Login seems succesfull but does not actually logs user in.
-
@igor have you tried disabling all plugins?
-
The common causes for a session mismatch error are usually one of the following:
1. Mis-configured URL parameter in your
config.json
fileIf you have a misconfigured
url
value in yourconfig.json
file, the cookie may be saved incorrectly (or not at all), causing a session mismatch error. Please ensure that the link you are accessing your site with and the url defined match.2. Improper/malformed
cookieDomain
set in ACPSometimes admins set this value without realising that they probably don't need to set it at all. The default is perfectly fine. This is what the config looks like:
If this is set, you'll want to revert the setting by editing your database directly:
Redis:
hdel config cookieDomain
MongoDB:db.objects.update({ _key: "config" }, { $set: "cookieDomain": "" });
3. Missing
X-Forwarded-Proto
header from nginx/apacheIf you are using a reverse proxy, you will need to have nginx pass a header through to NodeBB so it correctly determines the correct cookie
secure
property.In nginx, you will need to add the directive like so:
location / { ... proxy_set_header X-Forwarded-Proto $scheme; ... }
-
@julian said in Login seems succesfull but does not actually logs user in.:
MongoDB: db.objects.update({ _key: "config" }, { $set: "cookieDomain": "" });
- With
MongoDB server version: 4.4.6
I had to use this (note the additional curly braces for the argument to$set: {"cookieDomain": ""}
:
db.objects.update({ _key: "config" }, { $set: {"cookieDomain": ""} }); WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
-
config.json
is correct, as configured. -
proxy_set_header X-Forwarded-Proto $scheme
is set. As is proxying:
listen 127.0.0.1:555 deferred proxy_protocol; set_real_ip_from 127.0.0.1; real_ip_header proxy_protocol; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Fowarded-For $proxy_protocol_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header Referer $http_referer; proxy_set_header Host $host; proxy_headers_hash_max_size 768; proxy_headers_hash_bucket_size 128;
Previously, login was dysfunctional already and changing
X-Forwarded-Proto
from$scheme
tohttps
seemed to fix it.Now it's malfunctioning again, despite the change (reverting does not change the behaviour). There may have been an nginx update meanwhile, though I doubt it's the reason. Somehow there's still something amiss I don't catch yet.
Any ideas?
Other things still bugging:
- every X secconds the pop-up shows "Seems we lost connection to the server"
- /manifest.webmanifest is a 401 though CORS
crossorigin: use-credentials
is set.
- With
-
@bejan your nginx config doesn't seem to match our recommended one:
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
Note that these directives can be order sensitive.
https://docs.nodebb.org/configuring/proxies/nginx/ -
@pitaj said in Login seems succesfull but does not actually logs user in.:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;Using this config does not solve the "login, welcome back as guest" issue.
It does revert to the issue that the wrong client IP addresses are used in log files, though. This is why my config diverts from the recommended one. Bear in mind, I'm using ssl stream proxying here which requires a slightly different setup.
Edit: Following the documentation you referenced I moved my proxy config inside the
location / {}
block and it is working now. I'll be da... Why isn't the location block inheriting the theserver {}
-wide block settings as one would expect? Do I need to provide the proxy settings inside thelocation /assets
et al. blocks as well?To summarize: my config as specified above, used in a ssl-stream-proxy setup, provided inside the
location / {}
block seems to be working fine, login is working again as it should. It is however insufficient to globally specify those proxy settings in theserver {}
block (still ssl-stream-proxy setup).Thank you!
-
Those other things still bugging are yet to be solved:
- every X secconds the pop-up shows "Seems we lost connection to the server"
- /manifest.webmanifest is a 401 though CORS crossorigin: use-credentials is set.
-> about 1) Is this related to a ssl-stream-proxy setup?
-
Do I need to provide the proxy settings inside the location /assets et al. blocks as well?
No. See https://docs.nodebb.org/configuring/scaling/#use-a-proxy-server-to-serve-static-assets
every X secconds the pop-up shows "Seems we lost connection to the server"
Check out the following faq topic
[FAQ] Websockets not working due to misconfigured origins
This FAQ is applicable for the following situations: You're receiving the following error in the Javascript console: WebSocket connection to 'wss:///socket...
NodeBB Community (community.nodebb.org)
/manifest.webmanifest is a 401 though CORS crossorigin: use-credentials is set.
Not sure. Can you show a screenshot of this happening? Can you try clearing your cookies and cache? What browser?
-
@pitaj said in Login seems succesfull but does not actually logs user in.:
every X secconds the pop-up shows "Seems we lost connection to the server"
Check out the following faq topic
[FAQ] Websockets not working due to misconfigured origins
This FAQ is applicable for the following situations: You're receiving the following error in the Javascript console: WebSocket connection to 'wss:///socket...
NodeBB Community (community.nodebb.org)
I only have a single origin site and the
url
is set as it should. Is it allowed to have a trailing slash inurl
?This issue is still haunting me.
/manifest.webmanifest is a 401 though CORS crossorigin: use-credentials is set.
Not sure. Can you show a screenshot of this happening? Can you try clearing your cookies and cache? What browser?
The manifest issue is solved. Thank you.
-
@bejan try removing the trailing slash but that's probably not it.
I'd suggest reducing your nginx config down to the bare minimum as recommended in the docs and perhaps even try it with direct http to see if you still see that error.
-
@pitaj Yeah, that's what it most probably boils down to. Right now, it's not a priority. Yet.
Will let you guys know when it's done and how.
So far: thank you for your support and patience. You guys rock. Docs aren't too recent and complete but you make it up. Of course it takes your time and mine to solve those issues that might not even surface with more extensive documentation. What I mean is, the available doc is already very nice. It's the little crooks and crannies and the code version referenced that could profit from some polish. As already offered, I can offer to improve on that if wanted. I.e. just add what was missing for me that would complement the doc that is there. Just my 2p
-
@bejan The nodebb recommended nginx.conf works dandy. Should you want/need more w.r.t. nginx security related concepts, I recommend raymii.org:
There are a number of relevant articles there relating to various web server security knobs and tweaks. Apache included.
Have fun down the rabbit hole!
-
@gotwf I appreciate your reply, thank you.
Not everyone can use the standard setup or just may not want to implement it this way.
In my case I have a particular situation where the standard config is only a part of the bigger picture. To reach a working setup with all dependencies fullfilled, I had to tweak it quite a bit. In the end, some directives of the nodebb config weren't as suggested by the docs. To really know what can be done different and what not for nodebb to still work flawlessly is harder for anyone just starting with nodebb. It needs a helping hand to get it working again and now it's finally ready. So far I'm happy with how it is as of now.
The remaining issue is nothing major requiring immediate remedy right now.
-
@bejan Our community reps are pretty awesome, we're lucky to have them
Our docs are open source, and we accept pull requests to them: https://github.com/nodebb/docs
We would greatly appreciate tweaks to the docs so that they are more accessible.
While I suppose more documentation doesn't always mean better documentation, we are always grateful for contributions
-
@julian said in Login seems succesfull but does not actually logs user in.:
@bejan Our community reps are pretty awesome,
Definitely!
Our docs are open source, and we accept pull requests to them: https://github.com/nodebb/docs
Great, thank you!
While I suppose more documentation doesn't always mean better documentation, we are always grateful for contributions
True