I’m trying to set up fail2ban for my snap nextcloud installation but I noticed that the IPs being logged is my proxy server instead of the ip from the user in /var/snap/nextcloud/current/logs/nextcloud.log
Proxy Server IP: 192.168.1.2
Snap NC IP: 192.168.1.15
nginx config on proxy server
server {
listen 443 ssl;
server_name [domain];
ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem;
client_max_body_size 50G;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Strict-Transport-Security "max-age=31536000" always;
add_header Front-End-Https on;
proxy_pass https://192.168.1.15;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
}
There was a post stating that I have to enable mod_remoteip but /snap/nextcloud/current/conf/httpd.conf
is locked.