Technical Support

I've recently been trying to setup NodeBB on my server, but whenever i try to login or register the POST request returns a 403 forbidden response and NodeBB logs an "invalid csrf token" error. The following software packages are used: NodeBB 1.10.1 MongoDB 3.2.11 Node.js 8.11.4 Debian 9.3 NodeBB itself is a subfolder installation in https://endless-endeavors.theswc.net/forum/. The node server is multi-tenant and works with express.js as a router/reverse proxy. All external http requests are redirected to https, but requests to the nodeBB server are proxied internally over http. Essentially this is the flow for an incoming forum request: main server app -> enforce https, direct request to endless-endeavors.theswc.net directory host/domain app -> Check url, if /forum, proxy to port 4567 over http (or wss if websocket) let nodeBB do its thing. I've been googling and have found quite a few threads, but none of the suggested solutions have worked. things i have tried so far: Check url in config.json: 'https://endless-endeavors.theswc.net/forum/' Make sure cookieDomain is '' in MongoDB Including header 'X-Forwarded-Proto: https' Including header 'X-Forwarded-SSL: on' Including header 'X-Url-Scheme: https' I've also found that in the GET request for the login form, no X-CSRF-Token header is received. The form itself however is populated with a token. Lastly, here are the relevant code snippets: main server app #!/usr/bin/env nodejs // filename: app.js const http = require('http'); const https = require('https'); const fs = require('fs'); const express = require('express'); const vhost = require('vhost'); const app = express(); const sslOptions = { cert: fs.readFileSync('./.sslcert/fullchain.pem'), key: fs.readFileSync('./.sslcert/privkey.pem') } http.createServer(function(req, res) { res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url }); res.end(); }).listen(80); app .use(require('helmet')()) .use(express.static(__dirname + '/static')) <redacted, other domains> .use(vhost('endless-endeavors.theswc.net', require('./apps/EndlessEndeavors').app)) app.get('/', function (req, res) { res.writeHead(200, {'Content-Type': 'text/plain'}); res.end(''); }); domain app const express = require('express') const app = express(); const http = require('http'); const httpProxy = require('http-proxy'); const proxy = httpProxy.createProxyServer(); app.use('/static',express.static(__dirname + '/static')); app.use('', express.static(__dirname + '/dist/EndlessEndeavors')); app.all('/forum[/]+*', function(req, res){ if(req.url.substr(0,18).indexOf('socket.io')>-1){ console.log('got socket request'); proxy.web(req, res, {target: 'wss://endless-endeavors.theswc.net:4567', ws: true}); } else { res.header('X-Forwarded-Proto','https'); res.header('X-Forwarded-Ssl','on'); res.header('X-Url-Scheme','https'); res.header('Access-Control-Allow-Origin','endless-endeavors.theswc.net'); proxy.web(req, res, {target: 'http://endless-endeavors.theswc.net:4567'}); } }); app.all('/forum$', function(req, res) { res.writeHead(301, { "Location": "https://" + req.headers['host'] + '/forum/' }); res.end(); } ) exports.app = app; nodeBB config.json { "url": "https://endless-endeavors.theswc.net/forum/", "secret": "<redacted>", "database": "mongo", "port": 4567, "mongo": { "host": "127.0.0.1", "port": 27017, "username": "<redacted>", "password": "<redacted>", "database": "<redacted>", "uri": "<redacted>" } } Hopefully this is enough into to help find the cause of the invalid csrf token issue... i have no idea what else could be wrong at this point.

Yes, it is same. But error is still there.

I've got two questions concerning notifications. Is it possible to display more notifications in the "notification window"? This seems to be limited to 15? I know that I can see all on the /notifications page but it would be easier to just see more in the notification window. Is there any possibility to display the category of the topics in the notification (either notification window or notification page)? Or should I put a topic for that in feature requests? Thanks for your help.

Everything is working now after fixing Problem 4 and configuring from IP to domain name. I was attempting to get nodebb working on strictly the IP address. However, I was able to get the domain linked by utilizing Custome Resource Records settings of: Name / Type / TTL / DATA @ / A / 1h / xx.xxx.xx.xx * / A / 1h / xx.xxx.xx.xx Then, I simply changed my ip address to the domain and now everything is working perfectly. I am not sure why, though.

It worked, thanks for the help @PitaJ

How to set privileges for any role to manage and edit the category

https://github.com/NodeBB/NodeBB/issues/6805 ?

Hi. How would I go about removing the picture icon (red) without removing the upload image icon (blue)? I'm guessing CSS, but what exactly would I target with display: none;? [image: VnGWHDl.png] Thanks in advance!

It's just a sidebar widget.

In the ACP, just put this in the Custom CSS section .categories-title { display: none; }

Problem solved. For this topic to be any usefull at all: Run into first problem trying to point and click install 2 nodebb instances( test and the actual) on the same server and obviously, both couldn't listen on the same 4567 port. Second, did the second install from the old docs on readthedocs instead of the official ones from nodebb. Third, forgot to also add php-fpm directives to my Nginx config. And start Mongodb.

Hello, I just try to create a new forum for a gaming community... I love nodebb and it is so fast and easy to configure... sadly I‘ve got problems with cloudflare and ssl... as soon as i activate the cloudflare clouds , my nodebb looses connection... i cant imagine that i need to change something in my conf or Nginx configuration? It‘s the same url, same port.. and also the ssl certificate doesn’t work which is free on cloudflare... do i need to change something in my config files or activate my ssl in the Nginx files? I found a cloudflare tutorial here in the forum but it seems to be outdated, because later in the answers everybody wrote something like cloudflare works now with sockets so there’s nothing to change in the config files ... hope somebody knows what I need to do...

OK... removing the port, :4567 - helped with the Google SSO to finally work. just "https://digital.nomadic.cloud" - and it's working fine. I know that during the set up process (tried 5 times previously), ensuring the port here made a difference with making something else work. When I see that bug again, I will post that separately. and.. thank you

Thank you for your quick answer Julian. I hope the update to less v3 can be so fast At least thank you for your explanation, I'm on the lookout to be able to use nodebb

Ok, I solved it by binding a different port from 80 in my config.json: { "url": "https://dev.myforum.com", "port": 4567, "database": "mongo", ... } So finally NodeBB set express.sid cookie

Lol thanks, didn't see that!

@julian Clear enough, thank you so much.

@asamolion Here are the changes: https://github.com/NodeBB/NodeBB/pull/6649/files Just use the latest version of benchpressjs (not 1.2.3)

Does it work if you don't put it in the error_docs/ subfolder?