Fresh install worked once, now everyone gets invalid csrf token

tomasz

My setup is on two VMs:

1. nginx with ssl enabled listening on my domain and port 44301 and proxying to second VM
2. clean install of nodebb

Initial setup was fine, got to the admin console, disabled user registration and setup email server. After logout, no one can log in. Not the invited users, not even the administrator. Everyone gets an error message:

Login Unsuccessful
We were unable to log you in, likely due to an expired session. Please try again

We have tried from different machines, with private/incognito, nothing helps.

The nginx config is from the install instructions:

# Upstream
upstream nodebb_backend {
    server 172.22.100.40:4567;
}
# HTTPS Server
server {
    listen 44301 ssl;
    server_name my.domain;
    ssl_certificate ....; # managed by Certbot
    ssl_certificate_key .....; # managed by Certbot

    client_max_body_size 200M;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-Nginx-Proxy true;
        proxy_pass http://nodebb_backend/;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

And here is the nodebb config:

{
    "url": "https://my.domain:44301/",
    "secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "database": "mongo",
    "port": "4567",
    "bind_address": "172.22.100.40",
    "mongo": {
        "host": "127.0.0.1",
        "port": 27017,
        "database": "nodebb",
        "uri": "mongodb://nodebb:xxxxxxxxxxx@localhost:27017/nodebb"
    }
}

Even tried running it on standard port 443, nothing, still the same error.
Btw, there is a bug in the command ./nodebb setup, if ran again, it will quietly overwrite the "port" and replace it with port from the URL which will start it on different port next time and you will be wondering why the heck you are getting 502 error from your proxy.

PitaJ

Have you tried removing the trailing slash after http://nodebb_backend in the nginx config file and at the end of the "url" value in config.json?

tomasz

Yup, no difference whether the slash is there or not.

PitaJ

Can you try either removing the uri property, or removing all of the other properties under database?

julian

Did you test your nginx config and reload it after changing? Sorry if this seems to be a silly question but we do have to ask.

tomasz

Yes, tried all that. Noticed one thing though. The only cookie that is being set is named "io" and is set to expire at 1969-12-31T23:59:59.000Z.
My suspicion is that nodebb is not setting its cookies.

tomasz

Problem solved

Thank you everyone who responded.
I have tried everything I could think of, and when nothing worked, I decided to go over the setup, line by line, word by word and that's when I found it!
It was a typo in configuration of my nginx, i.e., my own mistake.
The following entries were wrong:

  proxy_set_header X-Forward-For ...
  proxy_set_header X-Forward-Proto ...

They should be X-Forwarded-For and X-Forwarded-Proto, notice they were missing ed in the word forward !