I am running natively without docker in a LxC container within Proxmox.
Here is the Output of occ config:list system --private
:
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"instanceid": "*censored*",
"passwordsalt": "*censored*",
"secret": "*censored*",
"trusted_domains": [
"cloud.*censored*",
"192.168.178.115",
"localhost"
],
"datadirectory": "\/home\/data",
"dbtype": "pgsql",
"version": "23.0.5.1",
"overwritehost": "cloud.*censored*",
"overwriteprotocol": "https",
"overwrite.cli.url": "http:\/\/*censored*",
"dbname": "nextcloud",
"dbhost": "localhost:5432",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "oc_root",
"dbpassword": "*censored*",
"installed": true,
"maintenance": false,
"loglevel": 2,
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_from_address": "cloud",
"mail_domain": "*censored*",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "*censored*",
"mail_smtpport": "465",
"mail_smtpname": "*censored*",
"mail_smtppassword": "*censored*",
"mail_smtpstreamoptions": {
"ssl": {
"allow_self_signed": true,
"verify_peer": false,
"verify_peer_name": false
}
},
"default_phone_region": "DE",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"redis": {
"host": "\/run\/redis\/redis-server.sock",
"port": 0,
"dbindex": 0,
"password": "secret",
"timeout": 1.5
},
"memcache.locking": "\\OC\\Memcache\\Redis",
"preview_max_memory": 1280
}
}
So, no trusted proxies… but why?
As for my proxy, i use NginxProxyManager with the following advanced flags:
proxy_hide_header Upgrade;
rewrite ^/\.well-known/carddav https://$server_name/remote.php/dav/ redirect;
rewrite ^/\.well-known/caldav https://$server_name/remote.php/dav/ redirect;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
I tried to log with the Apache Log Forensic mod, an example output is
GET /settings/ajax/checksetup HTTP/1.1|Host:cloud.*censored*|X-Forwarded-Scheme:https|X-Forwarded-Proto:https|X-Forwarded-For:*censored, but my public ip, not 192.168.178.131*|X-Real-IP:*censored*|sec-ch-ua:" Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102"|requesttoken:*censored*=|sec-ch-ua-mobile:?0|user-agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36|ocs-apirequest:true|accept:*/*|x-requested-with:XMLHttpRequest|sec-ch-ua-platform:"Linux"|sec-fetch-site:same-origin|sec-fetch-mode:cors|sec-fetch-dest:empty|accept-encoding:gzip, deflate, br|accept-language:de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7|cookie:__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_username=root; oc_sessionPassphrase=*censored*;nc_token=*censored*; nc_session_id=*censored*