Remote Address is localhost (127.0.0.1) why?

nyanmarudesu · February 8, 2025, 9:52pm

Hello!

I am using a freshly new installed Nextcloud Server (hosted local in a VM). The traffic is getting routed to my nextcloud server via a reverse proxy (nginx proxy manager).

I am using following versions:

Nextcloud AIO: Nextcloud Hub 9 (30.0.5)
NGINX Proxy Manager Version v2.12.3

The Problem is, that it is showing/logging the wrong Remote Address (it shows 127.0.0.1 failed logins for example)

I have following settings in the advanced settings of npm:

client_body_buffer_size  512k;
proxy_read_timeout 86400s;
client_max_body_size 50G;

# https://github.com/nextcloud/all-in-one/discussions/588
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
         proxy_set_header X-Forwarded-Scheme $scheme;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header Early-Data $ssl_early_data;

More information from the docker instance:
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:get trusted_proxies

127.0.0.1
::1
172.18.0.0/16
XX.XXX.XXX.99 (redacted for privacy)

docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:get trusted_domains

localhost
nextcloud.mydomain.com

Is there anything else i have to adjust? I’ve researched many topics but nothing worked for me.

jtr · February 10, 2025, 5:39pm

What is the IP address of your reverse proxy? Where is the reverse proxy running? In another VM? On the underlying host? In a container in the same VM?

Please also post for completeness:

Full system config: occ config:list system
Compose file used to run AIO/etc

nyanmarudesu · February 10, 2025, 6:56pm

Hello,

I’ve edited my main post. I forgot to add the IP-Address in the comment.

Where is the reverse proxy running?
The reverse Proxy is located on a different Server (provider). Nextcloud also on another Location.

docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:list system

{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "nextcloud.MYDOMAIN.com",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "1": "nextcloud.MYDOMAIN.com",
            "3": "XX.XXX.XXX.99"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "30.0.5.1",
        "overwrite.cli.url": "https:\/\/nextcloud.MYDOMAIN.com\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "loglevel": 2,
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": 10485760,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": 2048,
        "preview_max_y": 2048,
        "jpeg_quality": 60,
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary",
            "23": "OC\\Preview\\ImaginaryPDF"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": 30,
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "updatedirectory": "\/nc-updater",
        "maintenance_window_start": 100,
        "allow_local_remote_servers": true,
        "davstorage.request_timeout": 3600,
        "documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
        "htaccess.RewriteBase": "\/",
        "dbpersistent": false,
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "files_external_allow_create_new_local": false,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "DOMAIN": "nextcloud.MYDOMAIN.com"
    }
}

cat docker-compose.yml

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    network_mode: bridge
    ports:
      #- 80:80
      - 8080:8080
      #- 8443:8443
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0
      - NEXTCLOUD_DATADIR=/mnt/storagebox
volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

scubamuc · February 10, 2025, 8:18pm

hey @nyanmarudesu and @jtr,

I’m not an AIO user, but this sounds like a host configuration issue. Maybe this helps you figure out how to set the hostname correctly.

FQDN for Nextcloud instance, vm or container behind reverse proxy with termination

Setting FQDN (Fully Qualified Domain Name) is best practice and is optional on self-hosted Nextcloud instances running on vm or container behind reverse proxy with termination and may improve site response.

Discover hostname:
- issue command

 hostnamectl

or

 hostname

Set or change hostname:
- issue command

hostnamectl set-hostname NEW-HOSTNAME

Set FQDN on instance behind reverse proxy with termination:
- edit /etc/hosts in vm or container using your favourite editor as root $ sudo nano /etc/hosts and add second line
  replacing <your.reverse.proxy.ip> <your.domain.xyz> and <hostname> with your own domain name and hostname:

127.0.0.1       localhost
<your.reverse.proxy.ip>   <your.domain.xyz>   <hostname>

## The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

it may be worth a try?

nyanmarudesu · February 17, 2025, 7:40pm

Thank you for your assistance. After researching here and there, this worked for me:

docker exec --user www-data -it nextcloud-aio-nextcloud \
  php occ config:system:set forwarded_for_headers 0 --value="HTTP_X_FORWARDED_FOR"

docker exec --user www-data -it nextcloud-aio-nextcloud \
  php occ config:system:set forwarded_for_headers 1 --value="HTTP_X_REAL_IP"

system · February 25, 2025, 7:40pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.