I have installed nextcloud using snapd on an ubuntu machine.
The ubuntu machine has got more domains than just nextcloud hence the necessity of a reverse proxy fronting the nextcloud snap installation.
I’ve used the guide from Putting the snap behind a reverse proxy · nextcloud-snap/nextcloud-snap Wiki · GitHub to configure the reverse proxy.
Now nginx access logs does show that the nextcloud is accessed by remote hosts. But nextcloud logs show the reverse proxy’s IP in the access logs.
Same is the case for the BruteForce protection table.
example
mysql> SELECT * FROM nextcloud.oc_bruteforce_attempts;
+----+--------+------------+-----------+--------------+-------------------+
| id | action | occurred | ip | subnet | metadata |
+----+--------+------------+-----------+--------------+-------------------+
| 1 | login | 1714663490 | 127.0.0.1 | 127.0.0.1/32 | {"user":"xyz"} |
| 2 | login | 1714663490 | 127.0.0.1 | 127.0.0.1/32 | {"user":"xyz"} |
+----+--------+------------+-----------+--------------+-------------------+
2 rows in set (0.00 sec)
This is triggering the bruteForce protection un-necessarily.
Can BruteForce protection be configured to make use of the x-forwarded header for blocking these?
Can someone help point me to the correct document as to how I can go about this?
I’m assuming that this would be possible on the nginx access log front with fail2ban config. But the nginx access logs do not show any access denied log if I try with a wrong password. I was trying to get the regex for fail2ban with nginx access logs.
Can someone help please?