1

For some reason my Owncloud container behind an Nginx reverse proxy is not logging the remote client IP but the Nginx IP. Please check below my config files for Nginx. I've tried multiple solutions modifying the Nginx proxy_set_headers directives without success.

The Nginx server is correctly sending the headers to the Owncloud server:

  "HTTP Headers Information": {
        "HTTP Request": "GET \/apps\/configreport\/report HTTP\/1.1",
        "X-Real-IP": "CLIENT_IP",
        "X-Forwarded-For": "CLIENT_IP",
        "X-Forwarded-Proto": "https",
        "X-Forwarded-Host": "mydomain:port",
        "X-Forwarded-Ssl": "on",

However, the REMOTE_ADDR var in the Apache environment is being set to the Nginx server IP.

I tried the RemoteIP module loaded in the Owncloud docker image but the Nginx IP still gets logged.

Any ideas?

Nginx.conf:

server {
listen 8989 ssl;
listen [::]:8989 ssl;

server_name _;

add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
include /config/nginx/ssl.conf;

client_max_body_size 0;

server_tokens off;
more_clear_headers Server;

location / {
    proxy_pass http://owncloud:8080;
    include /config/nginx/proxy.conf;
}
}

Proxy.conf:

client_body_buffer_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
ascub
  • 11
  • 3
  • Your nginx configuration is fine. You need to be looking at your Apache configuration. Or just get rid of Apache and have nginx serve nextcloud directly. – Michael Hampton May 24 '19 at 16:22
  • I've manage to catch the real IP by changing the log format of Apache to `LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\ " combine`. Is there a way not to re-built the docker Owncloud image in order to make this change permanent? – ascub May 24 '19 at 17:52
  • Oops, I missed the bit about using a Docker container. You're probably screwed then. – Michael Hampton May 25 '19 at 17:55

1 Answers1

0

I've manage to catch the real IP by changing the log format of Apache to 

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\ " combine
ascub
  • 11
  • 3