my nextcloud server uses too much RAM (apache)

Question

I'm using Apache with following configuration:

Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
<FilesMatch \.php$>
        SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/"
</FilesMatch>
HostnameLookups Off
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/html/>
   Options +FollowSymlinks
   AllowOverride All
</Directory>
<IfModule mod_expires.c>
ExpiresActive On
FileETag None
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType text/html "access plus 1 month"
</IfModule>

<IfModule worker.c>
StartServers 2
MaxClients 50
MinSpareThreads 1
MaxSpareThreads 2
ThreadsPerChild 15
MaxRequestsPerChild 0
</IfModule>

<IfModule prefork.c>
          StartServers          2
          MinSpareServers       1
          MaxSpareServers       2
          MaxClients           60
          MaxRequestsPerChild 1000
</IfModule>

Then this is my external.conf (where the traffic from varnish's gonna be encrypted):

<VirtualHost *:443>
        Protocols h2 http/1.1
        ServerName cloud.privacyy.ch
        ErrorLog              /var/log/apache2/external-https_error.log
        CustomLog             /var/log/apache2/external-https_access.log combined

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/cloud.privacyy.ch/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/cloud.privacyy.ch/privkey.pem


    ProxyPreserveHost       On
    ProxyPass               / http://127.0.0.1:8080/
    ProxyPassReverse        / http://127.0.0.1:8080/

    <IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
          RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
          #RewriteRule ^/\.aurora https://cloud.privacyy.ch/aurora-staefa.ch/ [R=301,L]                                                                                                                    
    </IfModule>

    Header set Cache-Control "max-age=84600, private"
    <FilesMatch "\.(js|css|php)$">
           Header set Cache-Control "max-age=63072000, private"
    </FilesMatch>


    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
    Header always set X-Content-Security-Policy "allow 'self';"
    Header always set x-xss-protection "1; mode=block"
    Header always set X-Robots-Tag "none"
    Header always set X-Download-Options "noopen"
    Header always set X-Permitted-Cross-Domain-Policies "none"
    Header set X-Content-Type-Options: "nosniff"
    Header set X-Frame-Options: "sameorigin"
    SSLCompression off
</VirtualHost>

This is internal.conf:

<VirtualHost *:8181>
        protocols h2 http/1.1

    DocumentRoot /var/www/html
    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost/"
    </FilesMatch>

    <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    </IfModule>

       Header set Cache-Control "max-age=84600, public"
        <FilesMatch "\.(iso|mp3|mp4|m4a|mov)$">
         Header set Cache-Control "max-age=42300, private"
        </FilesMatch>
</VirtualHost>

Please note that I didn't include comments or like log-settings here

When I download anything using the web browser the apache server's using more and more ram (and uses whole 12.3GB swap even if I don't download a 12.3GB file) and the download speed's decreasing. The same happens when using Nextcloud (desktop/phone) apps

The original download speed was 10MB/s

I've enabled following apache mods:

access_compat alias auth_basic authn_core authn_file authz_core authz_host authz_user autoindex deflate dir env expires fcgid filter headers http2 mime mpm_event negotiation pagespeed proxy proxy_balancer proxy_fcgi proxy_http reqtimeout rewrite setenvif slotmem_shm socache_shmcb ssl status unique_id

I'm using a maria database (recently switched but didn't do much)

Nextcloud's using redis-server as a php cache and I've enabled opcache with the nextcloud's recommended settings. I disabled that already to test but that didn't solve the problem.

Accessibility
1.8.0
Vorgestellt
Activity
2.15.0
Vorgestellt
Brute-force settings
2.2.0
Vorgestellt
Calendar
2.3.4
Vorgestellt
Camera RAW Previews
0.7.12
Checksum
1.1.2
Circles
22.1.1
Vorgestellt
Collaborative tags
1.12.0
Vorgestellt
Comments
1.12.0
Vorgestellt
Contacts
4.0.3
Vorgestellt
Contacts Interaction
1.3.0
Vorgestellt
Dashboard
7.2.0
Vorgestellt
Default encryption module
2.10.0
Vorgestellt
Deleted files
1.12.0
Vorgestellt
End-to-End Encryption
1.7.1
Vorgestellt
Federation
1.12.0
Vorgestellt
File sharing
1.14.0
Vorgestellt
 Group folders
10.0.0
Vorgestellt
Log Reader
2.7.0
Vorgestellt
Mail
1.10.5
Vorgestellt
Maps
0.1.9
Vorgestellt
Metadata
0.14.0
Monitoring
1.12.0
Vorgestellt
Nextcloud announcements
1.11.0
Vorgestellt
Notes
4.1.1
Vorgestellt
Notifications
2.10.1
Vorgestellt
Password policy
1.12.0
Vorgestellt
PDF viewer
2.3.0
Vorgestellt
Photos
1.4.0
Vorgestellt
Privacy
1.6.0
Vorgestellt
Quota warning
1.11.0
Recognize
1.6.10
Registration
1.3.0
Right click
1.1.0
Vorgestellt 
 Share by mail
1.12.0
Vorgestellt
Support
1.5.0
Vorgestellt
Talk
12.1.2
Vorgestellt
Text
3.3.0
Vorgestellt
Theming
1.13.0
Vorgestellt
Two-Factor Email
2.1.1
Update notification
1.12.0
Vorgestellt
Usage survey
1.10.0
Vorgestellt
User status
1.2.0
Vorgestellt
Versions
1.15.0
Vorgestellt
Video converter
1.0.3
Video player
1.11.0
Vorgestellt
Weather status
1.2.0
Vorgestellt

(vorgestellt means recommended)

Only apache's using that much RAM - everything else's fine Also the things don't get removed from the RAM(&swap) until I reload/restart the apache server

When downloading from the browser the download just stops at 383MB - and the browser doesn't say how large the file is to download (Onedrive has that issue too with less than 1MB/s download speed on larger folders, it's like: unknown time remaining - how-much-already-downloaded - download speed)

What did I configure wrong? Or is it something else?

My server's an apple macbook air 4GB RAM 2GHz - 2.2GHz(boost) Intel multithreaded 2 core cpu, xanmod kernel If there's something missing, notify me One thing: earlyoom kills the apache server if there's no free RAM Another thing: I'm on Ubuntu21.04 without x-server and 400MB RAM usage if there's nothing going on

Answer 1

Disable Modsecurity body-scanning and bypass the varnish cache for downloads

Here's an issue: https://github.com/varnishcache/varnish-cache/issues/2964