Support intro
Sorry to hear you’re facing problems. 
The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
The Basics
- Nextcloud Server version (e.g., 29.x.x):
Nexcloud AIO Hub 25 Autumn (32.0.6)
- Operating system and version (e.g., Ubuntu 24.04):
Debian 13 Trixie
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
AIO
Summary of the issue you are facing:
Nextcloud behind an external reverse proxy does not detect properly user IP.
I set up a Nexcloud AIO on a server with following docker compose configuration :
name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
network_mode: bridge
ports:
- "80:80"
- "8080:8080"
- "8443:8443"
environment:
APACHE_PORT: 11000
APACHE_IP_BINDING: 0.0.0.0
APACHE_TRUSTED_PROXIES: 1.2.3.4
NEXTCLOUD_DATADIR: /data/ncdata
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
I have an external apache reverse proxy with configuration :
<VirtualHost *:443>
ServerName cloud.my.domain
RewriteEngine On
ProxyPreserveHost On
ProxyAddHeaders On
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
AllowEncodedSlashes NoDecode
SecRequestBodyLimitAction ProcessPartial
ProxyPass / http://1.2.3.4:11000/ nocanon
ProxyPassReverse / http://1.2.3.4:11000/
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
RewriteRule .? "ws://1.2.3.4:11000/%1" [P,L,UnsafeAllow3F]
# Enable h2, h2c and http1.1
Protocols h2 h2c http/1.1
# Solves slow upload speeds caused by http2
H2WindowSize 5242880
# TLS
SSLEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.my.domain/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/cloud.my.domain/fullchain.pem
TraceEnable off
<Files ".ht*">
Require all denied
</Files>
# Support big file uploads
LimitRequestBody 0
Timeout 86400
ProxyTimeout 86400
</VirtualHost>
In config.php I have :
‘trusted_domains’ =>
array (
0 => ‘localhost’,
1 => ‘cloud.my.domain’,
2 => ‘apache_rp_ip’,
),
‘trusted_proxies’ =>
array (
0 => ‘127.0.0.1’,
1 => ‘::1’,
2 => ‘172.18.0.0/16’,
3 => ‘apache_rp_ip’,
),
‘forwarded-for-headers’ =>
array (
0 => ‘X-Forwarded-For’,
1 => ‘HTTP_X_FORWARDED_FOR’,
),
Where apache_rp_ip is the IP of my external apache reverse proxy.
I can connect without problem, but the nextcloud logs in NC Logging interface shows that the connexion is comming from 127.0.0.1 and not from my real IP. And the login windows on the client complains about many failed login attempts from this IP.
However my apache reverse proxy transmit correctly the X-Forwarded-For headers (tcpdump -A -s 1024 ‘tcp port 11000’ on my NC hosts shows them correctly).
I thus suspect that the internal apache docker in aio is not forwarding the correct headers ton NC (but actually I am not sure).
I cannot figure out how to correct that ! It’s quite a serious issue because if someone tries many times to connect with bad credentials, ALL connexions will be blocked (because 127.0.0.1 will be banned)!