massive use of libargon/hash #22886
Description
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- install nextcloud with apache and mod-php
- run 100 user with ~10TB
Expected behaviour
faster reaction
Actual behaviour
it looks like that libargon is extensively used by PHP
with php-fpm it looks different:
Server configuration
Operating system: Debian 10 (buster)
Web server: apache2 2.4.38
Database: mariadb 101.3
PHP version: 7.2
Nextcloud version: 17.0.9
Updated from an older Nextcloud/ownCloud or fresh install: older (since owncloud 6)
Where did you install Nextcloud from:
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
- accessibility: 1.3.0
- activity: 2.10.1
- bruteforcesettings: 1.6.0
- calendar: 2.0.4
- cloud_federation_api: 1.0.0
- comments: 1.7.0
- contacts: 3.3.0
- dav: 1.13.0
- federatedfilesharing: 1.7.0
- federation: 1.7.0
- files: 1.12.0
- files_external: 1.8.0
- files_pdfviewer: 1.6.0
- files_rightclick: 0.15.1
- files_sharing: 1.9.0
- files_trashbin: 1.7.0
- files_versions: 1.10.0
- files_videoplayer: 1.6.0
- firstrunwizard: 2.6.0
- gallery: 18.4.0
- impersonate: 1.4.2
- logreader: 2.2.0
- lookup_server_connector: 1.5.0
- nextcloud_announcements: 1.6.0
- notifications: 2.5.0
- oauth2: 1.5.0
- onlyoffice: 5.0.0
- password_policy: 1.7.0
- privacy: 1.1.0
- provisioning_api: 1.7.0
- recommendations: 0.5.0
- serverinfo: 1.7.0
- sharebymail: 1.7.0
- support: 1.0.2
- survey_client: 1.5.0
- systemtags: 1.7.0
- text: 1.1.1
- theming: 1.8.0
- twofactor_backupcodes: 1.6.0
- updatenotification: 1.7.0
- user_ldap: 1.7.0
- viewer: 1.2.0
- workflowengine: 1.7.0
Disabled:
- admin_audit
- bookmarks
- encryption
Nextcloud configuration:
Config report
{
"system": {
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"194.94.224.89",
"wolke7.my.company.de",
"cloud7.my.company.de"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"version": "17.0.9.2",
"dbtype": "mysql",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"default_language": "en",
"defaultapp": "files",
"knowledgebaseenabled": false,
"enable_avatars": true,
"allow_user_to_change_display_name": false,
"remember_login_cookie_lifetime": 604800,
"session_lifetime": 86400,
"session_keepalive": true,
"token_auth_enforced": false,
"auth.bruteforce.protection.enabled": true,
"skeletondirectory": "\/var\/www\/nextcloud\/core\/skeleton",
"lost_password_link": "https:\/\/ldapserver.my.company.de\/",
"mail_smtpmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"mail_smtpdebug": false,
"mail_smtptimeout": 10,
"overwritehost": "",
"overwriteprotocol": "https",
"overwritewebroot": "",
"htaccess.RewriteBase": "\/",
"trashbin_retention_obligation": "auto",
"versions_retention_obligation": "auto, 30",
"appcodechecker": true,
"updatechecker": true,
"updater.server.url": "https:\/\/updates.nextcloud.com\/customers\/xxxx-aaaa-bbbb-sssss-qqqqq\/",
"updater.release.channel": "enterprise",
"has_internet_connection": true,
"check_for_working_webdav": true,
"check_for_working_wellknown_setup": true,
"check_for_working_htaccess": true,
"config_is_read_only": false,
"log_type": "owncloud",
"logfile": "\/var\/log\/apache2\/nextcloud_app.log",
"loglevel": 0,
"logdateformat": "F d, Y H:i:s",
"logtimezone": "Europe\/Berlin",
"log_query": false,
"cron_log": true,
"log_rotate_size": false,
"customclient_desktop": "https:\/\/nextcloud.com\/install\/",
"customclient_android": "https:\/\/play.google.com\/store\/apps\/details?id=com.nextcloud.client",
"customclient_ios": "https:\/\/itunes.apple.com\/us\/app\/nextcloud\/id1125420102?mt=8",
"appstoreenabled": true,
"apps_paths": [
{
"path": "\/var\/www\/nextcloud\/apps",
"url": "\/apps",
"writable": true
}
],
"enable_previews": true,
"preview_max_x": 2048,
"preview_max_y": 2048,
"preview_max_scale_factor": 10,
"preview_max_filesize_image": 50,
"preview_libreoffice_path": "\/usr\/bin\/libreoffice",
"preview_office_cl_parameters": " --headless --nologo --nofirststartwizard --invisible --norestore --convert-to pdf --outdir ",
"enabledPreviewProviders": [
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown"
],
"ldapUserCleanupInterval": 51,
"maintenance": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"tempdirectory": "\/nfs_nc_storage\/tmp_nextcloud",
"hashingCost": 10,
"blacklisted_files": [
".htaccess"
],
"cipher": "AES-256-CFB",
"minimum.supported.desktop.version": "1.7.0",
"filesystem_check_changes": 0,
"part_file_in_storage": true,
"mount_file": "\/var\/www\/nextcloud\/data\/mount.json",
"filesystem_cache_readonly": false,
"forwarded_for_headers": [
"HTTP_X_FORWARDED",
"HTTP_FORWARDED_FOR"
],
"max_filesize_animated_gifs_public_sharing": 5,
"filelocking.enabled": true,
"filelocking.ttl": 3600,
"upgrade.disable-web": false,
"debug": false,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"overwrite.cli.url": "https:\/\/wolke7.my.company.de",
"mail_smtpauthtype": "LOGIN",
"activity_expire_days": 30
}
}
Are you using external storage, if yes which one: I use local storage which is mounten from a nfs server
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | s01 |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | ldaps://<IP> |
| ldapBackupPort | 7636 |
| ldapBase | dc=my,dc=company,dc=de |
| ldapBaseGroups | cn=groups,dc=my,dc=company,dc=de |
| ldapBaseUsers | cn=users,dc=my,dc=company,dc=de |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | a_lot_of_groups |
| ldapGroupFilterGroups | a_lot_of_groups |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | gidNumber |
| ldapHost | ldaps://<IP> |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(|(objectclass=inetOrgPerson)(objectclass=posixAccount))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 1 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 7636 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (|(objectclass=inetOrgPerson)(objectclass=posixAccount)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | inetOrgPerson;posixAccount |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 1 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Logs
Web server error log
Web server error log
only things like:
[Wed Sep 16 15:43:43.163990 2020] [authz_core:error] [pid 31359] [client 89.26.74.188:53863] AH01630: client denied by server configuration: /var/www/nextcloud/config
Nextcloud log (data/nextcloud.log)
Nextcloud log
Insert your Nextcloud log here