Nextcloud only sees ::1 instead of public IP

ℹ️ Support
1

I’ve been at this for a long time and all of my research only has SOME level of applicableness.
Anything in nextcloud between bruteforce logs, and sign in attempts, anything that SHOULD be a public IP address is only ::1, which is odd since I don’t utilize ipv6 in any capacity. I use Caddy v2 for the reverse proxy. The access logs in Caddy show the right IP addresses, both my celluar data’s IP and my home IP so that leads me to believe the issue is further down. Caddy and Nextcloud are hosted on the same server. Here’s what my CaddyFile looks like, I’ve had a LOT of revisions before and they all never worked but here it currently is:

nextcloud.com {
        reverse_proxy localhost:8000

    header {
        Strict-Transport-Security max-age=31536000;
    }
    redir /.well-known/webfinger /public.php?service=webfinger 301

}

Here’s what it looks like in /etc/apache2/sites-enabled/nextcloud.conf

<VirtualHost *:8000>
  DocumentRoot /var/www/html/nextcloud/
  ServerName  nextcloud.com

  <Directory /var/www/html/nextcloud/>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews

    <IfModule mod_dav.c>
      Dav off
    </IfModule>
  </Directory>
</VirtualHost>

and here is my NextCloud configure file.

<?php
$CONFIG = array (
  'instanceid' => 'XXXXXXXXXX',
  'passwordsalt' => 'XXXXXXXXXXXXXXXXXXXXXXXX',
  'secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
  'trusted_domains' =>
  array (
    0 => 'hostname',
    1 => 'www.nextcloud.com',
    2 => 'nextcloud.com',
  ),
  'trusted_proxies' => array('127.0.0.1'),
  'datadirectory' => '/RAID/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '21.0.9.1',
  'overwritehost' => 'nextcloud.com',
  'overwrite.cli.url' => 'http://nextcloud.com',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'XXXXXXX',
  'dbpassword' => 'XXXXXXXXXXXXXXXXXXX',
  'installed' => true,
  'loglevel' => 0,
  'updatechecker' => true,
  'maintenance' => false,
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'XXXXXXXXXXXXXXX',
  'mail_domain' => 'XXXXX',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'XXXXXXXXXXXXX',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'XXXXXXXXXXXXXXXXXXXXXX',
  'mail_smtppassword' => 'XXXXXXXXXXXXXXXXXXXXXXXXXX',
  'has_rebuilt_cache' => true,
  'updater.secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
  'theme' => '',
);

Again, I’m not entirely sure what to troubleshoot anymore. Caddy gives me the right IP and I haven’t been able to figure out in any documentation anything but X-Forwarded-Host and I never get to see where or how to apply what that is. Any assistance would be greatly appreciated or at least any clues/websites that may lead me in the right direction. It all works fine otherwise.

2

modern OS prefer IPv6 over IPv4 which starts with intra-hosts connections - most likely this is why your reverse proxy access Nextcloud backend using IPv6 (::1 = localhost). you can enforce IPv4 using 127.0.0.1:8000 (but I like localhost:8000 better)

Maybe adding ::1 and/or localhost to trusted_proxies of NC already does the trick. If not check X_FORWARDED_ headers - the proxy must send the headers to NC…

1 Like
3

Wow, that did it. I can’t personally thank you enough. I’ve spend easily over 100 hours trying to get this figured out and never thought to try that nor was my research or anyone I asked for help suggested that. You are an absolute lifesaver and saved me a lot of future headaches trying to work around this problem. Adding the ::1 in trusted_proxies did it.

1 Like