Nextcloud requests got through external gateway

I will try to be as succinct as I can. I have AIO running on one host using an nginx reverse proxy on another host. I have a split dns setup so internal requests are given internal addresses using unbound on both the AIO host and the Nginx host.

My logs have errors like this:

Dec 29 12:58:42 toto nginx: 2023/12/29 12:58:42 [warn] 10985#0: *18302 upstream sent duplicate header line: “Server: Apache/2.4.58 (Unix)”, previous value: “Server: Caddy”, ignored while reading r
esponse header from upstream, client: 192.168.1.3, server: cloud2.genashor.com, request: “GET /apps/richdocuments/settings/fonts.json HTTP/1.1”, upstream: “http://192.168.1.3:11000/apps/richdocuments/settings/fonts.json”, host: “cloud2.genashor.com”

I’ve tried everything I could find but can’t seem to identify why this is happening. A question is the client address. 192.168.1.3 is the AIO host. Other lines have 192.168.1.1 which is the router IP. Does this indicate that I’ve set up my nginx proxy incorrectly so it’s reporting the wrong client address?

The nginx proxy is set up like this:

server {
include ssl.conf;
server_name cloud2.genashor.com;

location / {
    if ( $http_user_agent ~ ^DavClnt ) {
        return 302 /remote.php/webdav/$is_args$args;
    }
    proxy_pass http://192.168.1.3:11000$request_uri;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Accept-Encoding "";
    proxy_set_header Host $host;

    client_body_buffer_size 512k;
    proxy_read_timeout 86400s;
    client_max_body_size 0;

    # Websocket
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    fastcgi_buffers 64 4k;
}

I’m sure I’m missing something obvious but I can’t figure it out.

Regards,
Gary

Hi, can you follow How to debug problems with Collabora and/or Talk · nextcloud/all-in-one · Discussion #1358 · GitHub?

Thanks. I tried that but it still generates the same errors.

Collabora seems to work, it’s just that I get these nagging errors that I’m trying to make sense of and fix.

I can’t post the discovery output since it has more than 4 links embedded in the output but I couldn’t find anything questionable about it.

funny thing I was seeing this issue for long time.

Nextcloud and Collabora running on the same Docker host where talking to each other using public IP despite the fact working splitbraindns was in place and internal client, internet router and Docker host itself resolved the dns records to the local IP of the Docker host. I didn’t find the root cause - likely it it lies somewhere in the depth of routing and iptables used when you setup Docker containers.

long story short - I played a little with internal Docker DNS and found a good workaround - just add all the public DNS records as alias to reverseproxy container. for details look here

This sounds very promising and actually makes some sense since my nginx machine’s IP has multiple “virtual” domain names assigned to it. Reverse lookup might pick the wrong one.

Gary

I gave it a go but I can’t seem to figure out where to set the aliases. I put this in my docker-compose.yml but it complains that I can’t assign the attribute aliases.

’
networks:
nextcloud-aio:
name: nextcloud-aio
driver: bridge
aliases:
- cloud2.genashor.com
- wiki.genashor.com
- postoffice.genashor.com
’

I feel you’ve given me good advice, but I can’t seem to follow the directions.

Figured it out and tested aliases. They work as advertized but I still get this strange error in the logs. This is one tough nut to crack.

What is the purpose of having Caddy in front of Apache when I have an external nginx reverse proxy? Couldn’t I just connect directly to Apache?

Gary

I think what you are actually looking for is this: GitHub - nextcloud/all-in-one: The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.

Bottom line, everything is functioning fine. I suppressed the nginx warnings by moving the log level from warn to error. My guess is that others would have complained if they had nginx set to output at warn level. I also discovered the problem with the strange ip address in the warnings. I had to remove the X-Real-IP header sent by nginx as docker seems to handle this incorrectly.