- Nextcloud Server version (e.g., 29.x.x):
- Nextcloud Hub 25 Autumn (32.0.3)
- Operating system and version (e.g., Ubuntu 24.04):
- Debian 12
- Web server and version (e.g, Apache 2.4.25):
- Apache/2.4.65 (provided by docker image)
- Reverse proxy and version _(e.g. nginx 1.27.2)
- HAProxy version 3.0.11
- PHP version (e.g, 8.3):
- PHP 8.3.29 (provided by docker image)
- Is this the first time you’ve seen this error? (Yes / No):
- yes
- When did this problem seem to first start?
- after the latest docker pull
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Docker image “nextcloud:latest”
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
- no
Summary of the issue you are facing:
Once again another “X-Forwarded-For” stuff being ignored, although i already read some articles and posts like X-Forward-For HTTP header entry ignored . My Nextcloud instance does not work, ther services work fine.
The X-Forward-For HTTP header is being ignored and Nextcloud only sees the IP of the reverse proxy**.** Every single log shows the IP of the reverse proxy.
The HTTP header contains the x-forward-for entry with the correct IP address and other services in the Docker Compose are also using that and work correctly. NextCloud ignores it.
My Setup is not that complicated:
vServer with an haproxy → wireguard vpn → homeserver with docker → nextcloud
My nextcloud always sees my HAProxy (vServer) Ip address of 10.10.0.1 while the forwarded header is being sent (already testes via various ways it does defenitely exist and has the correct value at php context inside the nextcloud container). I worked my way up to a solution i dont think is the correct way, since it should be set by the container not by me and is being removed when i recreate the container: If i set
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 10.10.0.1
inside the default vHost of apache inside the docker container. It suddenly works.
My Config for nextcloud does provide the correct trusted_proxies.
And my docker-compose.yml is correct as far as i can see too.
Right at the beginning of the nextcloud log is a message to reload the server (see below in logs), but when doing that another error occurs and since this all stuff the docker image should work out, i didnt inspect further:
root@2f94509ffd1e:/var/www/html# service apache2 reload
Reloading Apache httpd web server: apache2 failed!
The apache2 configtest failed. Not doing anything. ... (warning).
Output of config test was:
[Sat Jan 03 22:02:35.892444 2026] [core:warn] [pid 106:tid 106] AH00111: Config variable ${APACHE_BODY_LIMIT} is not defined
AH00526: Syntax error on line 1 of /etc/apache2/conf-enabled/apache-limits.conf:
LimitRequestBody requires a non-negative integer.
Since i tried all solutions i thought could help and asked chatgpt too, i am now here for professional help and hope you guys could help me. If you need any further information i will do my best to provide it. For now i will just leave the 2 lines in there.
Steps to replicate it (i will try my best):
-
Setup an haproxy
-
Setup Docker
-
Setup Nextcloud via Docker “nextcloud:latest” image
-
Configure Haproxy in HTTP mode to redirect your request to nextcloud and use the forwardfor option (i did run it on the same server before so without the vServer it will use the the local network ip of your server as proxy ip)
-
Configure nextcloud to trust proxies as described here
-
Check the logs when accessing the Nextcloud
- should show the wrong ip
-
Now go into the container and change the 000-default vhost and add the 2 lines from above
-
Do an
service apache restart -
Check the logs when accessing the Nextcloud again
- should show the right ip
Log entries
Nextcloud before “fix”
nextcloud | Conf remoteip disabled.
