Docker + OAuth2 + Redis + php.ini

peter.zautasvili · January 18, 2022, 8:39pm

Hi,

When using TOTP and OAuth2 it seems that preventing frequent re-authentication we need to use Redis session locking.

The documentation (https://doc.owncloud.com/pdf/server/10.2_ownCloud_Admin_Manual.pdf) says:

“Enable Redis Session Locking by setting redis.session.locking_enabled = 1 in php.ini”

However in Docker system setting the environment value “OWNCLOUD_REDIS_ENABLED=true” does not adding this setting in the php.ini.

The system config report shows:
session.save_handler: “files”

which should be “redis” based on the documentation.

What is the proper way to do this? Any environment value I miss? Or is this a bug?

eneubauer · January 19, 2022, 8:13am

Here is the official list of docker environment variables:

The following variables mention session:

OWNCLOUD_REDIS_SESSION_LOCKING_ENABLED 1
OWNCLOUD_REDIS_SESSION_LOCK_RETRIES 750
OWNCLOUD_REDIS_SESSION_LOCK_WAIT_TIME 20000
OWNCLOUD_SESSION_KEEPALIVE
OWNCLOUD_SESSION_LIFETIME
OWNCLOUD_SESSION_SAVE_HANDLER files
OWNCLOUD_SESSION_SAVE_PATH ${OWNCLOUD_VOLUME_SESSIONS}

So in order to enable it you need to overwrite the following variables like so:

OWNCLOUD_SESSION_SAVE_HANDLER=redis
OWNCLOUD_SESSION_SAVE_PATH=tcp://redis:6379

This only works if your redis server is available to your docker container as redis (e.g defined as this name in your docker-compose).

This documentation is waaay outdated, current version is 10.9.1:

To find out what this environment variable actually does, just search for it in the docker base repository:

As you can see in the following file, all this environment variable does is enable Redis for file locking and ownCloud internal caching:

github.com

owncloud-docker/base/blob/06bed84b31a571b9aecc08a60f495583cf11c99d/latest/overlay/etc/templates/config.php#L480

    
      
          if (getenv('OWNCLOUD_LOGIN_ALTERNATIVES') != '') {
            $rows = explode(',', getenv('OWNCLOUD_LOGIN_ALTERNATIVES'));
          
          
  foreach ($rows as $key => $value) {
              parse_str($value, $opts);
              $config['login.alternatives'][$key] = $opts;
            }
          }
          
          
switch (true) {
            case getenv('OWNCLOUD_REDIS_ENABLED') && getenv('OWNCLOUD_REDIS_ENABLED') == 'true':
              $config = array_merge_recursive($config, [
                'memcache.distributed' => '\OC\Memcache\Redis',
                'memcache.locking' => '\OC\Memcache\Redis',
              ]);
              switch (true) {
                case getenv('OWNCLOUD_REDIS_SEEDS') != '':
                  $config['redis.cluster']['seeds'] = explode(',', getenv('OWNCLOUD_REDIS_SEEDS'));
          
          
        if (getenv('OWNCLOUD_REDIS_TIMEOUT') != '') {
                    $config['redis.cluster']['timeout'] = (float) getenv('OWNCLOUD_REDIS_TIMEOUT');

It is still mandatory to be enabled in order to have a fully supported ownCloud setup.

peter.zautasvili · January 19, 2022, 9:43am

Thanks, exactly this two I was missing by user error

system · April 19, 2022, 9:44am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.