Primary S3 Storage Backend + Encryption problem with file size, mimetype and first download failed

[ghost]

Steps to reproduce

1. Install NextCloud 11.0.2
2. Config S3 Storage (minio.io) as Primary
3. Enable Encryption apps
4. Enable Server side encryption & Encrypt home storage
5. Upload file
6. Download file

Expected behaviour

• File uploaded show correct size
• Download success at first download
• Mimetype icon show correct

Actual behaviour

• File size show incorrect (encrypted file size, increase 30%).
• First download failed.
• Mimetype icon show incorrect
• Second download success and file size show correct

Image

File prepare upload

File uploaded show incorrect

Download failed at first

Download again success and file size correct

Server configuration

Operating system: Debian 8.7

Web server: Apache 2.4.10

Database: MariaDB 10.1.21

PHP version: 7.0.15

Nextcloud version: 11.0.2

Updated from an older Nextcloud/ownCloud or fresh install: fresh install

Where did you install Nextcloud from: git

List of activated apps:

App list

• • activity: 2.4.1
• • admin_audit: 1.1.0
• • apporder: 0.3.3
• • comments: 1.1.0
• • dav: 1.1.1
• • direct_menu: 0.10.0
• • encryption: 1.4.1
• • federatedfilesharing: 1.1.1
• • files: 1.6.1
• • files_accesscontrol: 1.1.2
• • files_automatedtagging: 1.1.1
• • files_downloadactivity: 1.0.0
• • files_pdfviewer: 1.0.1
• • files_sharing: 1.1.1
• • files_texteditor: 2.2
• • files_trashbin: 1.1.0
• • files_versions: 1.4.0
• • files_videoplayer: 1.0.0
• • logreader: 2.0.0
• • lookup_server_connector: 1.0.0
• • nextcloud_announcements: 1.0
• • notifications: 1.0.1
• • password_policy: 1.1.0
• • provisioning_api: 1.1.0
• • richdocuments: 1.1.26
• • serverinfo: 1.1.1
• • systemtags: 1.1.3
• • theming: 1.1.1
• • twofactor_backupcodes: 1.0.0
• • twofactor_totp: 1.1.0
• • updatenotification: 1.1.1
• • workflowengine: 1.1.1

The content of config/config.php:

Config report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "127.0.0.1",
            "192.168.6.125"
        ],
        "datadirectory": "\/var\/www\/html\/data",
        "overwrite.cli.url": "http:\/\/192.168.6.125:8080",
        "dbtype": "mysql",
        "version": "11.0.2.7",
        "dbname": "vcloud",
        "dbhost": "vcloud-db-debug",
        "dbport": "",
        "dbtableprefix": "vc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "Asia\/Ho_Chi_Minh",
        "installed": true,
        "instanceid": "ocfg8jg8njrx",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "redis": {
            "host": "vcloud-redis-debug",
            "port": 6379
        },
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": true
            },
            {
                "path": "\/var\/www\/html\/vapps",
                "url": "\/vapps",
                "writable": true
            }
        ],
        "default_language": "en",
        "knowledgebaseenabled": false,
        "updatechecker": false,
        "check_for_working_htaccess": true,
        "has_internet_connection": false,
        "htaccess.RewriteBase": "\/",
        "maintenance": false,
        "enable_previews": false,
        "auth.bruteforce.protection.enabled": false,
        "debug": true,
        "objectstore_multibucket": {
            "class": "OC\\Files\\ObjectStore\\S3",
            "arguments": {
                "num_buckets": 64,
                "bucket": "vcloud",
                "autocreate": true,
                "key": "tKuY22HsGsKt67ibNVlS",
                "secret": "dWvhhFhFJeDxnonyUGqFcHal62z5LS8mCPvHsLds",
                "hostname": "vcloud-storage-debug",
                "port": 9000,
                "use_ssl": false,
                "region": "us-east-1",
                "use_path_style": true
            }
        }
    }
}

Are you using external storage, if yes which one: no

Are you using encryption: yes

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Firefox 51.0.1 64 bit

Operating system:

