does some guys use fail2ban and nextcloud, curiously it seems that bad login are not logged until you specify something in the config files
in short they speak to add in /path/to/Nextcloud/config/config.php something like that :
'logfile' => '/var/log/nextcloud.log', 'loglevel' => 2,
'logtimezone' => 'TIMEZONEHERE', 'log_type' => 'owncloud', 'logfile' => 'nextcloud.log',
It seems also that the nextcloud team has done at the php level a solution to block bad login.
So if you have something to share, it will be nice