Issue resolving remote host address with ingress and traefik - reverse natted.

[gthieleb]

Describe your Issue

I am having an error resolving the remote address. My setup is in my homelab on a qnap NAS using a nondefault port for ingres (nginx)/lb (traefik) and natted from outside using the same port.

Logs and Errors

kubectl logs qnap-ingress-nginx-controller-5ff4b97fc9-9xdrj

10.42.0.1 - - [25/Oct/2023:08:50:47 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" 76 0.059 [qnap-qnap-nextcloud-8080] [] 10.42.0.150:80 0 0.059 304 3970f49168104552ac2de7789adb3616
10.42.0.1 - - [25/Oct/2023:08:51:17 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" 76 0.080 [qnap-qnap-nextcloud-8080] [] 10.42.0.150:80 0 0.080 304 c45ae73a52938eff57c6ae9c1437f738

Error message

Es gibt einige Fehler bei deiner Systemkonfiguration.

    Your remote address was identified as "10.42.0.1" and is bruteforce throttled at the moment slowing down the performance of various requests. If the remote address is not your address this can be an indication that a proxy is not configured correctly. Further information can be found in the [documentation ↗](https://docs.nextcloud.com/server/27/go.php?to=admin-reverse-proxy).

Describe your Environment

• Kubernetes distribution:

k3s 1.21 (shipped with qnap)

Chart.yaml:

  - name: nextcloud
    version: 4.3.5
    repository: https://nextcloud.github.io/helm/
    condition: nextcloud.enabled

• Helm Version (or App that manages helm):

• Helm Chart Version:

• values.yaml:

nextcloud: image: flavor: fpm nginx: enabled: true enabled: true nextcloud: host: example.com env: NEXTCLOUD_TRUSTED_DOMAINS: "example.com" configs: custom.config.php: |- <?php $CONFIG = array ( 'default_phone_region' => 'DE', 'trusted_proxies' => array( 0 => '127.0.0.1', 1 => '10.0.0.0/8' ), 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'), ); internalDatabase: enabled: false externalDatabase: enabled: true type: postgresql postgresql: enabled: true primary: persistence: enabled: true persistence: enabled: true nextcloudData: enabled: true size: 32Gi # Can be extended later phpClientHttpsFix: enabled: true protocol: https ingress: enabled: true className: nginx tls:

• hosts:

  • ---

    annotations: nginx.ingress.kubernetes.io/proxy-body-size: 4G kubernetes.io/tls-acme: "false" cert-manager.io/cluster-issuer: letsencrypt-stage nginx.ingress.kubernetes.io/enable-cors: "false" nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" nginx.ingress.kubernetes.io/server-snippet: |- proxy_hide_header X-Powered-By; rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;

    rewrite ^/.well-known/caldav /remote.php/dav/ redirect; rewrite ^/.well-known/carddav /remote.php/dav/ redirect;

Additional context, if any

[jessebot]

I haven't used nextcloud with traefik yet, so I've set this to "help wanted" for others in the community to give their experience. Some minor follow up questions though:

• Does the initial installation of nextcloud come up at all?
• are you using this brute force settings app? I think it may be a default app. If it's installed, and you can enable it, I found this thread, and in particular, this comment that may help you.

[OneMoreByte]

Don't traefik and nginx-ingress both manage ingresses? Are you having traefik route into nginx-ingress and then into the services?