Nextcloud won't get client IP behind Caddy reverse proxy



I’m running both Nextcloud and Caddy with their official Docker images.

Nextcloud docker-compose.yml
    external: true

    image: nextcloud
    container_name: nextcloud
      - db
      - MYSQL_HOST=db
      - TRUSTED_PROXIES=caddy
      - ./db-creds.env
      - proxy
      - ./app:/var/www/html

Nextcloud and Caddy are both inside the the proxy-docker-network, so ports 80/443 are only exposed to the host on Caddys side.
The Caddyfile for Nextcloud looks like this: {
    reverse_proxy nextcloud:80

    header Strict-Transport-Security max-age=31536000;
    redir /.well-known/carddav /remote.php/carddav 301
    redir /.well-known/caldav /remote.php/caldav 301


Nextcloud doesn’t get the real origin of the client requests but only sees the reverse proxys IP (

nextcloud | - - [23/Apr/2023:07:51:32 +0000] "GET /login HTTP/1.1"
nextcloud | - - [23/Apr/2023:07:51:32 +0000] "GET /dist/core-files_fileinfo.js?v=232911c0-0 HTTP/1.1"
nextcloud | - - [23/Apr/2023:07:51:32 +0000] "GET /apps/theming/js/theming.js?v=232911c0-0 HTTP/1.1"

When I just swap Caddy for i.e. NGINX Reverse Proxy Manager, Nextcloud suddenly starts getting the public IP of the requesting client.
This makes me think the issue is on Caddys side?

header_up Host {remote}
header_up X-Real-IP {remote}
header_up -X-Forwarded-For
header_up X-Forwarded-Port {server_port}
header_up X-Forwarded-Proto {scheme}

As far as I get it, you need to add some sort of those directives to Caddyfile however I’ve tried them all in different combinations and had no success so far.

There are two in-depth threads/guides on the nextcloud forum for getting it to work with Apache:

However I couldn’t figure out a working solution for Caddy.

Any ideas are highly appreciated :slight_smile:

You need to configure NextCloud to trust requests coming from Caddy’s IP address. See Reverse proxy — Nextcloud latest Administration Manual latest documentation. You don’t need to change anything in your Caddyfile.

This is your problem, caddy is not an IP address.

I suggest using CIDR notation to trust everything from other Docker containers. should do the trick.

Unfortunately this doesn’t resolve the issue :confused:
Even with - TRUSTED_PROXIES= the nextcloud still only sees Caddy as source of requests.

I assume it’s some caddy-issue as swapping Caddy for NGINX Proxy Manager temporarily immediately fixes the issue, and Nextcloud starts getting the real IPs of clients.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.