brutforce throttled on new instance

[tuetenk0pp]

I have set up a new Nextcloud AIO instance and have been testing it for a couple of hours. After enabling backups and restarting the containers, I get this error in the admin-settings:

Your remote address was identified as "xx.xx.xx.xx" and is bruteforce throttled at the moment slowing down the performance of various requests. If the remote address is not your address this can be an indication that a proxy is not configured correctly. Further information can be found in the documentation.

The shown IP adress is my current IP adress so that's fine. But whats the problem then? I have not connected any clients to the instance yet and have only two users setup that I used to test things.

[tuetenk0pp]

Here is some more information:

compose.yml

version: "3.8"

services:
  caddy:
    image: caddy:alpine
    restart: unless-stopped
    container_name: caddy
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./certs:/certs
      - ./config:/config
      - ./data:/data
      - ./sites:/srv
    network_mode: "host"

  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 8080:8080
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=127.0.0.1
      - NEXTCLOUD_MEMORY_LIMIT=6000M
      - NEXTCLOUD_STARTUP_APPS=twofactor_totp
      - NEXTCLOUD_ADDITIONAL_APKS=imagemagick
      - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick
    depends_on:
      - caddy

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

Caddyfile

https://cloud.domain.tdl:443 {
    header Strict-Transport-Security max-age=31536000;
    reverse_proxy localhost:11000
}

https://cloud.domain.tld:8443 {
    reverse_proxy https://localhost:8080 {
        transport http {
            tls_insecure_skip_verify
        }
    }
}

/etc/hosts

This file was automatically generated by my hoster

127.0.0.1       localhost
127.0.1.1       cloud.domain.tld cloud

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
xx.xx.xx.xxx    cloud.domain.tld cloud

Firewall

Output of sudo ufw status numbered is:

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 443                        ALLOW IN    Anywhere
[ 4] 3478                       ALLOW IN    Anywhere
[ 5] 8443                       ALLOW IN    Anywhere
[ 6] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 7] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 8] 443 (v6)                   ALLOW IN    Anywhere (v6)
[ 9] 3478 (v6)                  ALLOW IN    Anywhere (v6)
[10] 8443 (v6)                  ALLOW IN    Anywhere (v6)

config.php

<?php
$CONFIG = array (
  'one-click-instance' => true,
  'one-click-instance.user-limit' => 100,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'check_data_directory_permissions' => false,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'nextcloud-aio-redis',
    'password' => 'xxx',
    'port' => 6379,
  ),
  'overwritehost' => 'cloud.domain.tld',
  'overwriteprotocol' => 'https',
  'passwordsalt' => 'xx',
  'secret' => 'xx',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'cloud.domain.tld',
  ),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'pgsql',
  'version' => '27.1.0.7',
  'overwrite.cli.url' => 'https://cloud.domain.tld/',
  'dbname' => 'nextcloud_database',
  'dbhost' => 'nextcloud-aio-database',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_nextcloud',
  'dbpassword' => 'xxx',
  'installed' => true,
  'instanceid' => 'xxx',
  'maintenance' => false,
  'loglevel' => '2',
  'log_type' => 'file',
  'logfile' => '/var/www/html/data/nextcloud.log',
  'log_rotate_size' => '10485760',
  'log.condition' =>
  array (
    'apps' =>
    array (
      0 => 'admin_audit',
    ),
  ),
  'preview_max_x' => '2048',
  'preview_max_y' => '2048',
  'jpeg_quality' => '60',
  'enabledPreviewProviders' =>
  array (
    1 => 'OC\\Preview\\Image',
    2 => 'OC\\Preview\\MarkDown',
    3 => 'OC\\Preview\\MP3',
    4 => 'OC\\Preview\\TXT',
    5 => 'OC\\Preview\\OpenDocument',
    6 => 'OC\\Preview\\Movie',
    7 => 'OC\\Preview\\Krita',
    0 => 'OC\\Preview\\Imaginary',
  ),
  'enable_previews' => true,
  'upgrade.disable-web' => true,
  'mail_smtpmode' => 'smtp',
  'trashbin_retention_obligation' => 'auto, 30',
  'versions_retention_obligation' => 'auto, 30',
  'activity_expire_days' => '30',
  'simpleSignUpLink.shown' => false,
  'share_folder' => '/Shared',
  'one-click-instance.link' => 'https://nextcloud.com/all-in-one/',
  'upgrade.cli-upgrade-link' => 'https://github.com/nextcloud/all-in-one/discussions/2726',
  'updatedirectory' => '/nc-updater',
  'davstorage.request_timeout' => 3600,
  'htaccess.RewriteBase' => '/',
  'dbpersistent' => true,
  'files_external_allow_create_new_local' => false,
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    1 => '::1',
  ),
  'allow_local_remote_servers' => true,
  'preview_imaginary_url' => 'http://nextcloud-aio-imaginary:9000',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'noreply',
  'mail_domain' => 'domain.tld',
  'mail_smtphost' => 'smtp.domain.tld',
  'mail_smtpport' => '465',
  'mail_smtpauth' => 1,
  'mail_smtpname' => '[email protected]',
  'mail_smtppassword' => 'xxx',
  'skeletondirectory' => '',
  'default_phone_region' => 'DE',
  'default_language' => 'de',
  'memories.exiftool' => '/var/www/html/custom_apps/memories/exiftool-bin/exiftool-amd64-musl',
  'memories.vod.path' => '/var/www/html/custom_apps/memories/exiftool-bin/go-vod-amd64',
  'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',
  'memories.vod.ffprobe' => '/usr/bin/ffprobe',
  'memories.gis_type' => 2,
  'memories.index.mode' => '3',
  'memories.index.path' => '/Fotos/',
);

