helm
helm copied to clipboard
Published
20 hours ago •
nextcloud
nextcloud
Issue resolving remote host address with ingress and traefik - reverse natted.
Describe your Issue
I am having an error resolving the remote address. My setup is in my homelab on a qnap NAS using a nondefault port for ingres (nginx)/lb (traefik) and natted from outside using the same port.
Logs and Errors
kubectl logs qnap-ingress-nginx-controller-5ff4b97fc9-9xdrj
10.42.0.1 - - [25/Oct/2023:08:50:47 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" 76 0.059 [qnap-qnap-nextcloud-8080] [] 10.42.0.150:80 0 0.059 304 3970f49168104552ac2de7789adb3616
10.42.0.1 - - [25/Oct/2023:08:51:17 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" 76 0.080 [qnap-qnap-nextcloud-8080] [] 10.42.0.150:80 0 0.080 304 c45ae73a52938eff57c6ae9c1437f738
Error message
Es gibt einige Fehler bei deiner Systemkonfiguration.
Your remote address was identified as "10.42.0.1" and is bruteforce throttled at the moment slowing down the performance of various requests. If the remote address is not your address this can be an indication that a proxy is not configured correctly. Further information can be found in the [documentation ↗](https://docs.nextcloud.com/server/27/go.php?to=admin-reverse-proxy).
Describe your Environment
- Kubernetes distribution:
k3s 1.21 (shipped with qnap)
Chart.yaml:
- name: nextcloud
version: 4.3.5
repository: https://nextcloud.github.io/helm/
condition: nextcloud.enabled
-
Helm Version (or App that manages helm):
-
Helm Chart Version:
-
values.yaml:
nextcloud:
image:
flavor: fpm
nginx:
enabled: true
enabled: true
nextcloud:
host: example.com
env:
NEXTCLOUD_TRUSTED_DOMAINS: "example.com"
configs:
custom.config.php: |-
<?php
$CONFIG = array (
'default_phone_region' => 'DE',
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8'
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
postgresql:
enabled: true
primary:
persistence:
enabled: true
persistence:
enabled: true
nextcloudData:
enabled: true
size: 32Gi # Can be extended later
phpClientHttpsFix:
enabled: true
protocol: https
ingress:
enabled: true
className: nginx
tls:
- hosts:
- ************
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 4G
kubernetes.io/tls-acme: "false"
cert-manager.io/cluster-issuer: letsencrypt-stage
nginx.ingress.kubernetes.io/enable-cors: "false"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
nginx.ingress.kubernetes.io/server-snippet: |-
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
rewrite ^/\.well-known/caldav /remote.php/dav/ redirect;
rewrite ^/\.well-known/carddav /remote.php/dav/ redirect;
Additional context, if any
I haven't used nextcloud with traefik yet, so I've set this to "help wanted" for others in the community to give their experience. Some minor follow up questions though:
- Does the initial installation of nextcloud come up at all?
- are you using this brute force settings app? I think it may be a default app. If it's installed, and you can enable it, I found this thread, and in particular, this comment that may help you.
Don't traefik and nginx-ingress both manage ingresses? Are you having traefik route into nginx-ingress and then into the services?
