The reverse proxy header configuration is incorrect after update to 25.0.2

Hello guys, I updated to 25.0.2 and got this warning message for the first time in years:

The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. Further information can be found in the documentation :arrow_upper_right:.

I’m using Docker and jwilder/nginx-proxy as reverse proxy. Saw posts about ‘trusted_proxies’ but would like to hear your thoughts cause I’m updating my containers for years same way and first time I see this error. Could be security issue? Thanks

hello @zimans welcome to the forum :handshake:

You didn’t provide enough information to understand the issue. Please follw the docs provided or explain what is wrong…

additionally take the following wiki about reverse proxy config for Docker Apache image:

Apache Docker behind reverse proxy

Thank you, I’m not very tech savvy so I can’t nail the root of the problem. In fact everything is working fine, I’m just seeing that warning for the first time and I guess something has changed, don’t know if it’s proxy or nextcloud.
Both containers (reverse proxy and nextcloud) are on same vps and there is no ‘trusted proxies’ in my config.php, but seeing that warning for the first time. I’ve been using and updating this setup for years.
Will take a good look at your post and try to figure out something.

I just added 'trusted_proxies' => array('localhost'), into config.php and warning message disappeared. Is that a good solution?

if your reverse proxy runs on the same system (localhost) this absolutely right.

1 Like