nextcloud: Trust headers from public rev proxy

If Nextcloud does not have the Internet-facing reverse proxy listed in its "trusted proxies" setting, it will mark all traffic as being from the proxy itself. This breaks brute force detection, etc.
2021-12-20 22:20:09 -06:00
parent 7d7dda6061
commit 6acb25e309
1 changed files with 1 additions and 0 deletions
--- a/group_vars/nextcloud.yml
+++ b/group_vars/nextcloud.yml
@@ -9,6 +9,7 @@ pg_hba_extra:
 nextcloud_trusted_proxies:
 - 127.0.0.1
 - ::1
+- '{{ lookup("dig", groups["public-web"][0]) }}'
 nextcloud_trusted_domains:
 - nextcloud.pyrocufflink.net
 - nextcloud.pyrocufflink.blue