusion
wayland-1.21.0                 Core Wayland window system code and protocol
webp-1.2.4                     Google WebP image format conversion tool
x265-3.4_2                     H.265/High Efficiency Video Coding (HEVC) format
xorgproto-2022.1               X Window System unified protocol definitions
xxhash-0.8.1_2                 Extremely fast non-cryptographic hash algorithm
zsh-5.9_1                      The Z shell
zstd-1.5.2_1                   Fast real-time compression algorithm

I'm not the most familiar with php, but I tried to check fpm but it wasn't running

Code:

nextcloud# service php-fpm status
php_fpm is not running.

Then I tried to start it, and found this error:

Code:

nextcloud# service php-fpm start
Performing sanity check on php-fpm configuration:
[31-Mar-2024 22:08:14] ALERT: [pool www] pm.start_servers(20) must not be less than pm.min_spare_servers(6) and not greater than pm.max_spare_servers(18)
[31-Mar-2024 22:08:14] ERROR: failed to post process the configuration
[31-Mar-2024 22:08:14] ERROR: FPM initialization failed
/usr/local/etc/rc.d/php-fpm: WARNING: failed precmd routine for php_fpm

I'm not sure where the config file is, because the one config I checked at `/usr/local/etc/php-fpm.conf` didn't contain anything about servers

Code:

nextcloud# cat /usr/local/etc/php-fpm.conf | grep servers
nextcloud#   

Now that I read that error, I do vaguely remember trying to tune my nextcloud performance before which might have touched those values. However, I'm not sure where those config options are now.

 

[victort]

Code:

