Localhost proxy setup not working according to setup wizard

[hendrik-donner]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

---

Steps to reproduce

1. Setup systemd service and enable/start program
2. Configure reverse proxy in Apache and restart Apache
3. Enable app and start occ notify_push:setup <url>

Expected behaviour

It should work

Actual behaviour

occ notify_push:setup <url>
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
🗴 push server is not a trusted proxy by Nextcloud or another proxy in the chain.
  Nextcloud resolved the following client address for the test request: "<external ipv6>" instead of the expected "1.2.3.4" test value.
  The following trusted proxies are currently configured: "127.0.0.1", "::1"
  The following x-forwarded-for header was received by Nextcloud: "1.2.3.4"
    from the following remote: <external ipv6>

  <external ipv6> is not a trusted as a reverse proxy by Nextcloud
  See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies for how to add trusted proxies.

  If you're having issues getting the trusted proxy setup working, you can try bypassing any existing reverse proxy
  in your setup by setting the `NEXTCLOUD_URL` environment variable to point directly to the internal Nextcloud webserver url
  (You will still need the ip address of the push server added as trusted proxy)

Now searching through similar issues, i learned that the test is basically:

curl -H 'x-forwarded-for: 1.2.3.4' https://<url>/index.php/apps/notify_push/test/remote

And that returns my external IPv6.

What works:

curl --interface localhost -H 'x-forwarded-for: 1.2.3.4' https://<url>/index.php/apps/notify_push/test/remote
1.2.3.4

So it should work if the source address is actually localhost.

Now:

occ notify_push:self-test
no push server configured

Not sure how to check if it is actually working, i tried to raise the log level but nothing in the Nextcloud log nor journalctl. I assume the app logs into the Nextcloud log.

My config.php has:

'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    1 => '::1',
  ),

Apache config has the proxy config from the README in my Nextcloud vhost:

    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/

No other proxies involved.

Systemd Unit is from Arch Linux pkg:

systemctl cat nextcloud-app-notify_push
# /usr/lib/systemd/system/nextcloud-app-notify_push.service
[Unit]
Description = Push daemon for Nextcloud clients

[Service]
Environment = PORT=7867 BIND=127.0.0.1
ExecStart = /usr/share/webapps/nextcloud/apps/notify_push/bin/x86_64/notify_push /etc/webapps/nextcloud/config/config.php
User = nextcloud

[Install]
WantedBy = multi-user.target

Server configuration

Web server: Apache

Database: PostgreSQL

PHP version: 8.2

Nextcloud version: 31.0.2

[hendrik-donner]

Note that the trusted_proxies array has been auto added. Didn't do it myself. And to my understanding it should be right.

[ugjka]

From readme

Alternatively, editing the /etc/hosts file to point your nextcloud domain to the internal ip can work in some setups.

[trajano]

It appears that it is not pulling the trusted_proxies value from the config.php

I get

  The following trusted proxies are currently configured: "172.21.0.0/16"

But my trusted_proxies in config.php is

17:56 config ❯ grep 172 *.php
config.php:    0 => '172.16.0.0/12',