Your “trusted_proxies” setting is not correctly set, it should be an array of IP addresses - optionally with range in CIDR notation

SHA_ndy · January 23, 2025, 5:16pm

Hi all,
I face a problem with my trusted_proxies array.
In config.php I find the array with strange error messages. I have AdGuardHome setup as DNS server in my router. The IP address of the AdGuardHome machine is showing in the trusted_proxies array. That server has some downtime from time to time for servicing reasons and can’t be reached then.
But how is this related to the trusted_proxies entry in config.php?? All entries here are auto-generated and not set manually.

occ config:system:get trusted_proxies

127.0.0.1
::1
;; communications error to 192.168.188.23#53: connection refused
;; communications error to 192.168.188.23#53: connection refused
;; communications error to 192.168.188.23#53: connection refused
;; communications error to 2481:7e8:af80:2211:a00:28ff:fee2:bee0#53: timed out
;; no servers could be reached

Thanks!

NC Version: 30.0.5
Operating system and version: Debian 12.9
Web server and version: Apache 2.4
PHP 8.3
Is this the first time you’ve seen this error? Yes
When did this problem seem to first start? When my AdGuard DNS server was down and Nextcloud was updated to newer minor version
Installation method: NCP
Are you using Cloudflare, mod_security, or similar? No

Summary of the issue:

Trusted_proxies array in config.php has strange entries related to the IP address of the AdGuard DNS server.

Config.php contents:

<?php
$CONFIG = array (
  'passwordsalt' => 'removed',
  'secret' => 'removed',
  'trusted_domains' => 
  array (
    0 => '127.0.0.1',
    1 => '192.168.188.24',
    2 => 'removed',
    11 => 'removed',
    3 => 'nextcloudpi',
    14 => 'nextcloudpi',
  ),
  'datadirectory' => '/media/Nextcloud_Data/Data',
  'dbtype' => 'mysql',
  'version' => '30.0.5.1',
  'overwrite.cli.url' => 'https://nextcloudpi/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'ncadmin',
  'dbpassword' => 'removed',
  'installed' => true,
  'instanceid' => 'oclaqn5ofjmm',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
    'password' => 'removed',
  ),
  'tempdirectory' => '/media/Nextcloud_Data/Data/tmp',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_domain' => 'removed',
  'preview_max_x' => 2048,
  'preview_max_y' => 2048,
  'jpeg_quality' => 60,
  'overwriteprotocol' => 'https',
  'loglevel' => 2,
  'log_type' => 'file',
  'maintenance' => false,
  'theme' => '',
  'logfile' => '/media/Nextcloud_Data/Data/nextcloud.log',
  'data-fingerprint' => 'removed',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_smtphost' => 'removed',
  'mail_smtpauth' => 1,
  'mail_smtpport' => '465',
  'mail_smtpname' => 'removed',
  'mail_smtppassword' => 'removed',
  'mail_from_address' => 'nextcloud_on_odroid',
  'default_language' => 'de',
  'default_phone_region' => 'DE',
  'app_install_overwrite' => 
  array (
    0 => 'occweb',
    1 => 'sensorlogger',
    2 => 'riotchat',
    3 => 'news',
    4 => 'files_rightclick',
    5 => 'extract',
  ),
  'trusted_proxies' => 
  array (
    11 => '127.0.0.1',
    12 => '::1',
    14 => ';; communications error to 192.168.188.23#53: connection refused
;; communications error to 192.168.188.23#53: connection refused
;; communications error to 192.168.188.23#53: connection refused
;; communications error to 2481:7e8:af80:2211:a00:28ff:fee2:bee0#53: timed out
;; no servers could be reached',
  ),
  'maintenance_window_start' => 1,
  'memories.db.triggers.fcu' => true,
  'memories.exiftool' => '/var/www/nextcloud/apps/memories/bin-ext/exiftool-amd64-glibc',
  'memories.vod.path' => '/var/www/nextcloud/apps/memories/bin-ext/go-vod-amd64',
  'memories.gis_type' => 1,
  'allow_local_remote_servers' => true,
);

tflidd · January 26, 2025, 10:34pm

Why do you put a DNS into your trusted proxies? Is this what you did?

If you use a reverse proxy, you put this reverse proxie’s ip into it.