nextcloud# pkg info
ImageMagick6-nox11-6.9.12.63,1 Image processing tools (legacy version)
Imath-3.1.6                    C++/Python lib of 2D/3D vector, matrix, math ops for computer graphics
aom-3.5.0                      AV1 reference encoder/decoder
argp-standalone-1.5.0          Standalone version of arguments parsing functions from GLIBC
autoconf-2.71                  Generate configure scripts and related files
autoconf-switch-20220527       Wrapper script to switch between autoconf versions
avahi-app-0.8_1                Service discovery on a local network
bash-5.2_3                     GNU Project's Bourne Again SHell
boost-libs-1.80.0              Free portable C++ libraries (without Boost.Python)
brotli-1.0.9,1                 Generic-purpose lossless compression algorithm
ca_root_nss-3.83               Root certificate bundle from the Mozilla Project
cups-2.4.2                     Common UNIX Printing System
curl-7.85.0                    Command line tool and library for transferring data with URLs
cyrus-sasl-2.1.28              RFC 2222 SASL (Simple Authentication and Security Layer)
dav1d-1.0.0_2                  Small and fast AV1 decoder
dbus-1.14.4,1                  Message bus system for inter-application communication
dbus-glib-0.112                GLib bindings for the D-BUS messaging system
expat-2.4.9                    XML 1.0 parser written in C
ffmpeg-4.4.3,1                 Realtime audio/video encoder/converter and streaming server
fftw3-3.3.10_2                 Fast C routines to compute the Discrete Fourier Transform
fontconfig-2.14.0,1            XML-based font configuration API for X Windows
freetype2-2.12.1_2             Free and portable TrueType font rendering engine
fribidi-1.0.12                 Free Implementation of the Unicode Bidirectional Algorithm
galera-25.3.37_1               Synchronous multi-master replication engine
gamin-0.1.10_10                File and directory monitoring system
gdbm-1.23                      GNU database manager
gdk-pixbuf2-2.42.9             Graphic library for GTK+
gettext-runtime-0.21           GNU gettext runtime libraries and programs
ghostscript9-agpl-base-9.56.1_4 PostScript and PDF interpreter
giflib-5.2.1                   Tools and library routines for working with GIF images
git-2.38.1_1                   Distributed source code management tool
glib-2.74.0,2                  Some useful routines of C programming (current stable version)
gmp-6.2.1                      Free library for arbitrary precision arithmetic
gnome_subr-1.0                 Common startup and shutdown subroutines used by GNOME scripts
gnupg-2.3.3_3                  Complete and free PGP implementation
gnutls-3.7.7                   GNU Transport Layer Security library
go-1.19,2                      Meta-port for the default version of the Go programming language
go119-1.19.3                   Go programming language
graphite2-1.3.14               Rendering capabilities for complex non-Roman writing systems
gsfonts-8.11_8                 Standard Fonts for Ghostscript
harfbuzz-5.2.0                 OpenType text shaping engine
help2man-1.49.2                Automatically generating simple manual pages from program output
highway-1.0.1                  Performance-portable, length-agnostic SIMD with runtime dispatch
htop-3.2.2                     Better top(1) - interactive process viewer
icu-71.1,1                     International Components for Unicode (from IBM)
indexinfo-0.3.1                Utility to regenerate the GNU info page index
jansson-2.14                   C library for encoding, decoding, and manipulating JSON data
jbig2dec-0.19                  Decoder implementation of the JBIG2 image compression format
jbigkit-2.1_1                  Lossless compression for bi-level images such as scanned pages, faxes
jpeg-turbo-2.1.4               SIMD-accelerated JPEG codec which replaces libjpeg
lame-3.100_4                   Fast MP3 encoder kit
lcms2-2.13.1                   Accurate, fast, and small-footprint color management engine
libICE-1.0.10,1                Inter Client Exchange library for X11
libSM-1.2.3,1                  Session Management library for X11
libX11-1.7.2,1                 X11 library
libXau-1.0.9                   Authentication Protocol library for X11
libXdmcp-1.1.3                 X Display Manager Control Protocol library
libXext-1.3.4,1                X11 Extension library
libXfixes-6.0.0                X Fixes extension library
libarchive-3.6.1,1             Library to create and read several streaming archive formats
libargon2-20190702             Memory hard password hashing program and library
libass-0.16.0                  Portable ASS/SSA subtitle renderer
libassuan-2.5.5                IPC library used by GnuPG and gpgme
libdaemon-0.14_1               Lightweight C library that eases the writing of UNIX daemons
libde265-1.0.8                 Open source h.265 video codec
libdeflate-1.14                Fast, whole-buffer DEFLATE-based compression library
libdrm-2.4.113,1               Userspace interface to kernel Direct Rendering Module services
libedit-3.1.20210910,1         Command line editor library
libepoll-shim-0.0.20220703     Small epoll implementation using kqueue
libevent-2.1.12                API for executing callback functions on events or timeouts
libffi-3.4.2                   Foreign Function Interface
