Create user failed / password policy crash

[Patrick-DE]

Reference thread:
https://help.nextcloud.com/t/creating-user-does-not-work/6134
Prerequisite: Enable (all) password security settings 1-4.

Steps to reproduce

1. Go to Settings -> Users
2. Enter a username
3. Enter a password which does not comply with the given password policy
4. Click "Create"

Expected behaviour

It should create a user with the given username password and group.

Actual behaviour

It happens nothing visible to the user.
After refreshing the page, the server is not able to load the site correctly. You just get a white page with the request getting rejected with a 500 server error.
After restarting the server I can use it again but still no chance to create a user.

Server configuration

Debian 8.0
nginx/1.10.3
mysql - "10.0.30"
PHP 7.0.19
NC Version 12.0.0.29
Updated from Nextcloud 10 / but also reported with fresh installs
Installed Nextcloud directly from the webpage
Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:
  - activity: 2.5.2
  - admin_audit: 1.2.0
  - announcementcenter: 3.1.0
  - bruteforcesettings: 1.0.2
  - calendar: 1.5.3
  - comments: 1.2.0
  - contacts: 1.5.3
  - dav: 1.3.0
  - federatedfilesharing: 1.2.0
  - federation: 1.2.0
  - files: 1.7.2
  - files_accesscontrol: 1.2.3
  - files_external: 1.3.0
  - files_pdfviewer: 1.1.1
  - files_reader: 1.0.4
  - files_sharing: 1.4.0
  - files_texteditor: 2.4.1
  - files_trashbin: 1.2.0
  - files_versions: 1.5.0
  - files_videoplayer: 1.1.0
  - firstrunwizard: 2.1
  - gallery: 17.0.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.0.0
  - nextant: 1.0.8
  - nextcloud_announcements: 1.1
  - notifications: 2.0.0
  - oauth2: 1.0.5
  - password_policy: 1.2.2
  - provisioning_api: 1.2.0
  - serverinfo: 1.2.0
  - sharebymail: 1.2.0
  - spreed: 2.0.1
  - survey_client: 1.0.0
  - systemtags: 1.2.0
  - tasks: 0.9.5
  - theming: 1.3.0
  - twofactor_backupcodes: 1.1.1
  - updatenotification: 1.2.0
  - workflowengine: 1.2.0

Nextcloud configuration:

Config report

{
    "system": {
        "instanceid": "octh7ni6tsu6",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.eisenschmidt.family",
            "192.168.178.34",
            "raspberrypi",
            "gj6vzycpsuqcj8gx.myfritz.net"
        ],
        "datadirectory": "\/media\/usb-hdd\/nextcloud",
        "overwrite.cli.url": "https:\/\/ADDRESS",
        "dbtype": "mysql",
        "version": "12.0.0.29",
        "dbname": "nextcloud",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "localhost",
            "port": 6379
        },
        "logtimezone": "Europe\/Berlin",
        "installed": true,
        "debug": true,
        "loglevel": 2,
        "filesystem_check_changes": 1,
        "appstore.experimental.enabled": true,
        "maintenance": false,
        "theme": "",
        "trashbin_retention_obligation": "auto",
        "appcodechecker": true,
        "filelocking.ttl": 3600,
        "mail_smtpmode": "smtp",
        "mail_from_address": "support",
        "mail_domain": "DOMAIN,
        "mail_smtpauth": 1,
        "mail_smtphost": "SMTP",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpport": "PORT",
        "mail_smtpsecure": "tls"
    }
}

Are you using external storage, if yes which one: local/smb/sftp/...
I am using a local harddisk for storing the nextcloud data
Are you using encryption: yes/no
no encryption
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no external user-backend

Client configuration

Browser:
Version 59.0.3071.115 (Offizieller Build) (64-Bit)
Operating system:
Windows 10

Logs

Web server error log

Web server error log

No server logs

Nextcloud log (data/nextcloud.log)

Nextcloud log

No server logs

Browser log

Browser log

![nc error](https://user-images.githubusercontent.com/14962702/28250696-4b8a0b16-6a6f-11e7-8478-0d51d9468689.png)

There is an workaround by disabling all password security settings or by adding the user via occ:
sudo -u www-data php occ user:add --display-name="Layla Smith" --group="users" --group="db-admins" layla

[rullzer]

Can you post your nginx config?

[Patrick-DE]

NGINX Conf:

NGINX Conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
log_format gitlab_access '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
  log_format gitlab_ci_access '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
  log_format gitlab_mattermost_access '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';


	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

[rullzer]

Ah sorry. I ment the part with your nextcloud vhost

[Patrick-DE]

Nextcloud vhost Conf:

Nextcloud vhost Conf

upstream php-handler {
    #server 127.0.0.1:9000;
     server unix:/run/php/php7.0-fpm.sock;
}


server {
    listen 80;
	location ^~ /.well-known/acme-challenge {
    	 default_type text/plain;
    	 root /var/www/letsencrypt;
    	}

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name URL;

	#ssl_protocols TLSv1.1 TLSv1.2; #DOES NOT WORK ON OSX
    ssl_certificate /etc/letsencrypt/live/DOMAIN/chained.crt;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN/rsa_pk.key;
    ssl_session_timeout 24h;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;
    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
    add_header X-Content-Type-Options nosniff;
    #add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
#    location ^~ /.well-known/acme-challenge {
#      default_type text/plain;
#      root /var/www/letsencrypt;
#    }
    location = /.well-known/carddav { 
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }
    client_max_body_size 4G;
    fastcgi_buffers 64 4K;
    gzip off;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
    location / {
        rewrite ^ /index.php$uri;
    }
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }
    location ~
    ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        #fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
	#fastcgi_read_timeout 300;
        #fastcgi_send_timeout 300;
        #fastcgi_connect_timeout 300;
    }
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        access_log off;
    }
    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }
}

server {
    listen 443 ssl http2;
    server_name DOMAIN2; #Has nothing to do with nextcloud

	ssl_protocols TLSv1.1 TLSv1.2;
    ssl_certificate /etc/letsencrypt/live/DOMAIN2/chained.crt;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN2/rsa_pk.key;
    ssl_session_timeout 24h;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;
    server_tokens off;
    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

#    location ^~ /.well-known/acme-challenge {
#       default_type text/plain;
#       root /var/www/letsencrypt;
#    }

	root /usr/share/nginx/html/PATH;
	index index.php index.html index.htm;

	# serve static files directly
         location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
               access_log        off;
               expires           max;
         }

     location ~ \.php$ {
	try_files $uri =404;
	fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
    	fastcgi_index index.php;
       	include /etc/nginx/fastcgi_params;
    }
}

server {
    listen       80;
    server_name  office,.DOMAIN3; #office for nextcloud with docker

	ssl_protocols TLSv1.1 TLSv1.2;
    ssl_certificate /etc/letsencrypt/live/DOMAIN/chained.crt;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN/rsa_pk.key;
    ssl_session_timeout 24h;

	root /var/www/office;
	
    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # websockets, download, presentation and image upload
    location ^~ /lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }
}

[rullzer]

You need to remove the error page lines. Else the errors get converted by nginx.