本身是nextcloud防暴破登录的一个机制, 好像是因为用了Nginx反代导致登录的时候被误判了(?)

解决办法是到数据库里清除防暴的表:oc_bruteforce_attempts

mysql -u root -p
use nextcloud
delete from oc_bruteforce_attempts;

Comments: (on github issue)