libgcrypt-1.9.4_1              General purpose cryptographic library based on the code from GnuPG
libgd-2.3.3_1,1                Graphics library for fast creation of images
libgpg-error-1.45              Common error values for all GnuPG components
libheif-1.13.0_1               ISO/IEC 23008-12:2017 HEIF file format de- and encoder
libiconv-1.17                  Character set conversion library
libidn-1.38                    Internationalized Domain Names command line tool
libidn2-2.3.3                  Implementation of IDNA2008 internationalized domain names
libimagequant-2.17.0           Image Quantization Library
libinotify-20211018            Kevent based inotify compatible library
libjxl-0.7.0                   JPEG XL reference encoder/decoder
libksba-1.6.0                  Library to make X.509 certificates
liblqr-1-0.4.2                 Easy to use C/C++ seam carving library
libltdl-2.4.7                  System independent dlopen wrapper
liblz4-1.9.4,1                 LZ4 compression library, lossless and very fast
libnghttp2-1.48.0              HTTP/2.0 C Library
libogg-1.3.5,4                 Ogg bitstream library
libpaper-1.1.28                Library providing routines for paper size management
libpciaccess-0.16              Generic PCI access library
libpsl-0.21.1_4                C library to handle the Public Suffix List
libpthread-stubs-0.4           Weak aliases for pthread functions
libraqm-0.9.0                  Library that encapsulates complex text layout logic
libraw-0.20.2_3                Library for manipulating raw images
libssh2-1.10.0,3               Library implementing the SSH2 protocol
libsunacl-1.0.1                Wrapper providing SunOS NFSv4 ACL API
libtasn1-4.18.0                ASN.1 structure parser library
libudev-devd-0.5.0             libudev-compatible interface for devd
libunistring-1.0               Unicode string library
libunwind-20211201_1           Generic stack unwinding library
libv4l-1.23.0                  Video4Linux library
libva-2.16.0                   VAAPI wrapper and dummy driver
libvdpau-1.5                   VDPAU wrapper and tracing library
libvorbis-1.3.7_2,3            Audio compression codec library
libvpx-1.12.0                  VP8/VP9 reference encoder/decoder
libwmf-nox11-0.2.12            Tools and library for converting Microsoft WMF (windows metafile)
libx264-0.164.3095             H.264/MPEG-4 AVC Video Encoding (Library)
libxcb-1.15                    The X protocol C-language Binding (XCB) library
libxml2-2.10.3                 XML parser library for GNOME
libxslt-1.1.37                 XML stylesheet transformation library
libzip-1.9.2                   C library for reading, creating, and modifying ZIP archives
lmdb-0.9.29_1,1                OpenLDAP Lightning Memory-Mapped Database
m4-1.4.19,1                    GNU M4
mariadb103-client-10.3.36      Multithreaded SQL database (client)
mariadb103-server-10.3.36      Multithreaded SQL database (server)
mpdecimal-2.5.1                C/C++ arbitrary precision decimal floating point libraries
nano-6.4                       Nano's ANOther editor, an enhanced free Pico clone
nettle-3.8.1                   Low-level cryptographic library
npth-1.6                       New GNU Portable Threads
oniguruma-6.9.8_1              Regular expressions library compatible with POSIX/GNU/Perl
openexr-3.1.5                  High dynamic-range (HDR) image file format
openjpeg-2.5.0                 Open-source JPEG 2000 codec
openldap26-client-2.6.3        Open source LDAP client implementation
opus-1.3.1                     IETF audio codec
p11-kit-0.24.1_1               Library for loading and enumerating of PKCS#11 modules
p5-Authen-SASL-2.16_1          Perl5 module for SASL authentication
p5-CGI-4.54                    Handle Common Gateway Interface requests and responses
p5-Clone-0.45                  Recursively copy Perl datatypes
p5-Digest-HMAC-1.04            Perl5 interface to HMAC Message-Digest Algorithms
p5-Encode-Locale-1.05          Determine the locale encoding
p5-Error-0.17029               Error/exception handling in object-oriented programming style
p5-GSSAPI-0.28_2               Perl extension providing access to the GSSAPIv2 library
p5-HTML-Parser-3.78            Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.20_1          Some useful data table in parsing HTML
p5-HTTP-Date-6.05              Conversion routines for the HTTP protocol date formats
p5-HTTP-Message-6.37           Representation of HTTP style messages
p5-IO-HTML-1.004               Open an HTML file with automatic charset detection
p5-IO-Socket-INET6-2.72_1      Perl module with object interface to AF_INET6 domain sockets
p5-IO-Socket-SSL-2.075         Perl5 interface to SSL sockets
p5-LWP-MediaTypes-6.04         Guess media type for a file or a URL
p5-Locale-gettext-1.07         Message handling functions
p5-Locale-libintl-1.32         Internationalization library for Perl
p5-Mozilla-CA-20211001         Perl extension for Mozilla CA cert bundle in PEM format
p5-Net-SSLeay-1.92             Perl5 interface to SSL
p5-Socket6-0.29                IPv6 related part of the C socket.h defines and structure manipulators
p5-Text-Unidecode-1.30         US-ASCII transliterations of Unicode text
p5-TimeDate-2.33,1             Perl5 module containing a better/faster date parser for absolute dates
p5-URI-5.12                    Perl5 interface to Uniform Resource Identifier (URI) references
