Nextcloud version (eg, 12.0.2): 16.0.0
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): Latest Docker image
PHP version (eg, 7.1): Latest Docker image
The issue you are facing:
Hi! I have deployed the latest Nextcloud 16 default Docker image to a Kubernetes cluster, and in the Admin/Overview page I see this message:
The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud.
I’ve read about the trusted proxies setting, but I don’t know what IPs to set in this case since it’s a Kubernetes cluster. I am using Nginx as the ingress controller. I have temporarily set trusted proxies to 127.0.0.1 and the error went away but I am not sure of the implications.
I’m also using Cloudflare. Do I have to do anything in particular so that Nextcloud sees the actual IP of the user considering that I am using Kubernetes?
I can find very little on running Nextcloud on top of Kubernetes unfortunately.
Is this the first time you’ve seen this error? (Y/N):
Yes. Before v16 on Kubernetes I was running v15 on plain Docker and didn’t have this issue - in that case I was using the FPM image behind an instance of Nginx with a custom configuration, so it was a bit easier. However I didn’t even have trusted_proxies set and I didn’t see the error above.
Steps to replicate it:
- Deploy the latest v16 Docker image (default one) to Kubernetes with Nginx as ingress controller
- Check Admin/Overview
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
https://ybin.me/p/4bbb7bfc2fa0ef17#g0sCSw0qaXVb6K+UOobTw1HQQrQjw2LYalc3yn9sh4I=