i,m running my first ns8 cluster with wordpress behind a external reverse proxy.
i have noticed that al traffic comes from the proxy server and wordfence is complaining about the fact not resolving the right ip’s.
In the config of traefik i cannot find the configuration for forwarding headers.
More people experiencing the same?
Hello @jgelauff welcome back to Nethserver community.
What external proxy are you using?
How did you install your WordPress, though the App on software center, or through the web server app?
the issue seems to be known:
1 Like
Thanks both for raising the issue (and for adding the card reference here)!
Any progress here, or does someone know how to manually configure the trusted IP for forwarding headers in traefik?
I would like to use NS8 behind another reverse proxy and this issue seems to basically block it.
Thank you!
1 Like
It would be nice if this could be fixed, I have the same issue with an Nextcloud instance.
Not sure who is going to play nice. It seems more and more you have to pay to get ‘nice’, YMMV’
i have modified /home/traefik*/.config/state/traefik.yaml and added the bold lines. for now it’ s working for me.
entryPoints:
http:
address: “:80”
forwardedHeaders:
trustedIPs: ip of proxy
https:
address: “:443”
forwardedHeaders:
trustedIPs: ip of proxy
2 Likes
Thanks.
This is working for me, but I will do some testing
Hopely this can me added to the UI as a setting
entryPoints:
http:
address: ":80"
forwardedHeaders:
trustedIPs:
- "192.168.1.1"
- "127.0.0.1/24"
https:
address: ":443"
forwardedHeaders:
trustedIPs:
- "192.168.1.1"
- "127.0.0.1/24"
With Nextcloud the forwarded IP is not visible in the logs
I still see 127.0.0.1 as IP when a user connects
I’m not running nextcloud yet on ns8 but do you have also configured trusted proxies in the nextcloud config?
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html
1 Like
The traefik log is showing the correct forwarded IP, but the Nextcloud not.
I think is because it is a dockered ssytem ?
2024-11-10T10:57:45+01:00 [1:nextcloud1:nextcloud-app] 127.0.0.1 - 10/Nov/2024:09:57:45 +0000 "GET /index.php" 303
2024-11-10T10:57:45+01:00 [1:traefik1:traefik] 192.168.1.228 - - [10/Nov/2024:09:57:45 +0000] "GET /core/preview?fileId=704&x=32&y=32&mimeFallback=true&a=0 HTTP/1.1" 303 0 "-" "-" 1241 "nextcloud1-https@file" "http://127.0.0.1:20017" 173ms
2024-11-10T10:57:45+01:00 [1:traefik1:traefik] 192.168.1.228 - - [10/Nov/2024:09:57:45 +0000] "GET /core/preview?fileId=705&x=32&y=32&mimeFallback=true&a=0 HTTP/1.1" 303 0 "-" "-" 1240 "nextcloud1-https@file" "http://127.0.0.1:20017" 174ms
2024-11-10T10:57:45+01:00 [1:traefik1:traefik] 192.168.1.228 - - [10/Nov/2024:09:57:45 +0000] "GET /core/img/filetypes/application-pdf.svg HTTP/1.1" 200 564 "-" "-" 1247 "nextcloud1-https@file" "http://127.0.0.1:20017" 1ms
2024-11-10T10:57:45+01:00 [1:nextcloud1:nextcloud-app] 127.0.0.1 - 10/Nov/2024:09:57:45 +0000 "GET /index.php" 303
2024-11-10T10:57:45+01:00 [1:nextcloud1:nextcloud-app] 127.0.0.1 - 10/Nov/2024:09:57:45 +0000 "GET /index.php" 303
crowdsec is working and banning since i changed traefik.yaml
i installed a new cluster with nextcloud as app. I noticed that nextcloud is logging the right ip if there is a wrong login attempt. I wil look into it further (next week) because i want to migrate from ns7
2024-11-10T17:37:55+01:00 [1:nextcloud2:nextcloud-app] NOTICE: PHP message: [nextcloud][no app in context][2] {"reqId":"Ng974RyRbd2jsRX9NUS4","level":2,"time":"2024-11-10T16:37:55+00:00","remoteAddr":"92.60.40.204","user":"--","app":"no app in context","method":"POST","url":"/login","message":"Login failed: admin (Remote IP: 92.60.40.204)","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0","version":"28.0.9.1","data":[]}
2024-11-10T17:37:58+01:00 [1:nextcloud2:nextcloud-app] 127.0.0.1 - 10/Nov/2024:16:37:53 +0000 "POST /index.php" 303
2024-11-10T17:37:59+01:00 [1:nextcloud2:nextcloud-app] 127.0.0.1 - 10/Nov/2024:16:37:59 +0000 "GET /index.php" 200
Nobody with nethsecurity as proxy experiencing the same?
I’m using Nethsecurity as proxy.
I see the login attempts in nextcloud log
2024-11-10T18:20:26+01:00 [1:nextcloud1:nextcloud-app] NOTICE: PHP message: [nextcloud][user_ldap][2] {"reqId":"CQri2pD5dOrLXEswBX9r","level":2,"time":"2024-11-10T17:20:26+00:00","remoteAddr":"77.63.5.25","user":"--","app":"user_ldap","method":"POST","url":"/login","message":"Bind failed: 49: Invalid credentials","userAgent":"Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1","version":"28.0.9.1","data":{"app":"user_ldap"}}
2024-11-10T18:20:26+01:00 [1:nextcloud1:nextcloud-app] NOTICE: PHP message: [nextcloud][user_ldap][2] {"reqId":"CQri2pD5dOrLXEswBX9r","level":2,"time":"2024-11-10T17:20:26+00:00","remoteAddr":"77.63.5.25","user":"--","app":"user_ldap","method":"POST","url":"/login","message":"Bind failed: 49: Invalid credentials","userAgent":"Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1","version":"28.0.9.1","data":{"app":"user_ldap"}}
2024-11-10T18:20:26+01:00 [1:nextcloud1:nextcloud-app] NOTICE: PHP message: [nextcloud][no app in context][2] {"reqId":"CQri2pD5dOrLXEswBX9r","level":2,"time":"2024-11-10T17:20:26+00:00","remoteAddr":"77.63.5.25","user":"--","app":"no app in context","method":"POST","url":"/login","message":"Login failed: patrick (Remote IP: 77.63.5.25)","userAgent":"Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/131.0.6778.31 Mobile/15E148 Safari/604.1","version":"28.0.9.1","data":[]}
Tried a few time to login with wrong password, but Crowdsec is not blocking the IP
i have no luck so far, tried different settings in nginx and nextcloud but nextcloud logs only 127.0.0.1 except failed login. Alsof changed trusted proxies settings in ns config to an array. But we investigate further.