Logs

Web server error log

Web server error log

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.7. Set the 'ServerName' directive globally to suppress this message
[Tue Mar 07 08:05:14.442940 2017] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.10 (Debian) PHP/7.0.15 OpenSSL/1.0.1t configured -- resuming normal operations
[Tue Mar 07 08:05:14.442965 2017] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
[Tue Mar 07 08:05:34.062852 2017] [authz_core:error] [pid 111] [client 172.19.0.8:59362] AH01630: client denied by server configuration: /var/www/html/data/.ocdata
[Tue Mar 07 08:05:39.149912 2017] [authz_core:error] [pid 114] [client 172.19.0.8:59342] AH01630: client denied by server configuration: /var/www/html/data/.ocdata
[Tue Mar 07 08:20:14.578981 2017] [authz_core:error] [pid 111] [client 172.19.0.8:38054] AH01630: client denied by server configuration: /var/www/html/data/.ocdata

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"mhbdEHJk6OoMLdVlOyEI","remoteAddr":"172.19.0.8","app":"no app in context","message":"Couldn't re-calculate unencrypted size for files\/composer.phar","level":3,"time":"2017-03-07T15:06:21+07:00","method":"GET","url":"\/remote.php\/webdav\/composer.phar","user":"admin","version":"11.0.2.7"}
{"reqId":"mhbdEHJk6OoMLdVlOyEI","remoteAddr":"172.19.0.8","app":"no app in context","message":"Exception: {\"Exception\":\"OC\\\\HintException\",\"Message\":\"Bad Signature\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Crypt.php(464): OCA\\\\Encryption\\\\Crypto\\\\Crypt->checkSignature('TL1PVYmr3FTOzfi...', 'A_oB\\\\xD9\\\\xFD$\\\\xBE\\\\x08@\\\\xB3\\\\x17\\\\xBC<\\\\x02...', 'afc83728054922c...')\\n#1 \\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Encryption.php(372): OCA\\\\Encryption\\\\Crypto\\\\Crypt->symmetricDecryptFileContent('TL1PVYmr3FTOzfi...', 'A_oB\\\\xD9\\\\xFD$\\\\xBE\\\\x08@\\\\xB3\\\\x17\\\\xBC<\\\\x02...', 'AES-256-CTR', 1, '222end')\\n#2 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(574): OCA\\\\Encryption\\\\Crypto\\\\Encryption->decrypt(*** sensitive parameters replaced ***)\\n#3 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(493): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->fixUnencryptedSize('files\\\/composer....', 1818814, 1827006)\\n#4 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(162): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->verifyUnencryptedSize('files\\\/composer....', 1827006)\\n#5 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(401): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->filesize('files\\\/composer....')\\n#6 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(294): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->fopen('files\\\/composer....', 'rb')\\n#7 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(294): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->fopen('files\\\/composer....', 'rb')\\n#8 \\\/var\\\/www\\\/html\\\/apps\\\/files_accesscontrol\\\/lib\\\/StorageWrapper.php(308): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->fopen('files\\\/composer....', 'rb')\\n#9 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/View.php(1122): OCA\\\\FilesAccessControl\\\\StorageWrapper->fopen('files\\\/composer....', 'rb')\\n#10 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/View.php(967): OC\\\\Files\\\\View->basicOperation('fopen', '\\\/composer.phar', Array, 'rb')\\n#11 \\\/var\\\/www\\\/html\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/File.php(305): OC\\\\Files\\\\View->fopen('composer.phar', 'rb')\\n#12 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(85): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\File->get()\\n#13 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpGet(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#14 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#15 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(479): Sabre\\\\Event\\\\EventEmitter->emit('method:GET', Array)\\n#16 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#17 \\\/var\\\/www\\\/html\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(60): Sabre\\\\DAV\\\\Server->exec()\\n#18 \\\/var\\\/www\\\/html\\\/remote.php(165): require_once('\\\/var\\\/www\\\/html\\\/a...')\\n#19 {main}\",\"File\":\"\\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Crypt.php\",\"Line\":484}","level":3,"time":"2017-03-07T15:06:21+07:00","method":"GET","url":"\/remote.php\/webdav\/composer.phar","user":"admin","version":"11.0.2.7"}
{"reqId":"Zg0kmEebc1j28+EVa25d","remoteAddr":"172.19.0.8","app":"no app in context","message":"Couldn't re-calculate unencrypted size for files_trashbin\/files\/composer.phar.d1488873993","level":3,"time":"2017-03-07T15:06:41+07:00","method":"POST","url":"\/index.php\/apps\/files_trashbin\/ajax\/delete.php","user":"admin","version":"11.0.2.7"}
{"reqId":"Zg0kmEebc1j28+EVa25d","remoteAddr":"172.19.0.8","app":"no app in context","message":"Exception: {\"Exception\":\"OC\\\\HintException\",\"Message\":\"Bad Signature\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Crypt.php(464): OCA\\\\Encryption\\\\Crypto\\\\Crypt->checkSignature('TL1PVYmr3FTOzfi...', 'A_oB\\\\xD9\\\\xFD$\\\\xBE\\\\x08@\\\\xB3\\\\x17\\\\xBC<\\\\x02...', 'afc83728054922c...')\\n#1 \\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Encryption.php(372): OCA\\\\Encryption\\\\Crypto\\\\Crypt->symmetricDecryptFileContent('TL1PVYmr3FTOzfi...', 'A_oB\\\\xD9\\\\xFD$\\\\xBE\\\\x08@\\\\xB3\\\\x17\\\\xBC<\\\\x02...', 'AES-256-CTR', 1, '222end')\\n#2 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(574): OCA\\\\Encryption\\\\Crypto\\\\Encryption->decrypt(*** sensitive parameters replaced ***)\\n#3 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(493): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->fixUnencryptedSize('files_trashbin\\\/...', 1818814, 1827006)\\n#4 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(162): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->verifyUnencryptedSize('files_trashbin\\\/...', 1827006)\\n#5 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(149): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->filesize('files_trashbin\\\/...')