Setup
I’m running both Nextcloud and Caddy with their official Docker images.
Nextcloud docker-compose.yml
networks:
proxy:
external: true
services:
app:
image: nextcloud
container_name: nextcloud
depends_on:
- db
environment:
- MYSQL_HOST=db
- APACHE_DISABLE_REWRITE_IP=1
- TRUSTED_PROXIES=caddy
- NEXTCLOUD_TRUSTED_DOMAINS=app.domain.com
env_file:
- ./db-creds.env
networks:
- proxy
volumes:
- ./app:/var/www/html
Nextcloud and Caddy are both inside the the proxy
-network, so ports 80/443 are only exposed to the host on Caddys side.
The Caddyfile for Nextcloud looks like this:
app.domain.com {
reverse_proxy nextcloud:80
header Strict-Transport-Security max-age=31536000;
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
}
Issue
Nextcloud doesn’t get the real origin of the client requests but only sees the reverse proxys IP (172.29.0.2
):
nextcloud | 172.29.0.2 - - [23/Apr/2023:07:51:32 +0000] "GET /login HTTP/1.1"
nextcloud | 172.29.0.2 - - [23/Apr/2023:07:51:32 +0000] "GET /dist/core-files_fileinfo.js?v=232911c0-0 HTTP/1.1"
nextcloud | 172.29.0.2 - - [23/Apr/2023:07:51:32 +0000] "GET /apps/theming/js/theming.js?v=232911c0-0 HTTP/1.1"
When I just swap Caddy for i.e. NGINX Reverse Proxy Manager, Nextcloud suddenly starts getting the public IP of the requesting client.
This makes me think the issue is on Caddys side?
header_up Host {remote}
header_up X-Real-IP {remote}
header_up -X-Forwarded-For
header_up X-Forwarded-Port {server_port}
header_up X-Forwarded-Proto {scheme}
As far as I get it, you need to add some sort of those directives to Caddyfile
however I’ve tried them all in different combinations and had no success so far.
I found this article Howto get real IP but couldn’t find out a working solution from it.