Can not login
-
-
@phenomlab server {
listen 80 ;
server_name jiejingbao.xyz;
index index.php index.html index.htm default.php default.htm default.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
access_log /www/sites/jiejingbao.xyz/log/access.log;
error_log /www/sites/jiejingbao.xyz/log/error.log;
access_by_lua_file /www/common/waf/access.lua;
set $RulePath /www/sites/jiejingbao.xyz/waf/rules;
set $logdir /www/sites/jiejingbao.xyz/log;
set $redirect on;
set $attackLog on;
set $CCDeny off;
set $urlWhiteAllow off;
set $urlBlockDeny off;
set $argsDeny off;
set $postDeny off;
set $cookieDeny off;
set $fileExtDeny off;
set $ipBlockDeny off;
set $ipWhiteAllow off;
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
include /www/sites/jiejingbao.xyz/proxy/*.conf;
} -
@xianqu Your
conf
file is incorrect, and should containproxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off;
The most important one is
proxy_set_header X-Forwarded-Proto https;
as this is required for CloudFlare to function with NodeBB properly.You also seem to be listening on port 80 and not 443 which will also cause you issues.
-
You also seem to be listening on port 80 and not 443 which will also cause you issues.
If
config.json
is configured with https and the actual site is not served with https then they are considered different sites and the cookie/csrf issues will occur. -
@xianqu Looking at your
nginx.conf
I do not see any information relating to the reverse proxy settings. Are these contained in anotherconf
file? Specifically, I need the contents ofinclude /www/sites/jiejingbao.xyz/proxy/*.conf;
-
@phenomlab ocation ^~ / {
proxy_pass http://x.x.x.x:4567;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
add_header Cache-Control no-cache;
} -
@xianqu Thanks. There are several issues here. First, please ensure the config matches the below settings as they are currently incorrect
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; # Socket.io Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
Additionally, your reverse proxy points to a public IP address. It should read
proxy_pass http://127.0.0.1:4567;
You should also not post your IP address on any public forum, as this completely negates the point of CloudFlare - you are exposing your IP address to the entire planet. If you'd like to denote a public IP, please consider using
x.x.x.x
to do so.