\\n#6 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(149): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->filesize('files_trashbin\\\/...')\\n#7 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(149): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->filesize('files_trashbin\\\/...')\\n#8 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/View.php(1124): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->filesize('files_trashbin\\\/...')\\n#9 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/View.php(418): OC\\\\Files\\\\View->basicOperation('filesize', '\\\/files_trashbin...')\\n#10 \\\/var\\\/www\\\/html\\\/apps\\\/files_trashbin\\\/lib\\\/Trashbin.php(551): OC\\\\Files\\\\View->filesize('\\\/files_trashbin...')\\n#11 \\\/var\\\/www\\\/html\\\/apps\\\/files_trashbin\\\/ajax\\\/delete.php(66): OCA\\\\Files_Trashbin\\\\Trashbin::delete('composer.phar', 'admin', '1488873993')\\n#12 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Route\\\/Route.php(155) : runtime-created function(1): require_once('\\\/var\\\/www\\\/html\\\/a...')\\n#13 [internal function]: __lambda_func()\\n#14 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Route\\\/Router.php(299): call_user_func('\\\\x00lambda_129', Array)\\n#15 \\\/var\\\/www\\\/html\\\/lib\\\/base.php(1010): OC\\\\Route\\\\Router->match('\\\/apps\\\/files_tra...')\\n#16 \\\/var\\\/www\\\/html\\\/index.php(40): OC::handleRequest()\\n#17 {main}\",\"File\":\"\\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Crypt.php\",\"Line\":484}","level":3,"time":"2017-03-07T15:06:41+07:00","method":"POST","url":"\/index.php\/apps\/files_trashbin\/ajax\/delete.php","user":"admin","version":"11.0.2.7"}
{"reqId":"34Bhidbw3dOsQtoblQeJ","remoteAddr":"172.19.0.8","app":"no app in context","message":"Couldn't re-calculate unencrypted size for files\/Microsoft.VisualStudio.Services.vsix","level":3,"time":"2017-03-07T15:23:19+07:00","method":"GET","url":"\/remote.php\/webdav\/Microsoft.VisualStudio.Services.vsix","user":"admin","version":"11.0.2.7"}
{"reqId":"34Bhidbw3dOsQtoblQeJ","remoteAddr":"172.19.0.8","app":"no app in context","message":"Exception: {\"Exception\":\"OC\\\\HintException\",\"Message\":\"Bad Signature\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Crypt.php(464): OCA\\\\Encryption\\\\Crypto\\\\Crypt->checkSignature('xgjoesL\\\/sUoESZO...', 'J\\\\xB9E\\\\xCAl\\\\x9A\\\\xC8+r\\\\xDA\\\\xFFw\\\\xBE'\\\\xCF...', '89c67e5e90bef35...')\\n#1 \\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Encryption.php(372): OCA\\\\Encryption\\\\Crypto\\\\Crypt->symmetricDecryptFileContent('xgjoesL\\\/sUoESZO...', 'J\\\\xB9E\\\\xCAl\\\\x9A\\\\xC8+r\\\\xDA\\\\xFFw\\\\xBE'\\\\xCF...', 'AES-256-CTR', 1, '241end')\\n#2 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(574): OCA\\\\Encryption\\\\Crypto\\\\Encryption->decrypt(*** sensitive parameters replaced ***)\\n#3 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(493): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->fixUnencryptedSize('files\\\/Microsoft...', 1982359, 1990551)\\n#4 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(162): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->verifyUnencryptedSize('files\\\/Microsoft...', 1990551)\\n#5 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Encryption.php(401): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->filesize('files\\\/Microsoft...')\\n#6 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(294): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Encryption->fopen('files\\\/Microsoft...', 'rb')\\n#7 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(294): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->fopen('files\\\/Microsoft...', 'rb')\\n#8 \\\/var\\\/www\\\/html\\\/apps\\\/files_accesscontrol\\\/lib\\\/StorageWrapper.php(308): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->fopen('files\\\/Microsoft...', 'rb')\\n#9 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/View.php(1122): OCA\\\\FilesAccessControl\\\\StorageWrapper->fopen('files\\\/Microsoft...', 'rb')\\n#10 \\\/var\\\/www\\\/html\\\/lib\\\/private\\\/Files\\\/View.php(967): OC\\\\Files\\\\View->basicOperation('fopen', '\\\/Microsoft.Visu...', Array, 'rb')\\n#11 \\\/var\\\/www\\\/html\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/File.php(305): OC\\\\Files\\\\View->fopen('Microsoft.Visua...', 'rb')\\n#12 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(85): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\File->get()\\n#13 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpGet(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#14 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#15 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(479): Sabre\\\\Event\\\\EventEmitter->emit('method:GET', Array)\\n#16 \\\/var\\\/www\\\/html\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#17 \\\/var\\\/www\\\/html\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(60): Sabre\\\\DAV\\\\Server->exec()\\n#18 \\\/var\\\/www\\\/html\\\/remote.php(165): require_once('\\\/var\\\/www\\\/html\\\/a...')\\n#19 {main}\",\"File\":\"\\\/var\\\/www\\\/html\\\/apps\\\/encryption\\\/lib\\\/Crypto\\\/Crypt.php\",\"Line\":484}","level":3,"time":"2017-03-07T15:23:19+07:00","method":"GET","url":"\/remote.php\/webdav\/Microsoft.VisualStudio.Services.vsix","user":"admin","version":"11.0.2.7"}

