Notify_push setup does not accept trusted proxy

ℹ️ Support
,
1

Hi everyone,

I have a strange issue with the new notify_push app. I have added my IP to the trusted_proxies list, but it just won’t accept it. The output looks like this:

✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
🗴 push server is not a trusted proxy, please add '1.2.3.4' to the list of trusted proxies or configure any existing reverse proxy to forward the 'x-forwarded-for' send by the push server.
  See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies for how to set trusted proxies.
  The following trusted proxies are currently configured: 1.2.3.4, 5.6.7.8
  The following x-forwarded-for header was received by Nextcloud: 5.6.7.8
    from the following remote: 1.2.3.4

  If you're having issues getting the trusted proxy setup working, you can try bypassing any existing reverse proxy
  in your setup by setting the `NEXTCLOUD_URL` environment variable to point directly to the internal Nextcloud webserver url
  (You will still need the ip address of the push server added as trusted proxy)

I don’t understand this behavior as the IP it complains about is identical to the one it lists as a configured trusted proxy.

I have a kind of complicated setup though, maybe the reason lies somewhere in there:

  1. I have a nginx proxy on 1.2.3.4 which forwards traffic to 5.6.7.8
  2. 5.6.7.8 is a firewall wich port-forwards the traffic to the actual server (10.0.0.12)
  3. The server has an apache2 server to drive Nextcloud.

I am kind of stuck at this point. Any help would be appreciated :slight_smile:

Regards,
Dorian

2

I just had the same problem. I did solve it by using additional configurations in my apache config for my site in addition to the ProxyPass lines (under VirtualHost).
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy my.domain

Don’t forget to enable the module:
a2enmod remoteip

3

Thanks for the hint. Unfortunately it did not solve the problem for me.
I ended up pointing the NEXTCLOUD_URL of the notify_push service to my local machine, bypassing the proxy.

4

@khlschrnk @dorian You are probably suffering from the same issue as I was. It is not necessary to enable the remoteip module if you add the configuration setting ‘trusted_proxies’ to your configuration and add the relevant ip addresses to that array.

One warning: the notify_push app appears to add a default ‘trusted_proxies’ setting to the configuration and if that default setting appears below your manual setting, then the latter will override your manual setting. If you see the same in your configuration file, just remove the first setting and add the relevant ip address to the remaining ‘trusted_proxies’ setting.