p5-Unicode-EastAsianWidth-12.0 East Asian Width properties
panda-cclient-20130621_2       Mark Crispin's C-client mail access routines forked from UW
pciids-20220807                Database of all known IDs used in PCI devices
pcre2-10.40                    Perl Compatible Regular Expressions library, version 2
perl5-5.32.1_3                 Practical Extraction and Report Language
php80-8.0.25                   PHP Scripting Language
php80-bcmath-8.0.25            The bcmath shared extension for php
php80-bz2-8.0.25               The bz2 shared extension for php
php80-ctype-8.0.25             The ctype shared extension for php
php80-curl-8.0.25              The curl shared extension for php
php80-dom-8.0.25               The dom shared extension for php
php80-exif-8.0.25              The exif shared extension for php
php80-fileinfo-8.0.25          The fileinfo shared extension for php
php80-filter-8.0.25            The filter shared extension for php
php80-ftp-8.0.25               The ftp shared extension for php
php80-gd-8.0.25                The gd shared extension for php
php80-gmp-8.0.25               The gmp shared extension for php
php80-iconv-8.0.25             The iconv shared extension for php
php80-imap-8.0.25              The imap shared extension for php
php80-intl-8.0.25              The intl shared extension for php
php80-ldap-8.0.25              The ldap shared extension for php
php80-mbstring-8.0.25          The mbstring shared extension for php
php80-mysqli-8.0.25            The mysqli shared extension for php
php80-opcache-8.0.25           The opcache shared extension for php
php80-pcntl-8.0.25             The pcntl shared extension for php
php80-pdo-8.0.25               The pdo shared extension for php
php80-pdo_mysql-8.0.25         The pdo_mysql shared extension for php
php80-pecl-APCu-5.1.21         APC User Caching
php80-pecl-imagick-3.5.1       PHP wrapper to the ImageMagick/GraphicsMagick library version 6
php80-pecl-memcache-8.0        Memcached extension
php80-pecl-redis-5.3.5         Extension to access Redis
php80-pecl-smbclient-1.0.6     Smbclient wrapper extension
php80-phar-8.0.25              The phar shared extension for php
php80-posix-8.0.25             The posix shared extension for php
php80-session-8.0.25           The session shared extension for php
php80-simplexml-8.0.25         The simplexml shared extension for php
php80-xml-8.0.25               The xml shared extension for php
php80-xmlreader-8.0.25         The xmlreader shared extension for php
php80-xmlwriter-8.0.25         The xmlwriter shared extension for php
php80-xsl-8.0.25               The xsl shared extension for php
php80-zip-8.0.25               The zip shared extension for php
php80-zlib-8.0.25              The zlib shared extension for php
pinentry-1.2.1                 Collection of simple PIN or passphrase entry dialogs
pinentry-curses-1.2.1          Curses version of the GnuPG password dialog
pkg-1.19.0                     Package manager
pkgconf-1.8.0_1,1              Utility to help to configure compiler and linker flags
png-1.6.37_1                   Library for manipulating PNG images
poppler-data-0.4.11            Poppler encoding data
popt-1.18_1                    Getopt(3) like library with a number of enhancements, from Redhat
py39-dnspython-2.2.1_1,1       DNS toolkit for Python
py39-importlib-metadata-4.8.1  Read metadata from Python packages
py39-markdown-3.3.7            Python implementation of Markdown
py39-setuptools-63.1.0         Python packages installer
py39-zipp-3.4.0                Backport of pathlib-compatible object wrapper for zip files
python39-3.9.15                Interpreted object-oriented programming language
readline-8.1.2                 Library for editing command lines as they are typed
redis-7.0.5                    Persistent key-value database with built-in net interface
rsync-3.2.5                    Network file distribution/synchronization utility
samba412-4.12.15_4             Free SMB/CIFS and AD/DC server and client for Unix
screen-4.9.0_6                 Multi-screen window manager
shared-mime-info-2.2_1         MIME types database from the freedesktop.org project
sqlite3-3.39.3,1               SQL database engine in a C library
sudo-1.9.12p1                  Allow others to run commands as root
svt-av1-1.2.1                  Scalable AV1 encoder
talloc-2.3.4                   Hierarchical pool based memory allocator
tdb-1.4.7,1                    Trivial Database
tevent-0.13.0                  Talloc based event loop library
texinfo-6.8_3,1                Typeset documentation system with multiple format output
tiff-4.4.0                     Tools and library routines for working with TIFF images
unixODBC-2.3.11                ODBC library suite for Unix
vim-9.0.0379                   Improved version of the vi editor (console flavor)
vmaf-2.3.1                     Perceptual video quality assessment based on multi-method fusion
wayland-1.21.0                 Core Wayland window system code and protocol
webp-1.2.4                     Google WebP image format conversion tool
x265-3.4_2                     H.265/High Efficiency Video Coding (HEVC) format
xorgproto-2022.1               X Window System unified protocol definitions
xxhash-0.8.1_2                 Extremely fast non-cryptographic hash algorithm
zsh-5.9_1                      The Z shell
zstd-1.5.2_1                   Fast real-time compression algorithm

