mod_reqtimeout / RequestReadTimeout can't be configured for large file support #2443
Description
Hey there,
I'm facing the issue that I am unable to upload large files on my nextcloud instance. After 40 seconds my upload times out and my local nextcloud clients crashes.
I'm hosting an Ansible MASH playbook, which I guess, isn't relevant.
As described in the documentation, mod_reqtimeout can cause large file uploads to fail.
It seems disabling the mod or changing its configuration seems crucial for fixing the timout issue. Furthermore, it seems the RequestReadTimeout setting is responsible for limiting the request time to 40 seconds (as shown below).
However, this isn't possible using the nextcloud container image.
Expected behavior
Large files should upload fluently.
Actual behavior
Large files fail to upload after 40 seconds due to a server timeout. The Nextloud Windows client crashes.
Additional information
Additional environment variables
Environment variables set via MASH-config:
nextcloud_container_additional_environment_variables: |
PHP_MEMORY_LIMIT=20G
PHP_UPLOAD_LIMIT=20G
PHP_OPCACHE_MEMORY_CONSUMPTION=1024
APACHE_BODY_LIMIT=0
Active php ini settings:
I have no name!@034f0a74c941:/var/www/html$ php -i | grep -E "memory"
memory_limit => 20G => 20G
Collecting memory statistics => No
opcache.memory_consumption => 1024 => 1024
opcache.preferred_memory_model => no value => no value
opcache.protect_memory => Off => Off
I have no name!@034f0a74c941:/var/www/html$ php -i | grep -E "limit"
memory_limit => 20G => 20G
Total Links => 0/unlimited
ldap.max_links => Unlimited => Unlimited
mbstring.regex_retry_limit => 1000000 => 1000000
mbstring.regex_stack_limit => 100000 => 100000
memcached.item_size_limit => 0 => 0
memcached.sess_server_failure_limit => 0 => 0
pcre.backtrack_limit => 1000000 => 1000000
pcre.recursion_limit => 100000 => 100000
redis.pconnect.connection_limit => 0 => 0
session.cache_limiter => nocache => nocache
opcache.jit_bisect_limit => 0 => 0
Client Logfiles
2025-06-22 03:27:07:971 [ info nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:406 ]: request finished
2025-06-22 03:27:07:971 [ warning nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\libsync\abstractnetworkjob.cpp:223 ]: QNetworkReply::UnknownNetworkError "Der Schreibvorgang konnte nicht ausgeführt werden" QVariant(Invalid)
2025-06-22 03:27:07:971 [ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:207 ]: QNetworkReply::UnknownNetworkError
2025-06-22 03:27:07:971 [ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:208 ]: "Der Schreibvorgang konnte nicht ausgeführt werden"
2025-06-22 03:27:07:971 [ info nextcloud.sync.networkjob.put C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\libsync\propagateupload.cpp:96 ]: PUT of "https://SENSITIVE_DATA/1190532493/00001" FINISHED WITH STATUS "UnknownNetworkError Der Schreibvorgang konnte nicht ausgeführt werden" QVariant(Invalid) QVariant(Invalid)
2025-06-22 03:27:07:971 [ warning nextcloud.sync.propagator C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\libsync\owncloudpropagator.cpp:288 ]: Could not complete propagation of "allgemein/Marketing + Presse/ad-instagram-theaterfest.mov" by OCC::PropagateUploadFileNG(0x2f2c123f160) with status OCC::SyncFileItem::FatalError and error: "Der Schreibvorgang konnte nicht ausgeführt werden"
2025-06-22 03:27:07:977 [ info nextcloud.gui.activity C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\tray\usermodel.cpp:867 ]: Item "allgemein/Marketing + Presse/ad-instagram-theaterfest.mov" retrieved resulted in error "Der Schreibvorgang konnte nicht ausgeführt werden"
2025-06-22 03:27:07:982 [ info nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:406 ]: request finished
2025-06-22 03:27:07:982 [ warning nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\libsync\abstractnetworkjob.cpp:223 ]: QNetworkReply::OperationCanceledError "Operation abgebrochen" QVariant(Invalid)
