Yet another "how can I get the cloudflare real ip" post

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

The issue you are facing:

Logs show the cloudflared ip, even though I have it in the trusted proxies

Is this the first time you’ve seen this error? (Y/N): N

Steps to replicate it:

  1. Put default nextcloud installation behind cloudflare tunnels
  2. Checks logs

The output of your Nextcloud log in Admin > Logging:

Warning	no app in context	
Login failed: a (Remote IP: 172.19.0.6) 

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'nextcloud_redis',
    'password' => 'REDACTED',
    'port' => 6379,
  ),
  'overwriteprotocol' => 'https',
  'upgrade.disable-web' => true,
  'passwordsalt' => 'REDACTED',
  'secret' => 'REDACTED',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'REDACTED',
  ),
  'forwarded_for_headers' =>
  array (
     0 => 'HTTP_X_FORWARDED-FOR',
     1 => 'HTTP_CF_CONNECTING_IP',
  ),
  'trusted_proxies' =>
  array (
    0 => '172.19.0.9/16',
    1 => '103.21.244.0/22',
    2 => '103.22.200.0/22',
    3 => '103.31.4.0/22',
    4 => '141.101.64.0/18',
    5 => '108.162.192.0/18',
    6 => '190.93.240.0/20',
    7 => '188.114.96.0/20',
    8 => '197.234.240.0/22',
    9 => '198.41.128.0/17',
    10 => '162.158.0.0/15',
    11 => '104.16.0.0/13',
    12 => '104.24.0.0/14',
    13 => '172.64.0.0/13',
    14 => '131.0.72.0/22',
    15 => '192.168.1.1/24',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '29.0.4.1',
  'overwrite.cli.url' => 'https://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud_mariadb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'REDACTED',
  'dbpassword' => 'REDACTED',
  'installed' => true,
  'instanceid' => 'REDACTED',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'no-reply',
  'mail_domain' => 'REDACTED',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'REDACTED',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'REDACTED',
  'mail_smtppassword' => 'REDACTED',
  'maintenance_window_start' => 3,
  'loglevel' => 2,
  'maintenance' => false,
  'mail_smtpsecure' => 'ssl',
);

The output of your Apache/nginx/system log in /var/log/____:

Configuring Redis as session handler
=> Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/before-starting
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.7. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.7. Set the 'ServerName' directive globally to suppress this message
[Wed Aug 14 02:58:26.358331 2024] [mpm_prefork:notice] [pid 1:tid 1] AH00163: Apache/2.4.61 (Debian) PHP/8.2.22 configured -- resuming normal operations
[Wed Aug 14 02:58:26.358393 2024] [core:notice] [pid 1:tid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
172.19.0.6 - - [14/Aug/2024:02:58:44 +0100] "GET /apps/logreader/api/poll?lastReqId=EeaQR1AbcxxREYfi24Ur HTTP/1.1" 412 1189 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:44 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 1456 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:46 +0100] "GET /csrftoken HTTP/1.1" 200 892 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:46 +0100] "GET /settings/admin/logging HTTP/1.1" 200 14304 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:47 +0100] "GET /apps/firstrunwizard/js/firstrunwizard-about.mjs?v=b1ecf772-5 HTTP/1.1" 200 1095 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:47 +0100] "GET /core/img/clients/phone.svg HTTP/1.1" 200 865 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:47 +0100] "GET /apps/theming/img/accessibility-dark.svg HTTP/1.1" 200 858 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:47 +0100] "GET /apps/notifications/img/notifications-dark.svg HTTP/1.1" 200 803 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:47 +0100] "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1" 200 6687 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:48 +0100] "GET /ocs/v2.php/search/providers?from=%2Fsettings%2Fadmin%2Flogging HTTP/1.1" 200 1293 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:48 +0100] "GET /apps/logreader/api/log?offset=0&query= HTTP/1.1" 200 10707 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:48 +0100] "POST /contactsmenu/contacts HTTP/1.1" 200 822 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:48 +0100] "GET /ocs/v2.php/apps/user_status/api/v1/user_status HTTP/1.1" 200 920 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:48 +0100] "PUT /ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json HTTP/1.1" 200 920 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:48 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 1249 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"
172.19.0.6 - - [14/Aug/2024:02:58:48 +0100] "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1" 200 6687 "-" "Mozilla/5.0 (Android 14; Mobile; rv:129.0) Gecko/129.0 Firefox/129.0"

Even though I already had tried this:

I made it works following it, here is my file:

RemoteIPHeader CF-Connecting-IP
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 172.19.0.9/16
1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.