Nextcloud proxy issue apache and localhost install

BENETNATH · September 20, 2023, 8:47am

Nextcloud version (eg, 20.0.5): 27.1.0
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04.3
Apache or nginx version (eg, Apache 2.4.25): Apache2.4.57
PHP version (eg, 7.4): 8.1.2

The issue you are facing:
My set-up was working perfectly, but recently, a message appeared on the nextcloud admin panel :

Votre adresse réseau a été identifiée comme “192.168.10.1” et elle est bridée par le mécanisme anti-intrusion ce qui ralentit la performance de certaines requêtes. Si cette adresse réseau n’est pas la vôtre, cela peut signifier qu’il y a une erreur de configuration d’un proxy.

It seems that I have a proxy issue but I did not change anything in my config.
This error appears only when I’m connecting on the LAN
From the outside, everything is green !

The output of your Nextcloud log in Admin > Logging:
no error at all in the log

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '*********',
  'passwordsalt' => '**********',
  'secret' => ''**********',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'my.domain.name',
  ),
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '127.0.0.1',
    'port' => 6379,
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'overwritehost' => 'my.domain.name',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
  'trusted_proxies' => 
  array (
    0 => 'localhost',
  ),
  'forwarded_for_headers' => 
  array (
    0 => 'HTTP_X_FORWARDED',
    1 => 'HTTP_FORWARDED_FOR',
  ),
  'datadirectory' => '/media/partage/data',
  'dbtype' => 'mysql',
  'version' => '27.1.0.7',
  'overwrite.cli.url' => 'https://my.domain.name',
   'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '******',
  'dbpassword' => '********',
  'installed' => true,
  'theme' => '',
  'loglevel' => 3,
  'maintenance' => false,
  'allow_local_remote_servers' => true,
  'default_phone_region' => 'FR',
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '465',
  'mail_from_address' => '******',
  'mail_domain' => 'gmail.com',
  'mail_smtpauth' => 1,
  'mail_smtpname' => '*****',
  'mail_smtppassword' => '******',
  'updater.release.channel' => 'stable',
  'app_install_overwrite' => 
  array (
    0 => 'drawio',
    1 => 'files_trackdownloads',
    2 => 'duplicatefinder',
  ),
);

The output of your Apache/nginx/system log in /var/log/____:
nextcloud
access.log

192.168.10.1 - - [20/Sep/2023:10:35:31 +0200] "PROPFIND /remote.php/dav/files/benetnath/ HTTP/1.1" 207 5815 "-" "Mozilla/5.0 (Windows) mirall/3.10.0stable-Win64 (build 20230915) (Nextcloud>

192.168.10.1 - - [20/Sep/2023:10:35:35 +0200] "GET /index.php/settings/admin/overview HTTP/2.0" 200 42085 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec>

192.168.10.1 - - [20/Sep/2023:10:35:36 +0200] "GET /index.php/apps/theming/image/background?v=4 HTTP/2.0" 404 25392 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /ocs/v2.php/search/providers?from=%2Fsettings%2Fadmin%2Foverview HTTP/2.0" 200 1124 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleW>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "PROPFIND /.well-known/caldav HTTP/2.0" 301 669 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/1>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "PROPFIND /.well-known/carddav HTTP/2.0" 301 669 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /.well-known/nodeinfo HTTP/2.0" 404 772 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /.well-known/webfinger HTTP/2.0" 404 773 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /ocm-provider/ HTTP/2.0" 200 999 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 S>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /ocs-provider/ HTTP/2.0" 200 1465 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 >

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "PROPFIND /remote.php/webdav HTTP/2.0" 207 3182 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/1>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /index.php/heartbeat HTTP/2.0" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "PROPFIND /remote.php/dav/ HTTP/2.0" 207 4028 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "PROPFIND /remote.php/dav/ HTTP/2.0" 207 4028 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /ocs/v2.php/cloud/groups/details HTTP/2.0" 200 1492 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)>

192.168.10.1 - - [20/Sep/2023:10:35:39 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 200 854 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (>

192.168.10.1 - - [20/Sep/2023:10:35:38 +0200] "GET /index.php/settings/ajax/checksetup HTTP/2.0" 200 4227 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec>

and the apache2 conf :

<VirtualHost *:80>
        ServerAdmin domain@gmail.com
        ServerName cloud.domain.fr
        ServerAlias cloud.domain.fr
     DocumentRoot /var/www/html/nextcloud/
     <Directory /var/www/html/nextcloud/>
          Options +FollowSymLinks
          AllowOverride All
          <IfModule mod_dav.c>
               Dav off
          </IfModule>
          SetEnv HOME /var/www/html/nextcloud/
          SetEnv HTTP_HOME /var/www/html/nextcloud/
     </Directory>
     ErrorLog /var/log/apache2/nextcloud/error.log
     LogLevel warn
     CustomLog /var/log/apache2/nextcloud/access.log combined
     ServerSignature Off
ProxyPass / http://192.168.10.100/ nocanon
ProxyPassReverse / http://192.168.10.100/
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.domain.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

and SSL conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin domain@gmail.com
        ServerName cloud.domain.com
        ServerAlias cloud.domain.com
     DocumentRoot /var/www/html/nextcloud/
     <Directory /var/www/html/nextcloud/>
          Options +FollowSymLinks
          AllowOverride All
          <IfModule mod_dav.c>
               Dav off
          </IfModule>
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>
          SetEnv HOME /var/www/html/nextcloud/
          SetEnv HTTP_HOME /var/www/html/nextcloud/
     </Directory>
     ErrorLog /var/log/apache2/nextcloud/error.log
     LogLevel warn
     CustomLog /var/log/apache2/nextcloud/access.log combined
     ServerSignature Off
ProxyPreserveHost On
ProxyRequests Off
RequestHeader unset Accept-Encoding
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cloud.domain.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.domain.com-0001/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
        ServerAdmin domain@gmail.com
        ServerName cloud.domain.com
        ServerAlias cloud.domain.com
     DocumentRoot /var/www/html/nextcloud/
     <Directory /var/www/html/nextcloud/>
          Options +FollowSymLinks
          AllowOverride All
          <IfModule mod_dav.c>
               Dav off
          </IfModule>
          SetEnv HOME /var/www/html/nextcloud/
          SetEnv HTTP_HOME /var/www/html/nextcloud/
     </Directory>
     ErrorLog /var/log/apache2/nextcloud/error.log
     LogLevel warn
     CustomLog /var/log/apache2/nextcloud/access.log combined
     ServerSignature Off
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =cloud.domain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    <IfModule mod_http2.c>
      Protocols h2 http/1.1
    </IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>

RewriteCond %{SERVER_NAME} =cloud.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
</IfModule>

Do you think there is something to improve ??

Thanks

wwe · September 21, 2023, 7:14pm

hi @BENETNATH welcome back. I think your Nextcloud or reverseproxy doesn’t pass/accept IP adresses from different internal clients so it looks like all requests come from the reverse proxy IP. take a look at Apache Docker behind reverse proxy maybe you get some ideas…

jeff-bzh · October 2, 2023, 8:35pm

hi @BENETNATH ,

Did you found a solution ?

I’m facing exactly the same issue.

Thx

BENETNATH · October 3, 2023, 7:05am

No…
I had no time to look for a solution.
The fact that it’s globally working makes me procrastinate on that particular topic…