[Bug]: 'Your "trusted_proxies" setting is not correctly set, it should be an array of IP addresses' error, regardless of settings

june012006 commented 2 months ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

Fresh install of nextcloud 29.0.4-fpm w/ nginx webserver, using traefik as reverse proxy. Regardless of whether I use environment variable TRUSTED_PROXIES, or the occ command to set, and regardless of whether I'm using the container name, which should be supported by the reverse-proxy.config.php file, the specific docker IP of the traefik container, or the entire range of the docker network, I continue to receive the error 'Your "trusted_proxies" setting is not correctly set, it should be an array of IP addresses' error, regardless of settings. I also use the occ config commands to confirm that it is set, whichever method I use

Steps to reproduce

Set TRUSTED_PROXIES=traefik #container name
Error
Set TRUSTED_PROXIES=XXX.XXX.XXX.XXX #traefik IP address
Error
unset TRUSTED_PROXIES and set IP address of traefik container via php occ command
Error
Repeat 3 and or 5 with a CIDR range, to experience the same results

Expected behavior

At least one of the methods should result in no error

Installation method

Community Docker image

Nextcloud Server version

29

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Nginx

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[X] SSO - SAML
[ ] Other

Configuration report

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "upgrade.disable-web": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.MyDomain.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "29.0.4.1",
        "overwrite.cli.url": "https:\/\/nextcloud.MyDomain.com",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "default_phone_region": "US",
        "maintenance_window_start": 1,
        "overwritehost": "traefik",
        "overwriteprotocol": "https",
        "allow_local_remote_servers": "true",
        "forwarded_for_headers": [
            "HTTP_X_FORWARDED_FOR"
        ],
        "overwritecondaddr": "172.23.0.3"
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - bruteforcesettings: 2.9.0
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contactsinteraction: 1.10.0
  - dashboard: 7.9.0
  - dav: 1.30.1
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_downloadlimit: 2.0.0
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - nextcloud_announcements: 1.18.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - photos: 2.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - support: 1.12.0
  - survey_client: 1.17.0
  - systemtags: 1.19.0
  - text: 3.10.1
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - updatenotification: 1.19.1
  - user_oidc: 6.0.1
  - user_status: 1.9.0
  - viewer: 2.3.0
  - weather_status: 1.9.0
  - workflowengine: 2.11.0
Disabled:
  - admin_audit: 1.19.0
  - encryption: 2.17.0
  - files_external: 1.21.0
  - suspicious_login: 7.0.0
  - twofactor_totp: 11.0.0-dev
  - user_ldap: 1.20.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

No response

susnux commented 2 months ago

Set TRUSTED_PROXIES=traefik #container name

This does not work as only IP addresses work (there is a dirty work around using gethostbyname inside the config.php but only applicable if you really trust your DNS).

unset TRUSTED_PROXIES and set IP address of traefik container via php occ command

Could you please provide the config report for this and also the full error message from the logs?

kesselb commented 2 months ago

Thank you for taking the time to report a problem :+1:

As this seems to be a setup issue, I would like to ask you to raise your question at https://help.nextcloud.com or https://github.com/nextcloud/docker

nextcloud / server