Correctly Forwarding Real IP Addresses to Nextcloud via Nginx Proxy Manager

Networking
, , ,
1

When you run Nextcloud behind a reverse proxy like Nginx Proxy Manager (NPM), Nextcloud’s logs will often show the IP address of the proxy server itself rather than the actual IP address of the end-user. This can render security features like brute-force protection and audit logging ineffective.

This guide provides two methods to configure Nginx Proxy Manager and Nextcloud to ensure the correct user IP address is always forwarded.

Step 1: Configure Nextcloud to Trust the Proxy

This step is mandatory regardless of which NPM configuration method you choose below. You must tell Nextcloud to trust requests coming from your Nginx Proxy Manager instance.

  1. Log in to your Nextcloud server’s command line, for example, via SSH.

  2. Open your config.php file for editing. The path is typically /var/www/nextcloud/config/config.php, but it may vary depending on your installation.

    Bash

    sudo nano /var/www/nextcloud/config/config.php

  3. Add the trusted_proxies parameter to the configuration array. Replace 192.168.1.150 with the actual IP address of your Nginx Proxy Manager server.

    PHP

    'trusted_proxies' => ['192.168.1.150'],

  4. Optional: The original discussion mentions adding a 'forwarded_for_headers' line. However, Nextcloud uses the standard X-Forwarded-For header by default, so this line is usually not necessary. Only add the following if you still have issues after completing the other steps:

    PHP

    'forwarded_for_headers' => ['HTTP_X_FORWARDED_FOR'],

  5. Save the file and exit the editor (in nano, press Ctrl+X, then Y, then Enter).

Step 2: Configure Nginx Proxy Manager (Choose One Method)

You only need to follow one of the two methods below to configure NPM to send the correct IP headers. Method A is generally recommended for its simplicity.

Method A: Using the NPM Web Interface (Recommended)

This method uses the advanced settings for a specific proxy host.

  1. Log in to your Nginx Proxy Manager web portal.

  2. Navigate to Hosts > Proxy Hosts.

  3. Find your Nextcloud host in the list and click the three-dot menu on the right, then select Edit.

  4. In the Edit Proxy Host window, click on the Advanced tab.

  5. In the Custom Nginx Configuration text box, add the following lines:

    Nginx

    proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    Note: Using $proxy_add_x_forwarded_for is best practice as it correctly appends IP addresses if there are multiple proxies in the chain.

  6. Click the Save button.

Method B: Using a Custom Configuration File (Advanced)

This method creates a global proxy configuration file that can be applied to multiple hosts.

  1. Access the file system where your Nginx Proxy Manager data is stored.

  2. Navigate to the Nginx configuration directory, which is typically located at .../data/nginx/.

  3. Inside this directory, you should see a proxy_host folder. Go into it.

  4. Look for or create a folder named conf.d.

  5. Inside the .../nginx/proxy_host/conf.d/ folder, create a new file named proxy.conf.

  6. Add the following content to your new proxy.conf file:

    Nginx

    proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  7. Save the file. You may need to restart your Nginx Proxy Manager container for the change to be loaded.

Conclusion

After completing Step 1 and one of the methods in Step 2, your Nginx Proxy Manager will correctly forward visitor IPs, and your Nextcloud instance will trust and log them. You can verify this by checking the nextcloud.log file or the “Logging” section in your Nextcloud admin settings after a failed login attempt. The IP address shown should now be the real external IP, not your proxy’s local IP.