Unable to login after upgrade
I'm unable to login to the forum, and receive a "Forbidden" message after upgrading to the latest 1.x.x from 1.0 or 1.1. The forum had been running stably for about a year and I decided to do some maintenance yesterday.
*Upgraded my distribution from 12.04 to 16.04
- Changed the NodeJS repo
git checkout 1.x.x && git pull
Upgraded from 1.1.0 I think.rm -rf node_modules && npm install
sudo -u nodebb ./nodebb setup
sudo -u nodebb ./nodebb upgrade
- NodeBB v1.4.2
- Ubuntu 16.04
- Redis 3.2.6 Yes, I see that Mongo is now preferred
sudo -u nodebb ./nodebb dev ... 26/1 07:18:07 [17949] - info: NodeBB is now listening on: 26/1 07:18:18 [17949] - error: /login invalid csrf token
Nginx File
server { listen 80; server_name www.domain domain; return 301 https://domain$request_uri; } server { listen 443 ssl http2; server_name www.domain; return 301 https://domain$request_uri; ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; } upstream io_nodes { ip_hash; server; server; } server { listen 443 ssl http2; ssl on; ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:50m; #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 ssl_session_timeout 1d; ssl_trusted_certificate /etc/letsencrypt/live/domain/chain.pem; resolver valid=300s; resolver_timeout 5s; ssl_dhparam /etc/nginx/conf/dhparam.pem; server_name domain; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; gzip on; gzip_min_length 1000; gzip_proxied off; gzip_types text/plain application/xml application/x-javascript text/css application/json; location @nodebb { proxy_pass http://io_nodes; } location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) { root /home/ubuntu/Node/public/; try_files $uri $uri/ @nodebb; access_log off; expires 1d; } location / { proxy_pass http://io_nodes; } }
What version of Node.JS?
Output of
sudo npm install
The common causes for a session mismatch error are usually one of the following:
1. Mis-configured URL parameter in your
fileIf you have a misconfigured
value in yourconfig.json
file, the cookie may be saved incorrectly (or not at all), causing a session mismatch error. Please ensure that the link you are accessing your site with and the url defined match.2. Improper/malformed
set in ACPSometimes admins set this value without realising that they probably don't need to set it at all. The default is perfectly fine. This is what the config looks like:
If this is set, you'll want to revert the setting by editing your database directly:
hdel config cookieDomain
Perhaps those may help?
@julian Unfortunately, no luck. I opened up 4567 to see if it was my use of HTTP2 causing some problems, and the error persists and is a bit more descriptive:
Here is my nginx conf:
server { listen 80; server_name www.domain.com domain.com; return 301 https://domain.com$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.domain.com; return 301 https://domain.com$request_uri; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; } upstream io_nodes { ip_hash; server; server; } server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:50m; #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 ssl_session_timeout 1d; ssl_trusted_certificate /etc/letsencrypt/live/domain.com/chain.pem; resolver valid=300s; resolver_timeout 5s; ssl_dhparam /etc/nginx/conf/dhparam.pem; server_name domain.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; gzip on; gzip_min_length 1000; gzip_proxied off; gzip_types text/plain application/xml application/x-javascript text/css application/json; location @nodebb { proxy_pass http://io_nodes; } location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) { root /home/ubuntu/NodeBB/public/; try_files $uri $uri/ @nodebb; access_log off; expires 1d; } location / { proxy_pass http://io_nodes; } }