The Issue: Calls are rock-solid for 1–3 participants. As soon as a 4th person joins, video streams fail to connect or the call drops for the new participant. 1-to-1 calls work perfectly.
Environment:
-
Nextcloud Version: Nextcloud Hub 32
-
Install Type: Docker AIO (
ghcr.io/nextcloud-releases/aio-talk:latest) -
Reverse Proxy: Caddy (Running in a Docker container, network
172.18.0.0/16) -
HPB Network:
network_mode: "host" -
VPS Firewall: UDP 20000–40000 and 49152–65535 are open in the provider’s dashboard.
This is a snippet of my docker.yml
nextcloud-talk-hpb:
image: ghcr.io/nextcloud-releases/aio-talk:latest
network_mode: “host”
environment:
- PUBLIC_IP=xxx.xxx.xxx.xxx
- TALK_PORT=3478
- TRUSTED_PROXIES=‘127.0.0.1,172.16.0.0/12’
- TALK_TRUSTED_PROXIES=‘127.0.0.1,172.16.0.0/12’
# (Secrets are verified and matching Nextcloud Talk settings)
Relevant Logs: The HPB container logs show:
hub.go:283: No trusted proxies configured, only allowing for [127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16]
Even with TRUSTED_PROXIES set in the environment, the binary doesn’t seem to acknowledge the proxy. I suspect the 4+ person drop is due to the HPB’s brute-force protection triggering because it sees all participants coming from the Caddy internal IP (172.18.0.x).
Troubleshooting Done:
-
Verified UDP port ranges are open on both UFW and VPS hardware firewall.
-
Confirmed
host.docker.internalis mapped correctly in Caddy viaextra_hosts. -
Updated
config.phpwithtrusted_proxiesarray including the Docker bridge range.