Nextcloud.log shows remoteAddr of nginx, not client

I am using Nextcloud 11 on Ubuntu 16.04. My setup is the default image at

With this setup, nginx runs in a container for managing all the nextcloud-specific settings. Outside of the container, I have nginx as a load balancer/proxy.

In order to set up fail2ban, I have to pass it client’s IP addresses from nextcloud.log. The problem is, the IP is always the same:

“remoteAddr”:“”,“app”:“core”,“message”:“Login failed: ‘username’ (Remote IP: ‘’)”,

This is the IP address of my nginx container, I believe. How do I tell it to use the actual client’s IP instead? (I have already added X-Forwarded-For proxy headers).

Previously, I had an old Owncloud setup with Apache where this worked. the log message would include “X-Forwarded-For: ‘’”. Is it possible to get that behavior with Nextcloud/nginx? If so, how?

Answering my own question:

i have the same problem. a tcpdump show that the X-Forwarded-For is actually working. the problem is that the ip of the original client does not get placed in the remoteAddr field and im not sure but i think nextcloud is looking for the real addres in that field. the collateral damage from tihs issue is that once the brute force is triggered ALL users from everywhere are blocked.

my setup s running nginx and im on NC20. im also running HAproxy as a reverse proxy with ssl offloading. the nextcloud does not have a ssl certificate on it. it only runs on port 80