Closed bjo81 closed 2 years ago
trusted_proxies
must be an array.
Maybe it was a c&p error, config:list system
redacted it.
In config.php
it is:
'trusted_proxies' =>
array (
0 => '172.x.0.0/16',
),
Additionaly the environment contains ` TRUSTED_PROXIES='[172.x.y.1,172.x.y.2,172.x.y.3]', so due to
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}
in config/reverse-proxy.config.php
the configured array should be correct.
The trusted_proxies
part from config:list system --private
:
"trusted_proxies": [
"[172.x.y.3,172.x.y.2,172.x.y.1]"
],
Ok it was just a hint; in my setup, behind 2 proxies (yeah) the client IP is correctly outputted. But I'm using PROXY Protocol, maybe it helps.
We have another setup with nginx proxy where everything is fine. That makes it it much more confusing, as also in this case now the logged IP is also the trusted_proxies
array and according to the header HTTP_X_FORWARDED_FOR
has the external IP. The docs say that the default is HTTP_X_FORWARDED_FOR
, so this should work.
Comparing the setup showed: TRUSTED_PROXIES
shouldn't be an array in [], the function from config/reverse-proxy.config.php
converts it itself into an array.
⚠️ Before submitting, please verify the following: ⚠️
Bug description
I'm running a docker-container based on alpine with nginx and php-fpm. A Traefik in front of the setup forwards the : HTTP_X_FORWARDED_FOR header correctly, e.g. the nginx inside the container logs the correct IP and a phpinfo() also shows the correct one. But nextcloud ignores it and logs the IP of the traefik container which is a trusted proxy IP.
Steps to reproduce
Expected behavior
The correct external IP is recognized.
Installation method
Other
Operating system
Other
PHP engine version
PHP 7.4
Web server
Nginx
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
Fresh Nextcloud Server install
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
Are you using an external user-backend?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
nginx log from the container:
Headers which should be also seen by Nextcloud:![headers](https://user-images.githubusercontent.com/1674578/151176942-75341aba-12e1-497a-b93e-2a773c7e3ffd.png)