[an-ca]

Facing same issue in 11.0.2.

I think this is related to #3294.

[SpiraMirabilis]

Does this use KMS or HSM for the encryption? Or does Nextcloud handle the encryption itself and just shove ciphertext into S3?

[icewind1991]

We "shove" the encrypyted content to S3

@hungnvz can you reproduce the same problem when not using external storage?

[SpiraMirabilis]

Do you have to bring the object back to the nextcloud server then to decrypt into cleartext in order to serve it to the user? If so, doesn't that kind of make the whole point of using AWS a little silly?

Well, no... I guess you could store a copy of your key used to encrypt it in AWS, which is in turn encrypted by a second key that you can use in a Lambda function to decrypt it on demand, I guess.

[ghost]

@SpiraMirabilis I used S3 with no KMS or HSM module
@icewind1991 I used S3 as primary storage. Not external storage

[tompinzler]

I'm using Openstack Swift as primary storage on a fresh install of Nexcloud 12.0.0 and I'm experiencing the following problems as well:

• First download failed.

• Mimetype icon show incorrect

• Second download success

[tompinzler]

I have to correct myself. I have the problems listed above with Nextcloud version 11.0.3. With Nextcloud version 12.0.0 I don't get Swift storage working at all as discussed here:

#5516

[gaudenz]

The issue still exists with Nextcloud 12.0.3, but it's a bit different. I still have no preview and the wrong icon and file size listed after upload. But the first download does not fail and downloads the correct file content. After this the file size is shown correctly, but still the wrong icon and no preview.

[CarlSchwan]

This was improved recently