[szaimen]

The shown IP adress is my current IP adress so that's fine.

Then everything seems to be correctly configured. So I suspect a specific Nextcloud app that is installed on your server to cause this. Anyway, I cannot reproduce this and it is nothing we can fix in AIO. For further help on this please refer to https://help.nextcloud.com

[RetroYogi]

I'm experiencing the same issue. The remote address in the warning message is my external IPv4 address.
I have solved the issue by downloading the Brute-force settings app and whitelisting my external IP. But it's a dynamic IP so maybe the problem is going to reappear.
I have the Mail and the News Apps installed. As @szaimen hinted to an external App causing the issue, I will try to disable both apps, removing my IP from the whitelist and will let you know if it fixes the warning message.

Update: I don't have the News App installed :) Only Mail.

Update 2: Strangely, after removing my IP from the whitelist, the warning message doesn't show up anymore. So I cannot test if the Mail app is causing the issue. If it comes back, I'll update again.

[alessandriniluca]

Facing the same issue on a fresh new install of nextcloud. From here seems that also an incorrect log in could cause the issue (i actually did a wrong login with the admin account the second time, when I changed the password). Could be actually due to this?

[FrankoniaOssi]

I run into the same issue after switch from an old nexcloud host to a new AIO installation. The AIO instance is working properly after the bruteforce reset of my public ip4 address.

[adasaro]

I have the same error after the latest update. What I found is that nextcloud no longer recognizes my password after a few uses and I am forced to reset it and when it does not recognize the password it gives me the same error as you..

However, I'm sure the password is correct but despite this, nextcloud won't let me in.

[bremme]

I just ran into the same issue on a very new install of AIO:

Your remote address was identified as "172.29.0.1" and is bruteforce throttled at the moment slowing down the performance of various requests. If the remote address is not your address this can be an indication that a proxy is not configured correctly. Further information can be found in the [documentation ↗](https://docs.nextcloud.com/server/27/go.php?to=admin-reverse-proxy).

I had a look and found out 172.29.0.1 is actually the ip of docker network inspect nextcloud-aio. Should I really do what is suggested in the docs, adding this ip to the config.php file? Or do I actually have a configuration error in my proxy perhaps?

[tuetenk0pp]

no you have to add it as the third (or upwards) entry to the trusted proxies array in the config.php file. See this discussion: #3396 (reply in thread)