Oauth with rev. proxy fails, wrong client address

After a server migration, I am struggeling with the remote ip detection during oauth authentication.

Environment:

  • ownCloud Enterprise Edition 10.9.1 RC1 (stable)
  • Proxy: Haproxy 2.0.13 for ssl
  • Webserver: apache 2.4.x (remoteip module enabled)

The oauth login of the sync clients never finishes because OC doesnt see the “real IP” of the desktop client, instead only the local IP of the proxy (10.10.10.21). The Log shows:

{“reqId”:“dd2afc47-2a3e-4c14-b174-3b2e75ae423c”,“level”:1,“time”:“February 25, 2022 16:50:23”,“remoteAddr”:“10.10.10.21”,“us
er”:"–",“app”:“oauth2”,“method”:“POST”,“url”:"/index.php/apps/oauth2/api/v1/token",“message”:“An authorization code h
as been used by the client “Desktop Client” to request an access token.”}

The config.php has those settings:

‘trusted_proxies’ => ‘10.10.10.21’,

haproxy has “option ForwardFor” and thus should forward the real IP to the backend.

I followed the docs at Reverse Proxy Configuration :: ownCloud Documentation. Something is still wrong here and I dont know if its the OC config or the haproxy config.

Any ideas?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.