Memory Usage causing Unraid to crash

[upendedshark]

Describe the bug

After running OpenCloud successfully for about a week and completing assimilation of ~1.6 TB of data, the container began consuming an abnormal amount of memory. Starting this morning, OpenCloud’s RAM usage rapidly spiked until it exhausted available system memory, repeatedly crashing the entire host (Unraid).

This happened three consecutive times:

First crash: while creating a new folder inside OpenCloud. Unraid became unresponsive (GUI, SSH, Docker all dead), and required a hard reboot.

Second crash: after rebooting the server, all docker containers started automatically. Within a few minutes, memory usage surged and the host crashed.

Third crash: I stopped several containers immediately and checked Beszel. I was able to see opencloud's RAM usage surged. I applied a Docker memory limit of 10 GB to the container. Immediately after starting it, OpenCloud’s memory usage climbed straight to the 10 GB limit, after which the entire Unraid system instantly crashed again.

In all cases, the crash affected the entire host, not just the container.

Note: I only suspected opencloud was the cause after the second crash and seeing memory usage in Beszel. Unfortunately, I did not capture a screenshot, and my logs for opencloud are not persistent. I am hesitant to start it again and potentially damage my drives just to capture logs

Steps to reproduce

1. Run OpenCloud on an Unraid server using the Docker container.
2. Allow it to fully assimilate ~1.6 TB of files.
3. After assimilation completes, start the container again or perform operations within OpenCloud (e.g., creating folders).
4. Observe memory usage spike rapidly until the host becomes unresponsive and crashes.

Expected behavior

OpenCloud should operate within normal resource usage, and memory consumption should not climb uncontrollably. The container, especially with a memory limit applied, should not be able to crash the entire host.

Actual behavior

• OpenCloud memory usage rises sharply and quickly maxes out available RAM.
• Even when a hard memory limit (10 GB) is applied, OpenCloud immediately consumes the entire limit.
• The host system becomes completely unresponsive:
• Web UI inaccessible
• SSH inaccessible
• Docker daemon dies
• The system requires multiple hard power cycles to recover.
• This behaviour is fully repeatable and happens within minutes of starting the container.

Setup

Platform: Unraid OS (Docker) Hardware: Intel i5 13400, 32GB RAM Container runtime: Docker Compose Data size: ~1.6 TB assimilated

Compose:

services:
  opencloud:
    image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
    # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog
    # release notes: https://docs.opencloud.eu/opencloud_release_notes.html
    container_name: opencloud
    networks:
      opencloud-net:
    entrypoint:
      - /bin/sh
    # run opencloud init to initialize a configuration file with random secrets
    # it will fail on subsequent runs, because the config file already exists
    # therefore we ignore the error and then start the opencloud server
    command: ["-c", "opencloud init || true; opencloud server"]
    deploy:
      resources:
        limits:
          memory: 10000M 
    environment:
      # enable services that are not started automatically
      OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
      OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
      OC_LOG_LEVEL: ${LOG_LEVEL:-info}
      OC_LOG_COLOR: "${LOG_PRETTY:-false}"
      OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
      # do not use SSL between the reverse proxy and OpenCloud
      PROXY_TLS: false
      # INSECURE: needed if OpenCloud / reverse proxy is using self generated certificates
      OC_INSECURE: "${INSECURE:-false}"
      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
      PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
      # demo users
      IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
      # admin password
      IDM_ADMIN_PASSWORD: "${INITIAL_ADMIN_PASSWORD}"
      # email server (if configured)
      NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
      NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
      NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications <[email protected]>}"
      NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
      NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}"
      NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}"
      NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}"
      NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}"
      FRONTEND_ARCHIVER_MAX_SIZE: "10000000000"
      PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
      # enable to allow using the banned passwords list
      OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
      # control the password enforcement and policy for public shares
      OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:-true}"
      OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:-true}"
      OC_PASSWORD_POLICY_DISABLED: "${OC_PASSWORD_POLICY_DISABLED:-false}"
      OC_PASSWORD_POLICY_MIN_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_CHARACTERS:-8}"
      OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:-1}"
      OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:-1}"
      OC_PASSWORD_POLICY_MIN_DIGITS: "${OC_PASSWORD_POLICY_MIN_DIGITS:-1}"
      OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:-1}"
      # OIDC
      OC_OIDC_ISSUER: <my-hostname>
      ## Proxy
      PROXY_OIDC_REWRITE_WELLKNOWN: true
      PROXY_USER_OIDC_CLAIM: preferred_username
      PROXY_USER_CS3_CLAIM: username
      PROXY_AUTOPROVISION_ACCOUNTS: true
      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none
      PROXY_ROLE_ASSIGNMENT_DRIVER: oidc
      GRAPH_ASSIGN_DEFAULT_USER_ROLE: true
      WEB_OIDC_CLIENT_ID: <client-ID>
      WEB_OIDC_METADATA_URL: <my-hostname>
      WEB_OIDC_SCOPE: "openid profile email"
      WEB_OIDC_REDIRECT_URI: <my-hostname>
      WEB_OIDC_SILENT_REDIRECT_URI: <my-hostname>
      # POSIX - for xfs file systems
      STORAGE_USERS_POSIX_WATCH_FS: true
      STORAGE_USERS_ID_CACHE_STORE: "nats-js-kv"
      STORAGE_USERS_POSIX_WATCH_TYPE: "inotifywait"
      STORAGE_USERS_POSIX_USE_SPACE_GROUPS: "true"
      # NATS
      MICRO_REGISTRY: "nats-js-kv"
      MICRO_REGISTRY_ADDRESS: "127.0.0.1:9233"
      NATS_NATS_HOST: "0.0.0.0"
      NATS_NATS_PORT: "9233"


    volumes:
      # configure the .env file to use own paths instead of docker internal volumes
      - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
      - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
      - ${OC_APPS_DIR:-./config/opencloud/apps}:/var/lib/opencloud/web/assets/apps
    logging:
      driver: ${LOG_DRIVER:-local}
    restart: unless-stopped

volumes:
  opencloud-config:
  opencloud-data:

networks:
  opencloud-net:

in .env i configured the following compose files and features

COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:external-proxy/opencloud.yml:external-proxy/collabora.yml:search/tika.yml:docker-compose.override.yml 

START_ADDITIONAL_SERVICES="notifications"

Additional context

This happened with another container in the past - mealie. Since then I've set memory caps on all containers but forgot opencloud, and haven't had this issue.

[micbar]

Can you check which container is using the memory?

I see that you have full text search enabled, which means the content of every file is scanned completely. Apache tika is very memory intensive because it also contains tesseract which does OCR on every file.