I have a Nextcloud 24.0.5 installation up and running, the server is behind a Cloudflare reverse proxy. I was wondering if there’s any way to log what IPs connect to my server so I can track who accessed a shared file and how many times they accessed it.
If you setup your reverse proxy to add right http headers containing original IP and configure your NC to trust this reverse proxy you can expect to see right IP addresses in NC logs and apps e.g. login notifications…
good starting point is official reverse proxy doc:
I uses the analytics app to see a list of connecting IP’s on my dashboard. Each day I runs a cron which exports connecting IP’s to a csv file and saves it directly in a folder in my admin users library of nextcloud. Then I have setup the analytics to import this file and I can now click it on my dashboard, and see all IP’s which had connected since yesterday. However your use case is much more specific. To know which IP has accessed specifc files, you would need to filter on connections to excact document/file url. This can be very difficult, unless using the app for making specific share links.
Personally, I would not be interested in this. What is it to you which IP was used? What do you care how many times a file was downloaded? Nextcloud offers standard mechanisms for securing Nextcloud. Maybe you’d better use those.
data privacy? GDPR?
The same user? as if users download files multiple times → no problem Wrong user? public shares are a risk, also applies to public shares with password
→ maybe you can better define users e.g. with app Guests in your Nextcloud
Maybe you can describe your real goal instead of looking for solutions.
I was able to get Splunk to work with nextcloud logs
unfortunately, since my server is behind a reverse proxy (cloudflare tunnels) logs only say that all connections are from itself so I can’t see what the external IP address is.
not sure if logging from apache would help but It should be possible to log external IP from behind a reverse proxy. As when I used Dilerun it was able to log IPs that accessed it even though it was also behind a reverse proxy.