SHA_ndy · January 27, 2025, 5:41am

Hey tflidd,
I never touched this file manually. All entries here are automatically generated by ???. I wonder why comments are inserted here.

tflidd · January 27, 2025, 8:19am

If you don’t give more details how you installed Nextcloud, we cannot tell you either. We have a template for new questions so you do not forget details that might be important to help you: Support template. Please use this when you request support

benji · February 12, 2025, 6:12am

Just saw the exact same error in my NextCloud Admin Overview.
My NextCloudPi installation has been running just about fine for some time. I had some trouble with PHP version and dependencies after some upgrades a few months ago but it should all have been fixed.
Here is a backup of my config from when I last edited it a few months ago:

  'trusted_proxies' =>
  array (
    11 => '127.0.0.1',
    12 => '::1',
    13 => '192.168.1.5',
  ),

And now it looks like this:

  'trusted_proxies' => 
  array (
    11 => '127.0.0.1',
    12 => '::1',
    13 => '192.168.1.5',
    14 => ';; communications error to 192.168.1.53#53: timed out
;; communications error to 192.168.1.53#53: timed out
;; communications error to 192.168.1.53#53: timed out
;; no servers could be reached',
  ),

The last edit timestamp of this config file (2025-01-29 15:45:57.279325939) coincides exactly with a totally random crash of NextCloud which I initially attributed to a usual “Redis socket went away” issue I had multiple times a day with the previously mentioned PHP version/dependencies issue(s) so I just restarted the LXC and it seemed to have fixed NextCloud as it used to. However looking at the logs now, it looks quite different. I have a monitor so I saw nextcloud was down and instantly acted on it but I did not have time to investigate further after doing the restart. By the way, I am fairly certain that, right after the restart, the Admin Overview did not show any problems other than the recent log errors from the crash (should have shown that “trusted_proxies” issue!).

There is nothing out of the ordinary in my PiHole DNS logs (usual amount of requests coming from other devices and services with no interruption).

One thing to note is I changed hardware (and nic) two days prior but everything went smoothly and NextCloud works fine (with the exception of this crash).

Nextcloud Server version: 29.0.7.1
Operating system: Debian GNU/Linux 12 (bookworm)
Web server: Apache 2.4.62
Reverse proxy: NPM 2.11.3
PHP version: 8.2.26
Is this the first time you’ve seen this error? Yes
Installation method: NextCloudPi
Cloudflare, mod_security, or similar? No

occ app:list

Enabled: - activity: 2.21.1 - admin_audit: 1.19.0 - bruteforcesettings: 2.9.0 - calendar: 4.7.16 - circles: 29.0.0-dev - cloud_federation_api: 1.12.0 - comments: 1.19.0 - contacts: 6.0.2 - contactsinteraction: 1.10.0 - dashboard: 7.9.0 - dav: 1.30.1 - deck: 1.13.3 - federatedfilesharing: 1.19.0 - federation: 1.19.0 - files: 2.1.1 - files_downloadlimit: 2.0.0 - files_external: 1.21.0 - files_pdfviewer: 2.10.0 - files_reminders: 1.2.0 - files_sharing: 1.21.0 - files_trashbin: 1.19.0 - files_versions: 1.22.0 - firstrunwizard: 2.18.0 - groupfolders: 17.0.9 - logreader: 2.14.0 - lookup_server_connector: 1.17.0 - mail: 3.7.19 - news: 25.2.0 - nextcloud_announcements: 1.18.0 - notes: 4.11.0 - notifications: 2.17.0 - notify_push: 1.0.0 - oauth2: 1.17.1 - password_policy: 1.19.0 - photos: 2.5.0 - privacy: 1.13.0 - provisioning_api: 1.19.0 - recommendations: 2.1.0 - related_resources: 1.4.0 - serverinfo: 1.19.0 - settings: 1.12.0 - sharebymail: 1.19.0 - support: 1.12.0 - survey_client: 1.17.0 - suspicious_login: 7.0.0 - systemtags: 1.19.0 - tasks: 0.16.1 - text: 3.10.1 - theming: 2.4.0 - theming_customcss: 1.18.0 - twofactor_backupcodes: 1.18.0 - twofactor_totp: 11.0.0-dev - viewer: 2.3.0 - weather_status: 1.9.0 - workflowengine: 2.11.0 Disabled: - encryption: 2.17.0 - files_rightclick: 0.15.1 (installed 1.6.0) - nextcloudpi: 0.0.2 (installed 0.0.1) - previewgenerator: 99.99.99 (installed 99.99.99) - richdocuments: 8.4.9 (installed 8.4.9) - richdocumentscode: 24.4.1103 (installed 24.4.1103) - updatenotification: 1.19.1 (installed 1.16.0) - user_ldap: 1.20.0 - user_status: 1.9.0 (installed 1.6.0)

Gist of my NextCloud server journalctl: nextcloud-journal.log · GitHub