I'm not the most familiar with php, but I tried to check fpm but it wasn't running

Code:

nextcloud# service php-fpm status
php_fpm is not running.

Then I tried to start it, and found this error:

Code:

nextcloud# service php-fpm start
Performing sanity check on php-fpm configuration:
[31-Mar-2024 22:08:14] ALERT: [pool www] pm.start_servers(20) must not be less than pm.min_spare_servers(6) and not greater than pm.max_spare_servers(18)
[31-Mar-2024 22:08:14] ERROR: failed to post process the configuration
[31-Mar-2024 22:08:14] ERROR: FPM initialization failed
/usr/local/etc/rc.d/php-fpm: WARNING: failed precmd routine for php_fpm

I'm not sure where the config file is, because the one config I checked at `/usr/local/etc/php-fpm.conf` didn't contain anything about servers

Code:

nextcloud# cat /usr/local/etc/php-fpm.conf | grep servers
nextcloud#   

Now that I read that error, I do vaguely remember trying to tune my nextcloud performance before which might have touched those values. However, I'm not sure where those config options are now.

That would be at /usr/local/etc/php-fpm.d/www.conf

 

[toxikat]

Oh, wow that feels like a rookie mistake. I swear I'm just not searching the right filenames somehow.

I edited that file's `pm.max_spare_servers = 20` and started with `service php-fpm start`. Now when I visit the site locally, it shows up.

I won't be able to test on a different network until tomorrow so I'll report back then, but this is already super promising.

Thanks so much for the help!

 

[victort]

Oh, wow that feels like a rookie mistake. I swear I'm just not searching the right filenames somehow.

I edited that file's `pm.max_spare_servers = 20` and started with `service php-fpm start`. Now when I visit the site locally, it shows up.

I won't be able to test on a different network until tomorrow so I'll report back then, but this is already super promising.

Thanks so much for the help!

Excellent.

 

[toxikat]

So, I suspect that I didn't reboot php-fpm after making my original change there which is why it still ran. And I guess that does mean that the hard reboot I did after my ISP changed my ipv4 did cause the original outage.

I do have one more question though, which is whether you think it's possible (and better) to get rid of Caddy in nextcloud and just have one caddy in my caddy jail?

 

[victort]

So, I suspect that I didn't reboot php-fpm after making my original change there which is why it still ran. And I guess that does mean that the hard reboot I did after my ISP changed my ipv4 did cause the original outage.

I do have one more question though, which is whether you think it's possible (and better) to get rid of Caddy in nextcloud and just have one caddy in my caddy jail?

No. Caddy needs to be there to serve your Nextcloud files, and it needs to be on your proxy jail to do the proxying.