nextcloud | To activate the new configuration, you need to run:
nextcloud | service apache2 reload
nextcloud | Configuring Redis as session handler
nextcloud | Warning: /var/www/html/config/redis.config.php differs from the latest version of this image at /usr/src/nextcloud/config/redis.config.php
nextcloud | Warning: /var/www/html/config/s3.config.php differs from the latest version of this image at /usr/src/nextcloud/config/s3.config.php
nextcloud | Warning: /var/www/html/config/smtp.config.php differs from the latest version of this image at /usr/src/nextcloud/config/smtp.config.php
nextcloud | Warning: /var/www/html/config/upgrade-disable-web.config.php differs from the latest version of this image at /usr/src/nextcloud/config/upgrade-disable-web.config.php
nextcloud | => Searching for hook scripts (*.sh) to run, located in the folder "/docker-entrypoint-hooks.d/before-starting"
nextcloud | ==> Skipped: the "before-starting" folder is empty (or does not exist)
nextcloud | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.2. Set the 'ServerName' directive globally to suppress this message
nextcloud | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.2. Set the 'ServerName' directive globally to suppress this message
nextcloud | [Sat Jan 03 22:01:43.934467 2026] [mpm_prefork:notice] [pid 1:tid 1] AH00163: Apache/2.4.65 (Debian) PHP/8.3.29 configured -- resuming normal operations
nextcloud | [Sat Jan 03 22:01:43.934499 2026] [core:notice] [pid 1:tid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
nextcloud | 10.10.0.1 - - [03/Jan/2026:22:01:44 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 967 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
nextcloud | 10.10.0.1 - - [03/Jan/2026:22:01:45 +0000] "GET /ocs/v2.php/apps/serverinfo/api/v1//basicdata?format=json HTTP/1.1" 200 983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
nextcloud | 10.10.0.1 - - [03/Jan/2026:22:01:46 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 966 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
nextcloud | 10.10.0.1 - - [03/Jan/2026:22:01:50 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 967 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
nextcloud | 10.10.0.1 - - [03/Jan/2026:22:01:53 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 970 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
Nextcloud after “fix”
nextcloud
| Conf remoteip already disablednextcloud
| Configuring Redis as session handlernextcloud
| Warning: /var/www/html/config/redis.config.php differs from the latest version of this image at /usr/src/nextcloud/config/redis.config.phpnextcloud
| Warning: /var/www/html/config/s3.config.php differs from the latest version of this image at /usr/src/nextcloud/config/s3.config.phpnextcloud
| Warning: /var/www/html/config/smtp.config.php differs from the latest version of this image at /usr/src/nextcloud/config/smtp.config.phpnextcloud
| Warning: /var/www/html/config/upgrade-disable-web.config.php differs from the latest version of this image at /usr/src/nextcloud/config/upgrade-disable-web.config.phpnextcloud
| => Searching for hook scripts (*.sh) to run, located in the folder "/docker-entrypoint-hooks.d/before-starting"nextcloud
| ==> Skipped: the "before-starting" folder is empty (or does not exist)nextcloud
| AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.2. Set the 'ServerName' directive globally to suppress this messagenextcloud
| AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.2. Set the 'ServerName' directive globally to suppress this messagenextcloud
| [Sat Jan 03 22:05:19.867470 2026] [mpm_prefork:notice] [pid 1:tid 1] AH00163: Apache/2.4.65 (Debian) PHP/8.3.29 configured -- resuming normal operationsnextcloud
| [Sat Jan 03 22:05:19.867499 2026] [core:notice] [pid 1:tid 1] AH00094: Command line: 'apache2 -D FOREGROUND'nextcloud
| 109.43.241.137 - - [03/Jan/2026:22:05:21 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 693 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"nextcloud
| 109.43.241.137 - - [03/Jan/2026:22:05:21 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 970 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"nextcloud
| 109.43.241.137 - - [03/Jan/2026:22:05:24 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 970 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"nextcloud
| 109.43.241.137 - - [03/Jan/2026:22:05:25 +0000] "GET /ocs/v2.php/apps/serverinfo/api/v1//basicdata?format=json HTTP/1.1" 200 982 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"nextcloud
| 88.153.182.179 - xxx@gmail.com [03/Jan/2026:22:05:25 +0000] "GET /ocs/v2.php/apps/serverinfo/api/v1/info?format=json&skipUpdate=false&skipApps=false HTTP/1.1" 200 3157 "-" "python-requests/2.32.5"nextcloud
| 109.43.241.137 - - [03/Jan/2026:22:05:26 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 967 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"nextcloud
