Nextcloud is ignoring X-Forwarded headers

I’m trying to setup Nextcloud with Nginx on docker and when I set it up, the logs don’t show the correct ip of the client. Nginx is setting X-Forwarded-For to the ip of the client and nginx is on the trusted proxies. I’m doing this on a fresh install.

docker-compose.yml

version: '3'

services:
    nextcloud:
        image: nextcloud:20.0-apache
        environment:
            - APACHE_DISABLE_REWRITE_IP=1
            - TRUSTED_PROXIES=nginx-proxy
        volumes:
            - ./nextcloud/config:/var/www/html/config
            - ./nextcloud/data:/var/www/html/data
#    certbot:
#        image: certbot/dns-linode:latest
#        volumes:
#            - ./letsencrypt:/etc/letsencrypt
    nginx-proxy:
        image: nginx:1.18
        ports:
            - 80:80
            - 443:443
        volumes:
            - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
            - ./nginx/conf.d:/etc/nginx/conf.d:ro
            - ./nginx/includes:/etc/nginx/includes:ro
            - ./letsencrypt/live:/etc/nginx/certificates:ro

nginx.conf

user nginx;
worker_processes auto;
pid /run/nginx.pid;

events {
	worker_connections 1024;
}

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;
	
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;
	
	include /etc/nginx/conf.d/*.conf;
}

nextcloud.conf

server {
	listen      443;
	listen [::]:443;
	server_name cloud.example.com;
	
	include includes/ssl.conf;
	
	location / {
		proxy_pass http://nextcloud;
		
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Forwarded-Host $http_host;
	}
}

server {
	listen      80;
	listen [::]:80;
	server_name cloud.example.com;
	
	return 301 https://cloud.example.com$request_uri;
}

I found a similar post to this one.
https://help.nextcloud.com/t/nc20-isnt-respecting-x-forwarded-for-header-from-reverse-proxy/107287?u=dankcatlord

1 Like

As was noted by someone on my post (that you linked), apparently, you can have NGINX handle this for itself: Module ngx_http_realip_module

Hey, just a thought. If you have a reverse proxy (in this case, the NGINX container), did you set trusted_proxies in Nextcloud’s config.php? Something like this:

'trusted_proxies' => ['10.0.1.0'],

Or, well, whatever the IP of your container is on that network that Docker creates.
Unfortunately since I’m not famialiar with any of the images in your setup, I can’t say for certain the easiest way to grab their IP to know what to put.

1 Like