Why does changing Nextcloud snap's http port to 81 add many php-fpm processes?

Question

I recently installed Nextcloud as a snap on a Debian 10 VPS. I want this instance to be served with Apache via a reverse proxy at nextcloud.mysite.com.

I have a website being served on ports 80 and 443, so I followed instructions to change my Nextcloud snap's http port to 81 with sudo snap set nextcloud ports.http=81.

This allows me to access Nextcloud as expected at nextcloud.mysite.com. However, htop shows me that multiple php-fpm processes are running, causing my CPU usage to remain constant at around 100%. Where do these extra processes come from and why does changing the port cause this to happen? I've verified that this only happens when the snap listens on 81 instead of 80.

I'm not sure whether the problem is in my Apache site config, the snap instance or something else entirely.

System/package info

$ uname -a
Linux mysite.com 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux

$ snap version
snap    2.49.2
snapd   2.49.2
series  16
debian  10
kernel  4.19.0-16-amd64

$ sudo apache2 -v
Server version: Apache/2.4.38 (Debian)
Server built:   2020-08-25T20:08:29

Apache site config

ServerName mysite.com
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<VirtualHost *:80>
    ServerName mysite.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/mysite
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =mysite.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options: DENY
    Header always set X-Content-Type-Options: nosniff
    Header always set Content-Security-Policy "[...]"
<Directory /var/www/mysite>
    Options -Indexes
</Directory>
</VirtualHost>

<VirtualHost *:443>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /var/www/mysite
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options: DENY
    Header always set X-Content-Type-Options: nosniff
    Header always set Content-Security-Policy "[...]"
<Directory /var/www/mysite>
    Options -Indexes
</Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName nextcloud.mysite.com
    Redirect Permanent / https://nextcloud.mysite.com
</VirtualHost>

<VirtualHost *:443>
    ServerName nextcloud.mysite.com
    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
<Proxy *>
    Require all granted
</Proxy>
    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 127.0.0.1
    ProxyPass / http://127.0.0.1:81/
    ProxyPassReverse / http://127.0.0.1:81/
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
    RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
    RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
    RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
    RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]    
</IfModule>
</VirtualHost>

SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem

htop

Answer 1

My local rclone was attempting to sync a lot of new files to my Nextcloud instance. These files were only being transferred while the instance was reachable at port 81, hence the CPU spike falling again once the listening port was changed to 80 (and no connections could be made).