NEXTCLOUD_TRUSTED_PROXIES variable does not update on config.php if it is not defined as array.

[feroxib]

Hi, please close if duplicate.

While setting up a nextcloud:apache via docker-compose.yml i had NEXTCLOUD_TRUSTED_DOMAINS and NEXTCLOUD_TRUSTED_PROXIES set as env variables.

Using this as my docker-compose.yml:

# version: '3.8'

services:
  nextcloud:
    image: nextcloud:apache
    restart: always
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
      - REDIS_HOST=redis
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
      - NEXTCLOUD_TRUSTED_PROXIES=${NEXTCLOUD_TRUSTED_PROXIES}
#     - APACHE_DISABLE_REWRITE_IP=${APACHE_DISABLE_REWRITE_IP}
    depends_on:
      - db
      - redis
    networks:
      - dockernet-nextcloud
      - dockernet-external
    ports:
      - "8080:80"
    volumes:
      - nextcloud_data:/var/www/html
  cron:
    image: nextcloud:apache
    restart: always
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
    networks:
      - dockernet-nextcloud
    volumes:
      - nextcloud_data:/var/www/html
      
  db:
    image: postgres:alpine
    restart: always
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
    networks:
      - dockernet-nextcloud
    volumes:
      - postgres_data:/var/lib/postgresql/data

  redis:
    image: redis:alpine
    restart: always
    command: redis-server --requirepass ${REDIS_PASSWORD}
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
    networks:
      - dockernet-nextcloud
    volumes:
      - redis_data:/data

volumes:
  nextcloud_data:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: ********
    labels:
      purpose: "nextcloud_storage"

  postgres_data:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: *********
    labels:
      purpose: "postgres_storage"

  redis_data:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: **********
    labels:
      purpose: "redis_storage"

networks:
  dockernet-external:
    driver: bridge
    internal: false
  dockernet-nextcloud:
    driver: bridge
    internal: true

.env

NEXTCLOUD_TRUSTED_DOMAINS=my.cloud.com
NEXTCLOUD_TRUSTED_PROXIES=127.0.0.2

With this approach my goal was to easily deploy a stack without needing to modify the config.php file.

Odd behaviour occured since in config.php the trusted_domains array got correctly updated but the trusted_proxies was missing completely.

checking the logs in nextcloud i noticed System config value trusted_domains => 1 set to string my.cloud.com
Where the 1 results from 0 being localhost as default.
Does NEXTCLOUD_TRUSTED_PROXIES fail because it is not declared as an array? YES

NEXTCLOUD_TRUSTED_PROXIES=127.0.0.2,127.0.0.3

worked out perfectly.

BUG? i think so. Probably some parsing error if values are not an array.

referencing:
#2224 since it mentions TRUSTED_PROXIES as "edit always allowed"
#2209 since trusted_proxies.conf seems to take part in parsing that variable.

Edit: formatting

[joshtrichards]

The variable is TRUSTED_PROXIES not NEXTCLOUD_TRUSTED_PROXIES.
And multiple entries are space delimited.

docker/.config/reverse-proxy.config.php

Lines 27 to 30 in 29d959a

	$trustedProxies = getenv('TRUSTED_PROXIES');
	if ($trustedProxies) {
	$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
	}

See Using the image behind a reverse proxy and auto configure server host and protocol.

I'm not sure how you're checking your config, but make sure to use occ config:list system to see the fully merged config. See Viewing the Nextcloud configuration.

[feroxib]

Will update