I have Nextcloud 30.0.1(apache) inside Ubuntu 24 vm
Reverse proxy is nginx on separate vm on same network
If I access over same network it works, if I access over Internet it works, but for some reason, if I access over site to site vpn it identifies client ip as reverse proxy ip, and throws headers warning, Can someone point where can be an error, or which logs to check?
Since it works over the internet which also goes through the reverse proxy, it is hard to tell what is wrong without more information. What software do you use to create the VPN?
Maybe post some details (e.g. reverse proxy configuration) and how you configured the VPN. Then someone might be able to help 
I used wireguard on pfsense on one side and mikrotik on the other, I checked reverse proxy access log, it shows ip, which should be passed to nextcloud(nextcloud doesn’t get it)
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
proxy_buffering off;
client_max_body_size 20000M;
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
/etc/nginx/sites-available/reverse-proxy
server {
server_name nextcloud.myreal.domain;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.156.10.11:80;
proxy_buffering off;
proxy_buffers 16 4k;
proxy_buffer_size 2k;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/nextcloud.myreal.domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/nextcloud.myreal.domain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
server {
if ($host = nextcloud.myreal.domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name nextcloud.myreal.domain;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}
I used this guide Running Nextcloud behind NGINX reverse proxy | Zuckerbude
but changed proxy_set_header X-Forwarded-Host because I would get and error about trusted domains
What side is the one used to access the reverse proxy? How did you configure routing, so that your local network is accessible through the site-to-site tunnel?
Sounds like some NAT is involved
SOLVED BY THESE
config.php
It became
'forwarded_for_headers' => array('HTTP_X_REAL_IP'),
It was
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
1 => 'HTTP_FORWARDED_FOR',
),
remoteip.conf
RemoteIPHeader X-Forwarded-For
#RemoteIPTrustedProxy 172.156.10.13
RemoteIPInternalProxy 172.156.10.13
Replaced Trusted with internal
btw does somebody know why these changes made it work, like setting X_REAL_IP in config but setting X-Forwarded-For in remoteip.conf
And Internalproxy instead of TrustedProxy
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.