Hi there,
i know this is a very old thread, but i recently got into the same situation that i couldn’t figure out why in the nextcloud.log i would only see the IP from the docker instance rather than the public IP as i was using X_Forwarded-host $host as well as X-Real-IP $remote_address in my proxy.conf of my swag container.
I want also to mention that i am not using bridge network but macvlan (i know, old school to absolutely want IP addresses for everything) and that might be the reason of the issue.
I noticed in the nginx/site-confs/default.conf file of the nextcloud container these 2 lines :
set_real_ip_from 172.17.0.0/12; real_ip_header X-Forwarded-For;
as mentioned in this thread as well : remoteaddr-logged-as-swag-containers-ip-with-swag-fail2ban-nextcloud-setup
What worked for me (not sure if it is best practice) is to remove the docker network address in the default.conf file of the nginx instance of the nextcloud container and replaced it with the IP address of my swag docker and it worked for me.
Since then i could make my fail2ban working fine reading the nextcloud.log and seeing now public IP addresses instead of the one from swag all the time. Thanks and hope this will be helpful for someone else.