Source ip with cloudflare tunnel

svetlinsem · December 31, 2023, 8:03pm

Hello Guys Happy New Year.

I have Nextcloud instalation in proxmox vm and i use cloudflaer tunnel to connect outside my internal network. I have lxc with cloudflaer installed.
I have installed mod_remoteip.
The problem i cant get any source ip only lxc IP.

Nextcloud version (eg, 20.0.5): 28.0.1
Operating system and version (eg, Ubuntu 20.04): ubuntu server 22.04
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.52 PHP version _(eg, 7.4)_: PHP 8.1.2`

The output of your Nextcloud log in Admin > Logging:

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

sudo cat /var/www/nextcloud/config/config.php
[sudo] password for svetlinsem:
<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => '192.168.1.8',
    1 => 'nextcloud.domain.com',
  ),
  'forwarded_for_headers' =>
  array (
    0 => 'HTTP_X_FORWARDED_FOR',
  ),
  'trusted_proxies' =>
  array (
    0 => '173.245.48.0/20',
    1 => '103.21.244.0/22',
    2 => '103.22.200.0/22',
    3 => '103.31.4.0/22',
    4 => '141.101.64.0/18',
    5 => '108.162.192.0/18',
    6 => '190.93.240.0/20',
    7 => '188.114.96.0/20',
    8 => '197.234.240.0/22',
    9 => '198.41.128.0/17',
    10 => '162.158.0.0/15',
    11 => '104.16.0.0/13',
    12 => '104.24.0.0/14',
    13 => '172.64.0.0/13',
    14 => '131.0.72.0/22',
),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'mysql',
  'version' => '28.0.1.1',
  'overwrite.cli.url' => 'https://nextcloud.domain.com',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'user',
  'dbpassword' => 'pass',
  'installed' => true,
  'default_phone_region' => 'BG',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'mail',
  'mail_domain' => 'gmail.com',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'svetlinsem',
  'mail_smtppassword' => 'pass',
  'maintenance' => false,
  'loglevel' => 1,
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'log_type_audit' => 'file',
  'logfile_audit' => '/var/log/nextcloud/audit.log',
  'theme' => '',
  'updatedirectory' => '/home/update/',
);

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

PASTE HERE

    DocumentRoot "/var/www/nextcloud"
    ServerName nextcloud
    RemoteIPHeader CF-Connecting-IP

    <Directory "/var/www/nextcloud/">
        Options MultiViews FollowSymlinks
        AllowOverride All
        Order allow,deny
        Allow from all
   </Directory>

   TransferLog /var/log/apache2/nextcloud_access.log
   ErrorLog /var/log/apache2/nextcloud_error.log

RewriteEngine on
RewriteCond %{SERVER_NAME} =nextcloud [OR]
RewriteCond %{SERVER_NAME} =nextcloud.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

svetlinsem · January 3, 2024, 10:30am

Is there anyone else with this problem?

wwe · January 3, 2024, 1:04pm

Hi @svetlinsem welcome to the forum

don’t forget this forum is driven by volunteers in their spare time!

Please use the search - lot of issues have been discussed already. good search term in your case is real-ip and cloudflare

This might be useful for you:

svetlinsem · January 14, 2024, 4:43pm

Hello Guys,

I solved and now i see real ip. Thank you @DimBear post.
I was testing different setups and this is working "just add getaway in proxy array " !

<?php
$CONFIG = array (
  'instanceid' => 'secret',
  'passwordsalt' => 'scret',
  'secret' => 'secret',
  'trusted_domains' => 
  array (
    0 => '192.168.1.8',
    1 => 'nextcloud.domain.com',
  ),
  'forwarded_for_headers' => 
  array (
     0 => 'HTTP_X_FORWARDED-FOR',
     1 => 'HTTP_CF_CONNECTING_IP',
  ),
  'trusted_proxies' =>
  array (
    0 => '173.245.48.0/20',
    1 => '103.21.244.0/22',
    2 => '103.22.200.0/22',
    3 => '103.31.4.0/22',
    4 => '141.101.64.0/18',
    5 => '108.162.192.0/18',
    6 => '190.93.240.0/20',
    7 => '188.114.96.0/20',
    8 => '197.234.240.0/22',
    9 => '198.41.128.0/17',
    10 => '162.158.0.0/15',
    11 => '104.16.0.0/13',
    12 => '104.24.0.0/14',
    13 => '172.64.0.0/13',
    14 => '131.0.72.0/22', 
    15 => '192.168.1.1/24'
  ),
  'overwrite.cli.url' => 'http://nextcloud.domain.com',
  'overwritehost' => 'nextcloud.domain.com',
  'overwriteprotocol' => 'https',
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'mysql',
  'version' => '28.0.1.1',
  'dbname' => 'secret',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'secret',
  'dbpassword' => 'secret',
  'installed' => true,
  'default_phone_region' => 'BG',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'secret',
  'mail_domain' => 'gmail.com',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'secret',
  'mail_smtppassword' => 'secret',
  'maintenance' => false,
  'loglevel' => 1,
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'log_type_audit' => 'file',
  'logfile_audit' => '/var/log/nextcloud/audit.log',
  'theme' => '',
  'updatedirectory' => '/home/update/',
  'maintenance' => false,
);

<VirtualHost *:80>
    DocumentRoot "/var/www/nextcloud"
    ServerName nextcloud.domain.com
    RemoteIPHeader CF-Connecting-IP

    <Directory "/var/www/nextcloud/">
        Options MultiViews FollowSymlinks
        AllowOverride All
        Order allow,deny
        Allow from all
   </Directory>

   TransferLog /var/log/apache2/nextcloud_access.log
   ErrorLog /var/log/apache2/nextcloud_error.log

RewriteEngine on
RewriteCond %{SERVER_NAME} =nextcloud [OR]
RewriteCond %{SERVER_NAME} =nextcloud.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

RemoteIPHeader CF-Connecting-IP
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18 
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/13
RemoteIPTrustedProxy 104.24.0.0/14
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22

Hope this helps.

system · January 22, 2024, 4:44pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.