tune Nextcloud Apache/PHP to fix constant crash-looping (50 restarts/6d)

Root cause: Apache prefork with 150 MaxRequestWorkers (each ~220MB RSS) on SQLite DB causes worker exhaustion + lock contention → Apache hangs → aggressive liveness probe (3 failures × 10s) kills container. Fixes: - Apache: MaxRequestWorkers 150→25, MaxConnectionsPerChild 0→200, StartServers 5→3 (via ConfigMap mount over mpm_prefork.conf) - PHP: max_execution_time 0→300s, max_input_time 300s (prevent zombie workers) - Liveness probe: period 10s→30s, failureThreshold 3→6, timeout 5s→10s (180s tolerance vs 30s before) - Readiness probe: period 10s→30s, timeout 5s→10s
2026-03-08 21:33:27 +00:00 · 2026-03-08 21:33:27 +00:00 · ff03f2b99f
commit ff03f2b99f
parent ad8b90575e
2 changed files with 56 additions and 0 deletions
--- a/stacks/nextcloud/chart_values.yaml
+++ b/stacks/nextcloud/chart_values.yaml
@ -18,10 +18,19 @@ nextcloud:
  extraEnv:
    - name: TRUSTED_PROXIES
      value: "10.0.0.0/8"
+    - name: PHP_MEMORY_LIMIT
+      value: "512M"
+    - name: PHP_UPLOAD_LIMIT
+      value: "16G"
    # - name: mail_smtpdebug
    #   value: "true"
    # - name: loglevel
    #   value: "0"
+  phpConfigs:
+    zzz-custom.ini: |
+      max_execution_time = 300
+      max_input_time = 300
+      default_socket_timeout = 300

 # internalDatabase:
 #   enabled: false
@ -54,6 +63,22 @@ startupProbe:
  failureThreshold: 60
  successThreshold: 1

+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 10
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 10
+  failureThreshold: 3
+  successThreshold: 1
+
 podAnnotations:
  diun.enable: "true"
  diun.include_tags: "^[0-9]+(?:.[0-9]+)?(?:.[0-9]+)?.*"
@ -71,3 +96,14 @@ resources:

 cronjob:
  enabled: true
+
+# Mount custom Apache MPM config to limit worker count
+extraVolumes:
+  - name: apache-tuning
+    configMap:
+      name: nextcloud-apache-tuning
+
+extraVolumeMounts:
+  - name: apache-tuning
+    mountPath: /etc/apache2/mods-enabled/mpm_prefork.conf
+    subPath: mpm_prefork.conf
--- a/stacks/nextcloud/main.tf
+++ b/stacks/nextcloud/main.tf
@ -86,6 +86,26 @@ resource "helm_release" "nextcloud" {
  timeout = 6000
 }

+resource "kubernetes_config_map" "apache_tuning" {
+  metadata {
+    name      = "nextcloud-apache-tuning"
+    namespace = kubernetes_namespace.nextcloud.metadata[0].name
+  }
+  data = {
+    "mpm_prefork.conf" = <<-EOF
+      # Tuned for container with 6Gi memory limit
+      # Each worker uses ~220MB RSS, so 25 workers ≈ 5.5GB
+      <IfModule mpm_prefork_module>
+        StartServers            3
+        MinSpareServers         2
+        MaxSpareServers         5
+        MaxRequestWorkers       25
+        MaxConnectionsPerChild  200
+      </IfModule>
+    EOF
+  }
+}
+
 # resource "kubernetes_config_map" "config" {
 #   metadata {
 #     name      = "config"