Fail2ban on NextCloud

does some guys use fail2ban and nextcloud, curiously it seems that bad login are not logged until you specify something in the config files

in short they speak to add in /path/to/Nextcloud/config/config.php something like that :

 'logfile' => '/var/log/nextcloud.log',
  'loglevel' => 2,


'logtimezone' => 'TIMEZONEHERE',
'log_type' => 'owncloud',
'logfile' => 'nextcloud.log',

It seems also that the nextcloud team has done at the php level a solution to block bad login.

So if you have something to share, it will be nice


Never tested yet but it looks interesting, maybe someone can test this configuration and let us know /cc @jackyes

Hi Alessio,

I did modifications in Nextcloud config.php, but how can I add nextcloud.log in /var/log/?
Just manually create a new file? If is right, with what permissions?
Sorry but I don’t know!:cry:


what are the permission and ownership of /usr/share/nextcloud files or in any other place ? I guess it could be the same owners !!!

I think the only files related to Nextcloud are in /var/www/html/nextcloud.

Anyway, I have created a file, nextcloud.log, in /var/log/, but nothing is written in, no matter what I do: login; logout; wrong login.

what a funny place, why not /usr/share, this should be the default and usual place for centos

@GG_jr did you restart apache , can you give the ownership of nextcloud.log to apache ???

of course never tried it

it was the same for owncloud, funny place /var/www/owncloud

I have restart service httpd from Services UI.

After that and restart httpd, nextcloud.log began to fill.

At the bottom, are 4 attempts to log in with wrong credentials.

What I have to do as F2B to react?

Yes it is, but ownCloud and NextCloud use /var/www … probably because it’s the same also in other distro :slight_smile:

Can’t test now… now i’m running only NS6… i will crate a VM for testing purpose in the next week :cry:

1 Like

Man, are you kidding me? Let’s install NethServer 7 and do your homework! :point_right:

I’m joking, of course. :upside_down:


now a jail needs to be created see

1 Like

I’m not a rpm guru, but there is a lot of macros that can be used to put the right file at the right place with the same srpm whatever the linux distros .

I should take a look to the srpm

@dev_team Is it possible to add something to create from start the log to catch bad login in nextcloud.

I mean something from this ->


Thank you!
I will try today.

Yes, but the rpm has been created after a private discussion with nextcloud team.
Basically, the aim of the rpm is to have an installation which looks like as a manual installation.

We also talked with James Hogarth, who is the actual maintainer of ownCloud package.
He already submitted a NextCloud packages to EPEL:

This rpm is built following all CentOS guidelines. I think we will switch to it, when available :slight_smile:

Of course, anyone want to try the commands on a clean machine?
After the test, I can open an issue for the enhancement.

1 Like

cc: @giacomo

It works!

How I did (inspired from here: ):

  • I found in /etc/fail2ban/filter.d this file: owncloud-auth.conf
  • I have renamed owncloud-auth.conf in nextcloud.conf (I don’t know if was necessary but is the first time for me when …)
  • In /etc/fail2ban/, I have modified jail.local by adding the following lines, after #owncloud not installed on this server :

enabled = true
filter = nextcloud
banaction = iptables-allports
protocol = all
port = anyport
logpath = /var/log/nextcloud.log
findtime = 604800
bantime = 604800
maxretry = 3

  • I have restarted fail2ban service from Services UI.

Tested login in Nextcloud with wrong password and the IP was banned after 3 attempts!

Now, somebody who knows " How To" and of course wants, should make all the things good!

What I have done, I did it my way!

Thank you Stephane!


Great! You should write a small howto about this. How about?

1 Like

It was only a test.
I will learn how and where shall be created permanent config files, because after reboot or an update, the modifications are lost.

1 Like


Learning by errors, this is my personal favourit way to progress.

Take a look to my github account i added a specific jail for the server manager, the process is the same

1 Like