New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy #800
Comments
Not sure if I 100% understand the problem, but yes you probably have to set Btw |
Hi, I also have problems with clients' IP addresses after going through my HAProxy reverse proxy.
So the X-Forwarded-For tag is there and correct.
The first IP should be enough, but doing debugging, I also added the IP address for the Docker gateway (172.17.0.1) and the loopback... I also tried to fix the header manually, without success :
I also tried to modify the remoteip module of Apache, without success. As of now, that Apache module is back to the container's default because I would rather not have to modify / fix it every time I do an upgrade. Running the latest version of the :latest docker container... Any idea what is wrong and why I still have this in my raw log ? (client IP is still marked as the Proxy's internal IP)
Thanks for your help, |
You have to manually modify the
One should work. |
Hi, Thanks for your help. Indeed, I now have the client's IP in my RAW log. Comments in the Apache conf say not to do that and I will now have to re-fix this manually every time I upgrade the container, but it is now doable... Hope the container will be improved for this setting to survive from configs only in the config.php file... In all cases, thanks again |
@DatAres37 Thanks for the answer 👍 😀 Yeah a typo there in |
This 100%...I'm trying to migrate to Docker to simplify my setup and it would be great to be able to use envvars instead of a custom config file. |
@budimanjojo Hey, I'm also using traefik and am getting the same error. I'm not entirely sure how to fix it yet. I added the traefik labels you mentioned but what exactly do I have to change in the |
@chmanie This are what I have in my
If you are using traefik then just do it in traefik, you don't need to edit apache config file. You can restart your nextcloud docker container. |
Thanks @budimanjojo, that helped! |
Just a side note to this well documented solution: |
In my case I am running nextcloud container on kubernetes and I just can not get rid of that message.
The last two makes no sense for me. It complains of /.well-known/caldav and /.well-known/carddav, but if i try to get those address I see they are being correctly redirected to dav: Concerning the "reverse proxy header" ( this issue ), I tried to add the following to my config.php
where 10.233.90.131 and 10.233.96.141 are my nginx ingress ips. But that does not fix it. I am out of ideas. If i replace index.php for a very simple file like the one below, i can see all headers.
We can see that [REMOTE_ADDR] is set to the proxy IP as expected, but HTTP_X_REAL_IP, HTTP_X_FORWARDED_FOR and HTTP_X_CLIENT_IP all point to my real ip. |
@jsalatiel thanks so much for this! I'm using IIS as a reverse proxy, and could not figure out why I was getting a warning on Nextcloud, even after configuring the options recommended on the instructions. Turns out IIS by default will attach the port to the IP on the X-FORWARDED-FOR, and this breaks Nextcloud. Here is how to fix, in case anyone runs into it: By unchecking that box, IIS will only pass the IP, and then everything works. |
For nginx also check if these are needed... set_real_ip_from your.local.net; |
It use traefik V2, for me work this very well: ...
'trusted_proxies' =>
array (
0 => '172.0.0.0/8',
),
'overwritehost' => 'next.example.com',
'overwriteprotocol' => 'https', |
Whenever you So in NextCloud's
Now it's not hardcoded to some internal network IP that I don't have control over. |
Hello did you do it in the config/config.php file? |
The CIDR block for the private class B network is 172.16.0.0/12. With /8 you're including public IPs which is probably not ideal for trusted proxies |
Hello, I got this in the Overview Settings.
Currently I'm running Traefik for my reverse proxy. I tried to add these in the docker-compose.yml:
I also added this into my traefik.toml:
And that error is still around. I think I should go into my nextcloud container and change the
config/config.php
? Maybe make a new ENV variable so I don't have to modify the file inside the container manually? Thanks before.The text was updated successfully, but these errors were encountered: