Ip client reverse proxy

Bonjour,

J’ai un soucis : les logs nextcloud enregistre l’ip du proxt (traefik) et non l’ip client. Pourtant forwarded_for_headers est bien présent …

Voyez vous ce qu’il cloche ?

Merci d’avance,

Dimo

  {
      "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
      "forwarded_for_headers": [
          "HTTP_X_FORWARDED_FOR"
      ],
      "overwritehost": "cloud.domaine.fr",
      "overwriteprotocol": "https",
      "overwritewebroot": "\/",
      "htaccess.RewriteBase": "\/",
      "memcache.local": "\\OC\\Memcache\\APCu",
      "apps_paths": [
          {
              "path": "\/var\/www\/html\/apps",
              "url": "\/apps",
              "writable": false
          },
          {
              "path": "\/var\/www\/html\/custom_apps",
              "url": "\/custom_apps",
              "writable": true
          }
      ],
      "instanceid": "***REMOVED SENSITIVE VALUE***",
      "passwordsalt": "***REMOVED SENSITIVE VALUE***",
      "secret": "***REMOVED SENSITIVE VALUE***",
      "trusted_domains": [
          "cloud.domaine.fr"
      ],
      "datadirectory": "***REMOVED SENSITIVE VALUE***",
      "dbtype": "mysql",
      "version": "18.0.3.0",
      "overwrite.cli.url": "http:\/\/cloud.domaine.fr",
      "dbname": "***REMOVED SENSITIVE VALUE***",
      "dbhost": "***REMOVED SENSITIVE VALUE***",
      "dbport": "",
      "dbtableprefix": "oc_",
      "mysql.utf8mb4": true,
      "dbuser": "***REMOVED SENSITIVE VALUE***",
      "dbpassword": "***REMOVED SENSITIVE VALUE***",
      "installed": true
  }
  ```

did you configure trafik correct?

Je pense … Voici ma config :

    app:
    image: nextcloud
    container_name: nextcloud
    environment:
      NEXTCLOUD_ADMIN_USER: ${USER}
      NEXTCLOUD_ADMIN_PASSWORD: ${USERPASSWD}
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.cloud-redirect-web-secure.redirectscheme.scheme=https
      - traefik.http.middlewares.cloud-redirect-web-secure2.redirectregex.permanent=true
      - traefik.http.middlewares.cloud-redirect-web-secure2.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav
      - traefik.http.middlewares.cloud-redirect-web-secure2.redirectregex.replacement=https://$$1/remote.php/dav/
      - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.0.23"
      - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
      - "traefik.http.middlewares.cloudHeader.headers.stsSeconds=63072000"
      - "traefik.http.middlewares.cloudHeader.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.cloudHeader.headers.stsPreload=true"
      - traefik.http.routers.cloud-web.middlewares=cloud-redirect-web-secure
      - traefik.http.routers.cloud-web.rule=Host(`cloud.${DOMAINNAME}`)
      - traefik.http.routers.cloud-web.entrypoints=web
      - traefik.http.routers.cloud-web-secure.rule=Host(`cloud.${DOMAINNAME}`)
      - traefik.http.routers.cloud-web-secure.tls.certresolver=myresolver
      - traefik.http.routers.cloud-web-secure.tls=true
      - traefik.http.routers.cloud-web-secure.entrypoints=web-secure

    networks:
      - frontend
      - backend
    volumes:
      - ./nextcloud:/var/www/html
      - ./dd:/dd:rw
    restart: always
       traefik:
    restart: always
    image: traefik
    container_name: traefik
    hostname: traefik
    command:
      - "--log.level=info"
      - --api.insecure=true
      - --providers.docker
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web-secure.address=:443"
      - "--metrics.prometheus=true"
      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
      - "--providers.docker.watch"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=mail@hotmail.fr"
      - "--certificatesresolvers.myresolver.acme.storage=/certs/acme.json"
      - --entryPoints.web-secure.forwardedHeaders.trustedIPs=127.0.18.0/22,192.168.0.23
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik/certs:/certs
    networks:
      - backend
      - frontend
    labels:
      - traefik.http.middlewares.traefik-redirect-web-secure.redirectscheme.scheme=https

J’ai créé un post chez containous :

Mais dans les logs Nextcloud j’ai bien :

Login failed: ‘admin’ (Remote IP: ‘public address’)