How to deal with changing Docker IPs and trusted domains?

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
,
1

HI

I am using the Apache Docker compose setup. Things work except that when I upgrade or docker-compose down, the internal IP of the containers change, (naturally?) I also use the host server’s Apache as the reverse proxy. The issue is that the container’s IP change breaks connections and NC refuses connections to the users as far as I can tell because it looks like they are connecting from IPs that are not trusted.

Is there a permanent way to add those container IPs in the trusted domains in this type of reverse proxy setup so that I dont need to manually add all these IP changes to config.php

Thanks.

2

Publish the HTTP port of the Nextcloud app container to a port on the host.

I suggest binding it to 127.0.0.1 since there is no need for it to be externally accessible since your RP resides on the host.

P.S. Don’t confuse trusted_proxies and trusted_domains. The former is what is relevant here.

1 Like
3

Thanks, that is already what I am doing. I also don’t use the trusted proxies

The port 8080 is what I use in Apache for reverse proxy.

   image: nextcloud:25.0.13
    restart: always
    security_opt:
      - label=disabled
    ports:
      - 8080:80
    links:
      - db
    volumes:

Here you can see that in the log the IP (192.168.192.1) of the Docker is recorded, not the IP of the local network client.

{"reqId":"L5R8UeMq2BSUgRs3L50r","level":0,"time":"2025-02-08T17:33:50+00:00","remoteAddr":"192.168.192.1","user":"USER","app":"webdav","method"
4

You should be. Your reverse proxy’s IP address should be listed in it. That’s how you tell Nextcloud to get the correct client IP address. Otherwise the reverse proxy’s IP address is what will be logged and considered the client IP address.

1 Like
5

Thanks man, one thing I am confused about the trusted proxy is that am I supposed to use the internal or the external IP?

6

I cant still solve this issue :frowning: The user denied access. 172.24.0.1 is the Docker IP.

IP address throttled because it reached the attempts limit in the last 30 minutes

{"reqId":"SjFVsC2nYeUtr6UAeHMy","level":1,"time":"2025-02-08T22:59:05+00:00","remoteAddr":"172.24.0.1","user":"--","app":"no app in context","method":"POST","url":"/nc/index.php","message":"IP address throttled because it reached the attempts limit in the last 30 minutes [action: login, delay: 200, ip: 172.24.0.1]","userAgent":"Mozilla/5.0 (iPhone; CPU iPhone OS 18_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/135.0  Mobile/15E148 Safari/605.1.15","version":"27.1.11.3","data":[]}

192.168.100.1 is the internal IP of the Host/Reverse proxy

  'trusted_proxies' =>
  array (
    1 => '192.168.100.1',
                                                                                                                                                                                       
  ),