Nextcloud with nginx reverse proxy

I have Nextcloud 30.0.1(apache) inside Ubuntu 24 vm
Reverse proxy is nginx on separate vm on same network

If I access over same network it works, if I access over Internet it works, but for some reason, if I access over site to site vpn it identifies client ip as reverse proxy ip, and throws headers warning, Can someone point where can be an error, or which logs to check?

Since it works over the internet which also goes through the reverse proxy, it is hard to tell what is wrong without more information. What software do you use to create the VPN?

Maybe post some details (e.g. reverse proxy configuration) and how you configured the VPN. Then someone might be able to help :wink:

I used wireguard on pfsense on one side and mikrotik on the other, I checked reverse proxy access log, it shows ip, which should be passed to nextcloud(nextcloud doesn’t get it)
/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
   
}

http {

        proxy_buffering off;
        client_max_body_size 20000M;
        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

  

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;


        access_log /var/log/nginx/access.log;

   
        gzip on;


        include /etc/nginx/conf.d/*.conf;

/etc/nginx/sites-available/reverse-proxy

server {
    server_name nextcloud.myreal.domain;


    location / {
    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
    proxy_set_header  X-Forwarded-Host $server_name;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://172.156.10.11:80;
    proxy_buffering off;
    proxy_buffers 16 4k;
    proxy_buffer_size 2k;
    }

    location /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }

    location /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nextcloud.myreal.domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.myreal.domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

server {
    if ($host = nextcloud.myreal.domain) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name nextcloud.myreal.domain;
    listen [::]:80;
    listen 80;
    return 404; # managed by Certbot
}

I used this guide Running Nextcloud behind NGINX reverse proxy | Zuckerbude
but changed proxy_set_header X-Forwarded-Host because I would get and error about trusted domains