Nextcloud with nginx reverse proxy

I have Nextcloud 30.0.1(apache) inside Ubuntu 24 vm
Reverse proxy is nginx on separate vm on same network

If I access over same network it works, if I access over Internet it works, but for some reason, if I access over site to site vpn it identifies client ip as reverse proxy ip, and throws headers warning, Can someone point where can be an error, or which logs to check?

Since it works over the internet which also goes through the reverse proxy, it is hard to tell what is wrong without more information. What software do you use to create the VPN?

Maybe post some details (e.g. reverse proxy configuration) and how you configured the VPN. Then someone might be able to help :wink:

I used wireguard on pfsense on one side and mikrotik on the other, I checked reverse proxy access log, it shows ip, which should be passed to nextcloud(nextcloud doesn’t get it)
/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
   
}

http {

        proxy_buffering off;
        client_max_body_size 20000M;
        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

  

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;


        access_log /var/log/nginx/access.log;

   
        gzip on;


        include /etc/nginx/conf.d/*.conf;

/etc/nginx/sites-available/reverse-proxy

server {
    server_name nextcloud.myreal.domain;


    location / {
    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
    proxy_set_header  X-Forwarded-Host $server_name;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://172.156.10.11:80;
    proxy_buffering off;
    proxy_buffers 16 4k;
    proxy_buffer_size 2k;
    }

    location /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }

    location /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nextcloud.myreal.domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.myreal.domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

server {
    if ($host = nextcloud.myreal.domain) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name nextcloud.myreal.domain;
    listen [::]:80;
    listen 80;
    return 404; # managed by Certbot
}

I used this guide Running Nextcloud behind NGINX reverse proxy | Zuckerbude
but changed proxy_set_header X-Forwarded-Host because I would get and error about trusted domains

What side is the one used to access the reverse proxy? How did you configure routing, so that your local network is accessible through the site-to-site tunnel?

Sounds like some NAT is involved

SOLVED BY THESE

config.php

It became
'forwarded_for_headers' => array('HTTP_X_REAL_IP'),

It was
 'forwarded_for_headers' =>
  array (
    0 => 'HTTP_X_FORWARDED',
    1 => 'HTTP_FORWARDED_FOR',
  ),

remoteip.conf

RemoteIPHeader X-Forwarded-For
#RemoteIPTrustedProxy 172.156.10.13
RemoteIPInternalProxy 172.156.10.13
Replaced Trusted with internal

btw does somebody know why these changes made it work, like setting X_REAL_IP in config but setting X-Forwarded-For in remoteip.conf
And Internalproxy instead of TrustedProxy

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.