I am trying to setup the standalone notify_push docker image with Nextcloud 28.0.3 running in docker. However, when I try to add It, the system keeps complaining about the proxy not being trusted because of the IP address not being 1.2.3.4
This is my docker-compose for nextcloud:
nextcloud:
build:
context: /docker/nextcloud/dockerfile/
dockerfile: Dockerfile
container_name: nextcloud
restart: unless-stopped
volumes:
# Store core nextcloud data
- /docker/nextcloud/data/:/var/www/html
- /docker/nextcloud/config/:/var/www/html/config
# Storage location for apps installed from GUI, CLI, etc.
- /docker/nextcloud/apps/:/var/www/html/custom_apps
# Bind for local hard drive user files
- /nextcloud/:/var/www/html/data
# Temporary storage for Machine Learning implications such as Recognize tagging
tmpfs:
- /tmp:exec
depends_on:
- db
- redis
networks:
- redis
- mariadb
- traefik-public
- nextcloud
environment:
TRUSTED_PROXIES: localhost drive.example.com
NEXTCLOUD_UPDATES: 1
# MySQL credentials
MYSQL_DATABASE: "nextcloud"
MYSQL_USER: "nextcloud"
MYSQL_PASSWORD: ${NEXTCLOUD_MYSQL_PASSWORD}
MYSQL_HOST: "db:3306"
# SMTP Settings
SMTP_NAME: "nextcloud"
SMTP_AUTH_TYPE: "LOGIN"
SMTP_PASSWORD: ${NEXTCLOUD_MAIL_PASSWORD}
SMTP_PORT: 465
OVERWRITECLIURL: "https://drive.example.com"
PHP_UPLOAD_LIMIT: 2048M
PHP_MEMORY_LIMIT: 4G
REDIS_HOST: redis
notify_push:
image: docker.io/icewind1991/notify_push
container_name: notify_push
networks:
mariadb:
ipv4_address: 172.21.1.2
redis:
nextcloud:
traefik-public:
volumes:
- /docker/nextcloud/config/config.php:/config.php:ro
depends_on:
- db
- redis
- nextcloud
environment:
# This is used during setup for notify_push
- NEXTCLOUD_URL=http://nextcloud
entrypoint: /notify_push /config.php
This is what I have for config.php:
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'password' => '',
'port' => 6379,
),
'overwrite.cli.url' => 'https://drive.example.com',
'trusted_domains' =>
array (
0 => 'localhost:8080',
1 => 'drive.example.com',
2 => 'notify_push'
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '28.0.3.2',
'dbname' => 'nextcloud',
'dbhost' => 'db:3306',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'installed' => true,
'default_locale' => 'en_US',
'default_phone_region' => 'US',
'default_timezone' => 'America/New_York',
'auth.webauthn.enabled' => true,
'overwriteprotocol' => 'https',
'overwritehost' => 'drive.example.com',
'updater.release.channel' => 'stable',
'ncd_admin_settings' =>
array (
'ncd_yt_binary' => '/usr/bin/youtube-dl/',
'focusVisibleAdded' => '',
),
'maintenance' => false,
'maintenance_window_start' => 1,
'memories.exiftool' => '/var/www/html/custom_apps/memories/bin-ext/exiftool-amd64-glibc',
'loglevel' => 2,
'logfile' => '/var/www/html/nextcloud.log',
'trusted_proxies' =>
array (
0 => '172.21.1.2'
),
'theme' => '',
'app_install_overwrite' =>
array (
0 => 'social',
1 => 'maps',
2 => 'side_menu',
3 => 'memories',
4 => 'extract',
5 => 'duplicatefinder',
6 => 'talk_matterbridge',
7 => 'workspace',
),
'memories.vod.path' => '/var/www/html/custom_apps/memories/bin-ext/go-vod-amd64',
'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',
'memories.vod.ffprobe' => '/usr/bin/ffprobe',
);
This is what I have for Traefik:
http:
################################################################
# Services configuration
################################################################
services:
nextcloud:
loadBalancer:
servers:
- url: http://nextcloud:80
notify-push:
loadBalancer:
servers:
- url: http://notify_push:7867
################################################################
# Middleware configuration
################################################################
middlewares:
redirect-https:
redirectScheme:
scheme: https
permanent: true
nextcloud_redirectregex:
replacepathregex:
regex: "^/.well-known/ca(l|rd)dav"
replacement: "/remote.php/dav/"
nextcloud-headers:
headers:
stsincludesubdomains: true
stsSeconds: "315360000"
browserXssFilter: true
contentTypeNosniff: true
push-stripprefix:
stripPrefix:
prefixes:
- "/push"
################################################################
# Routers configuration
################################################################
routers:
nextcloud-http:
entrypoints: web
rule: Host(`drive.example.com`)
service: nextcloud
middlewares: redirect-https
nextcloud:
entrypoints: websecure
rule: Host(`drive.example.com`)
service: nextcloud
middlewares: nextcloud_redirectregex, nextcloud-headers
tls:
certresolver: myresolver
notify-push:
entrypoints: websecure
rule: Host(`drive.example.com`) && PathPrefix(`/push`)
service: notify-push
middlewares: push-stripprefix
This is what happens when I try to run sudo -u www-data php occ notify_push:setup https://drive.example.com/push
root@a7b7da65b7ef:/var/www/html# sudo -u www-data php occ notify_push:setup https://drive.jarexibackblaze.xyz/push
Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0
The current PHP memory limit is below the recommended value of 512MB.
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
🗴 push server is not a trusted proxy by Nextcloud or another proxy in the chain.
Nextcloud resolved the following client address for the test request: "172.21.1.2" instead of the expected "1.2.3.4"
The following trusted proxies are currently configured: "172.21.1.2"
The following x-forwarded-for header was received by Nextcloud: "1.2.3.4"
from the following remote: 172.21.1.2
✓ All proxies in the chain appear to be trusted by Nextcloud
If you're having issues getting the trusted proxy setup working, you can try bypassing any existing reverse proxy
in your setup by setting the `NEXTCLOUD_URL` environment variable to point directly to the internal Nextcloud webserver url
(You will still need the ip address of the push server added as trusted proxy)