Audit log remoteAddr in docker

Environment info
Nextcloud version :
Operating system and version : Ubntu 18.04 LTS
nginx version : 1.19.3 (proxy)
Apache version: Apache/2.4.38 (nextcloud server)
PHP version (eg, 7.1): 7.4.11
Docker version: CE 19.03.6

Nextcloud is hosted in a docker container using the nextcloud:latest image provided on dockerhub. Nextcloud is behind an Nginx container, using the nginx:latest image provided on dockerhub. Both containers are attached to the same overlay network, and communications between the containers has not been an issue. The application is fully functional.

The issue you are facing:

I am attempting to configure audit logging on NextCloud and have successfully enabled the Auditing & Logging app and have directed my audit logs to a file. Audit events are visible and that is all working as expected.
The issue I am seeing is what the audit logs are recording the remoteAddr. When an audit event is recorded, the remoteAddr field is always This is the endpoint address for the overlay network. Is there a way to get the auditing and logging app to record the actual remote IP?

Is this the first time you’ve seen this error? : Y

Steps to replicate it:

  1. Enable audit logging in a docker container environment as above.
  2. Enable Auditing & Logging app.
  3. Generate login event.
  4. Check audit log.

The output of your Nextcloud audit log:

{"reqId":"REDACTED","level":1,"time":"2020-10-21T19:32:08+00:00","remoteAddr":"","user":"admin","app":"admin_audit","method":"POST","url":"/login/challenge/u2f","message":"Successful two factor attempt by user admin (admin) with provider U2F device","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":""}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
  'instanceid' => 'REDACTED',
  'passwordsalt' => 'REDACTED',
  'secret' => 'REDACTED',
  'trusted_domains' =>
  array (
    0 => 'REDACTED',
    1 => 'REDACTED',
  'overwwrite.cli.url' => 'https://REDACTED',
  'overwritehost' => 'REDACTED',
  'overwriteprotocol' => 'https',
  'overwritecondaddr' => '^10\.0\.1\.4$',
  'forwarded_for_headers' =>
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'sqlite3',
  'version' => '',
  'overwrite.cli.url' => 'http://REDACTED:8081',
  'installed' => true,
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => 2,
  'log.condition' => [
    'apps' => ['admin_audit'],
  'maintenance' => false,
  'theme' => '',

Nginx config for the proxy:

server {
    listen 443 ssl;
    server_name REDACTED;

    ssl_certificate           /etc/nginx/ssl/cert.pem;
    ssl_certificate_key       /etc/nginx/ssl/privkey.pem;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    location / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      add_header              Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

      proxy_pass              http://nextcloud_nextcloud;
      proxy_read_timeout      90;
      rewrite                 ^http://  https://;