2025-06-22 03:27:07:982 [ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:207 ]: QNetworkReply::OperationCanceledError
2025-06-22 03:27:07:982 [ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:208 ]: "Operation abgebrochen"
2025-06-22 03:27:07:982 [ info nextcloud.sync.networkjob.put C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\libsync\propagateupload.cpp:96 ]: PUT of https://SENSITIVE_DATA" FINISHED WITH STATUS "OperationCanceledError Operation abgebrochen" QVariant(Invalid) QVariant(Invalid)
2025-06-22 03:27:07:982 [ warning default unknown:0 ]: QIODevice::read (QNetworkReplyHttpImpl): device not open
2025-06-22 03:27:07:982 [ info nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:406 ]: request finished
2025-06-22 03:27:07:982 [ warning nextcloud.sync.networkjob C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\libsync\abstractnetworkjob.cpp:223 ]: QNetworkReply::OperationCanceledError "Operation abgebrochen" QVariant(Invalid)
2025-06-22 03:27:07:982 [ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:207 ]: QNetworkReply::OperationCanceledError
2025-06-22 03:27:07:982 [ warning nextcloud.sync.credentials.webflow C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\gui\creds\webflowcredentials.cpp:208 ]: "Operation abgebrochen"
2025-06-22 03:27:07:982 [ info nextcloud.sync.networkjob.put C:\Users\User\AppData\Local\Temp\windows-31590\client-building\desktop\src\libsync\propagateupload.cpp:96 ]: PUT of "https://SENSITIVE_DATA" FINISHED WITH STATUS "OperationCanceledError Operation abgebrochen" QVariant(Invalid) QVariant(Invalid)
2025-06-22 03:27:07:983 [ warning default unknown:0 ]: QIODevice::read (QNetworkReplyHttpImpl): device not open
2025-06-22 03:27:07:983 [ warning default unknown:0 ]: QIODevice::read (OCC::UploadDevice): device not open
OCC System Config
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"upgrade.disable-web": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"***REMOVED SENSITIVE VALUE***"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "31.0.6.2",
"overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"overwriteprotocol": "https",
"overwritewebroot": "",
"auth.bruteforce.protection.enabled": false,
"maintenance_window_start": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"forbidden_filename_basenames": [
"con",
"prn",
"aux",
"nul",
"com0",
"com1",
"com2",
"com3",
"com4",
"com5",
"com6",
"com7",
"com8",
"com9",
"com\u00b9",
"com\u00b2",
"com\u00b3",
"lpt0",
"lpt1",
"lpt2",
"lpt3",
"lpt4",
"lpt5",
"lpt6",
"lpt7",
"lpt8",
"lpt9",
"lpt\u00b9",
"lpt\u00b2",
"lpt\u00b3"
],
"forbidden_filename_characters": [
"<",
">",
":",
"\"",
"|",
"?",
"*",
"\\",
"\/"
],
"forbidden_filename_extensions": [
" ",
".",
".filepart",
".part"
],
"loglevel": 2,
"skeletondirectory": "",
"default_locale": "de_DE",
"default_phone_region": "DE",
"app_install_overwrite": []
}
}/etc/apache2/mods-enabled/reqtimeout.conf
# mod_reqtimeout limits the time waiting on the client to prevent an
# attacker from causing a denial of service by opening many connections
# but not sending requests. This file tries to give a sensible default
# configuration, but it may be necessary to tune the timeout values to
# the actual situation. Note that it is also possible to configure
# mod_reqtimeout per virtual host.
# Wait max 20 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 40 seconds in total.
# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
# cause problem with ssl enabled virtual hosts: This timeout includes
# the time a browser may need to fetch the CRL for the certificate. If
# the CRL server is not reachable, it may take more than 10 seconds
# until the browser gives up.
RequestReadTimeout header=20-40,minrate=500
# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 bytes/s
RequestReadTimeout body=10,minrate=500