@kesselb - first of all, thanks a lot for following up, I am quite lost in the settings to be frank.
I set this on caddy and these are the headers which are forwarded to each container (including nextcloud). I removed the non-X ones:
X-Forwarded-For: 192.168.10.72
X-Forwarded-Proto: http
X-Real-Ip: 192.168.10.72
So X-Real-Ip
is there, it is the IP of the client calling nextcloud.
I also set in the docker-compose file for nextcloud TRUSTED_PROXIES='172.18.0.0/16'
(this is the internal docker network, on which all containers are, including the reverse proxy)
I tried to set and unset (again, in the docker-compose file for nextcloud) APACHE_DISABLE_REWRITE_IP=1
.
None of this changed the logging, this is still the IP of the proxy that is displayed.
I then recalled that you wrote (emphasis mine)
Or enable remoteip again and tell caddy to send x-forwarded-for as x-real-ip. But overwritehost and overwriteprotcol are mandatory then.
I am not sure what they mean - the documentation says that these âset the protocol and hostname of the proxyâ. I do not know what âthe hostname of the proxyâ is supposed to be.
My proxy (caddy) has a CNAME nextcloud.example.com
(and many others, one for each service behind the proxy). I tried to set this as overwritehost
(and https
as overwriteprotcol
because the full URI is https://nextcloud.example.com
- but this did not change anything.
All this was done with a clean nextcloud configuration, the only things I changed there are
'trusted_domains' =>
array (
0 => 'nextcloud.example.com',
),
'overwrite.cli.url' => 'https://nextcloud.example.com',
'overwriteprotocol' => 'https',
'overwritehost' => 'nextcloud.example.com',
(the actual domain name is mine of course)
Maybe the overwritehost
refers to the IP the call comes from (the IP of the proxy, as seen within nextcloud network), so I tried
'overwriteprotocol' => 'http',
'overwritehost' => '172.18.0.1',
Same thing: the IP of the proxy is logged