| 109.43.241.137 - - [03/Jan/2026:22:05:29 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 967 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"nextcloud
| 109.43.241.137 - - [03/Jan/2026:22:05:32 +0000] "GET /apps/serverinfo/update HTTP/1.1" 200 966 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
Reverse Proxy
no log file existing
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"htaccess.RewriteBase": "\/",
"maintenance_window_start": 2,
"trashbin_retention_obligation": "auto, 30",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.atronix.eu",
"cloud.kriebel.tech"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "32.0.3.2",
"overwrite.cli.url": "https:\/\/cloud.atronix.eu",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"overwriteprotocol": "https",
"loglevel": 0,
"theme": "",
"default_phone_region": "DE",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "PLAIN",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpsecure": "ssl",
"app_install_overwrite": [
"bookmarks_fulltextsearch",
"breezedark",
"metadata",
"cfg_share_links",
"unsplash",
"camerarawpreviews",
"extract",
"video_converter",
"duplicatefinder",
"occweb",
"ncdownloader",
"ocdownloader",
"groupfolders",
"files_rightclick",
"transfer",
"caniupdate"
],
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"preview_max_memory": 4096,
"preview_max_filesize_image": -1,
"preview_max_filesize_video": -1,
"preview_max_filesize": -1,
"enabledPreviewProviders": [
"OC\\Preview\\Movie",
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\MP4",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\PDF"
],
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"ncd_admin_settings": {
"disallow_aria2_settings": "0",
"ncd_yt_binary": "\/usr\/local\/bin\/youtube-dl"
},
"integrity.check.disabled": true, //yes its necessary because of another bug / config fail i did not find yet its been here for years by now
"trusted_proxies": array(
'10.10.0.1/24'
),
"forwarded_for_headers": [
"HTTP_X_FORWARDED_FOR"
]
}
Apps
Yes i need to clean up sometime
Enabled:
- admin_audit: 1.22.0
- bruteforcesettings: 5.0.0-dev.0
- calendar: 6.1.3
- camerarawpreviews: 0.8.8
- caniupdate: 0.2.0
- cloud_federation_api: 1.16.0
- dav: 1.34.2
- external: 7.0.0
- federatedfilesharing: 1.22.0
- files: 2.4.0
- files_3dmodelviewer: 0.0.16
- files_downloadlimit: 5.0.0-dev.0
- files_pdfviewer: 5.0.0-dev.0
- files_reminders: 1.5.0
- files_rightclick: 0.15.1
- files_sharing: 1.24.1
- files_trashbin: 1.22.0
- groupfolders: 20.1.6
- logreader: 5.0.0-dev.0
- lookup_server_connector: 1.20.0
- metadata: 0.23.0
- notifications: 5.0.0-dev.0
- oauth2: 1.20.0
- password_policy: 4.0.0-dev.0
- photos: 5.0.0-dev.1
- previewgenerator: 5.11.0
- privacy: 4.0.0-dev.0
- profile: 1.1.0
- provisioning_api: 1.22.0
- recognize: 10.0.7
- related_resources: 3.0.0-dev.0
- serverinfo: 4.0.0-dev.0
- settings: 1.15.1
- sharebymail: 1.22.0
- survey_client: 4.0.0-dev.0
- systemtags: 1.22.0
- text: 6.0.1
- theming: 2.7.0
- transfer: 0.6.3
- twofactor_backupcodes: 1.21.0
- unsplash: 3.1.0
- updatenotification: 1.22.0
- user_status: 1.12.0
- viewer: 5.0.0-dev.0
- webhook_listeners: 1.3.0
- workflowengine: 2.14.0
Disabled:
- activity: 5.0.0-dev.0 (installed 2.19.0)
- app_api: 32.0.0 (installed 32.0.0)
- breezedark: 29.0.0 (installed 29.0.0)
- circles: 32.0.0 (installed 27.0.1)
- cloud_py_api: 0.2.0 (installed 0.2.0)
- comments: 1.22.0 (installed 1.17.0)
- contacts: 8.1.2 (installed 8.1.2)
- contactsinteraction: 1.13.1 (installed 1.8.0)
- dashboard: 7.12.0 (installed 7.1.0)
- encryption: 2.20.0
- federation: 1.22.0 (installed 1.17.0)
- files_external: 1.24.0
- files_markdown: 2.4.1 (installed 2.4.1)
- files_versions: 1.25.0 (installed 1.20.0)
- files_zip: 2.2.0 (installed 2.2.0)
- firstrunwizard: 5.0.0-dev.0 (installed 2.16.0)
- integration_google: 4.3.0 (installed 4.3.0)
- mail: 5.6.5 (installed 5.6.5)
- music: 2.5.1 (installed 2.5.1)
- nextcloud_announcements: 4.0.0-dev.0 (installed 1.10.0)
- recommendations: 5.0.0-dev.0 (installed 1.6.0)
- snappymail: 2.38.2 (installed 2.38.2)
- support: 4.0.0-dev.0 (installed 1.10.0)
- suspicious_login: 10.0.0-dev.0
- twofactor_nextcloud_notification: 6.0.0-dev.0
- twofactor_totp: 14.0.0
- user_ldap: 1.23.0
- video_converter: 1.0.6 (installed 1.0.6)
- weather_status: 1.12.0 (installed 1.1.0)
Docker-Compose
nextcloud:
container_name: nextcloud
image: nextcloud:latest
restart: always
ports:
- 8081:80
links:
- XXXXX (db container name)
volumes:
- /mnt/nas/nextcloud/:/var/www/html/
environment:
- MYSQL_PASSWORD="XXXXXXX"
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=XXXXX
- MYSQL_HOST=XXXXX
- APACHE_DISABLE_REWRITE_IP=1
- TRUSTED_PROXIES=10.10.0.1/24
- OVERWRITEPROTOCOL=https
- PHP_MEMORY_LIMIT=-1
- PHP_UPLOAD_LIMIT=-1
- REDIS_HOST=redis
- REDIS_HOST_PORT=6379
- REDIS_HOST_PASSWORD=XXXXXX