Support intro
Sorry to hear you’re facing problems
help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.
In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:
example
Or for longer, use three backticks above and below the code snippet:
longer
example
here
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can
Nextcloud version (eg, 24.0.3): 24.0.3
Operating system and version (eg, Ubuntu 20.04): Ubuntu Server 20.04
Apache or nginx version (eg, Apache 2.4.25): nginx 1.19
PHP version (eg, 7.4): 7.4
The issue you are facing:
I have the following scenario:
Nextcloud installation on one server in a dedicated subdomain cloud.mydomain.tld
Docker container Nginx Reverse Proxy “proxy” in a dedicated docker network “frontend” IP = IP_PROXY
Handover to Nginx docker container “cloud_web” in a dedicated docker network “backend”, IP_CLOUD-WEB
Docker container “cloud_app” in the same docker network "backend, IP_CLOUD_APP
This setup is working fine.
Now I would like to setup fail2ban.
I believe when I enter a wrong password in Nextcloud login then the REMOTE_IP will be shown in “nextcloud.log”, but I get always only the IP_PROXY and not the REMOTE_IP in the log statements.
From my understanding this is the prerequisite to go ahead with fail2bain installation.
In proxy Nginx access.log I can identifiy the correct REMOTE_IP:
REMOTE_IP - - [05/Aug/2022:15:33:07 +0000] "GET /js/dist/doclinks.js?v=5.2.0 HTTP/1.1" 200 3739 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0" "-"
In cloud_web Nginx access.log I can identifiy also the correct REMOTE_IP:
IP_PROXY - - [05/Aug/2022:16:23:48 +0000] "GET /svg/core/logo/logo?color=ffffff&v=1 HTTP/1.0" 200 818 "https://cloud.mydomain.tld/apps/theming/styles?v=0" "Mozilla/5.0 (X
11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0" "REMOTE_IP"
In Firefox Dev Debugger (SHIFT-CTRL-I) I can identify also on Nextcloud login page the header entry “X-Forwarded_For” with the correct REMOTE_IP:
...
GET https://cloud.mydomain.tld/login?clear=1
[HTTP/1.1 200 OK 138ms]
...
X-Forwarded_For: REMOTE_IP
…
I already tried all constellation of IPs for trusted_domains etc. But REMOTE_IP is not shown in Nextcloud.log!
What’s is wrong here? Thanks for a helping hand.
kkarsten62
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Login
- Review Nextcloud.log
The output of your Nextcloud log in Admin > Logging:
...
{"reqId":"9yS58epEKNhFLpFD67Se","level":2,"time":"2022-08-06T23:03:23+02:00","remoteAddr":"IP_PROXY","user":"--","app":"no app in context","method":"POST","url":"/index.php",
"message":"Login failed: username (Remote IP: IP_PROXY)","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0","version":"24.0.3.2","data":[]}
...
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
'trusted_domains' =>
array (
0 => 'IP_CLOUD-WEB',
1 => 'IP_PROXY',
),
'overwritehost' => 'cloud.mydomain.tld',
'overwritewebroot' => '/',
'overwriteprotocol' => 'https',
'logtimezone' => 'Europe/Berlin',
'forwarded_for_headers' => array(0 => 'HTTP_X_FORWARDED_FOR',),
The output of your Apache/nginx/system log in /var/log/____
:
Nginx proxy conf
...
client_max_body_size 200M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://cloud_web.frontend:port;
proxy_read_timeout 90;
proxy_buffering off;
proxy_request_buffering off;
...
Nginx cloud_web conf
...
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
...