Looks like your connection to NodeBB was lost, please wait while we try to reconnect.

Technical Support
  • Hello,

    So I'm on a fresh NodeBB install. DigitalOcean Droplet and I have configured Nginx as proxy server. Like several others, I'm receiving the above stated error as soon as I visit the board. I am no longer able to write anything to the boards basically but they do sorta half-work in that I can navigate and read stuff. I cannot save any settings or create new threads.

    This is what I got:
    Nginx Config:

    # Default server configuration
    server {
            listen 80;
            #listen 443;
            #listen [::]:80;
            server_name myforums.com www.myforums.com;
            return 301 https://myforums.com$request_uri; #NOTE: Also tried #scheme and other variants
    server {
            # SSL configuration
             listen 443 ssl;
             server_name myforums.com www.myforums.com;
            # listen [::]:443 ssl default_server;
            include snippets/letsencrypt.conf;
            include snippets/ssl.conf;
            root /var/www/nodebb/myforums;
            # Add index.php to the list if you are using PHP
            index index.html index.htm index.nginx-debian.html;
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    # try_files $uri $uri/ =404;
                    # Uncomment to enable naxsi on this location
                    # include /etc/nginx/naxsi.rules
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_redirect https://myforums.com;
                    # Socket.IO Support
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";

    My config.json:

        "url": "https://myforums.com",
        "secret": "somesecret",
    "bindaddress": "localhost",
        "database": "mongo",
        "port": 4567,
        "mongo": {
            "host": "",
            "port": "27017",
            "username": "myforums",
            "password": "somepass123",
            "database": "forumsdb"

    I have 2 problems:

    1. No matter if I type in https://myforums.com or http://myforums.com , it redirects the user to https://www.myforums.com . I do not want the www.

    2. The error message in the subject is happening when I go to my boards. I saw a StackOverflow response where the guy said to add listen port 443 to the first server block but for me, that makes the entire site go down completely.

    I'm not sure what needs to be fixed here but something screwy is going on between my SSL, Nginx config, and NodeBB config. Thanks for any assistance. What I'm trying to accomplish here is have a HTTPS-ALWAYS NodeBB. Everything should be https. I dont care about www.

  • https://docs.nodebb.org/configuring/proxies/nginx/ could help you some.

    For a start, try removing all of the www.myforums.com stuff. proxy_redirect needs to be set to off

  • @pitaj

    Got it figured out. Basically, you have to form a "redirect chain" kinda. I think I was creating an infinite loop of redirection or excluding a specific case (www. for 443 and for 80 separately) in my above nginx config. I ended up having to redirect 80 http://www.domain.com, 80 http://domain.com AND 443 https://www.domain.com all to 443 https://domain.com and then that third block is where all the master logic for the activity goes, if that makes sense.

    In my original post, I was combining too many of these cases into just 2 blocks. In addition, I also added location / {} and wrapped that around my return 301 statements.

    This fixed the problem entirely with both the domain and the forum malfunctioning. Last but not least, I wanted to mention that I also added proxy_set_header X-Forwarded-Proto $scheme; to the main logic block near the other proxy_set settings, which fixed a csrf error as well. So we're all good now!

    Very exciting stuff. I appreciate the quick replies and help. Happy to use NodeBB for my new site!

Suggested Topics

  • NodeBB Assets - Object Storage

    Unsolved Technical Support
    0 Votes
    98 Posts

    @phenomlab the postbuild script will only run when you execute ./nodebb build via npm run build as that has the logic to execute the postbuild step. The postbuild script should probably be modified to only sync the build/public folder after the initial sync. There should be no need to sync public with every build unless the version of nodebb changes. All new uploads would already be stored in the S3/R2 bucket by the s3 upload plugin.

    So a npm run build init for the initial sync that includes all static assets, and then just npm run build that only syncs the rebuilt assets such as templates , plugins etc.

  • Try to post using API (and failing)

    Solved Technical Support
    0 Votes
    9 Posts

    @phenomlab oh, okay ^^"
    The question currently marked as unsolved 👀

  • 2 Votes
    5 Posts

    Maybe not a lot of interest in this due to complexity of deploying/configuring ModSecurity, combined w/absence of nodebb stack specific rulesets. Security is difficult so not much can be done about the deploy/config aspects but ModSecurity devs are starting to focus some efforts on the latter.

    For those interested, and willing to roll up their sleeves, development of node.js targeted attack ruleset is slated for next release of OWASP CRS, scheduled for Sept. 2019. More info here:

    some node.js unserialization + javascript RCE snippets by lifeforms · Pull Request #1487 · SpiderLabs/owasp-modsecurity-crs

    Libraries performing insecure unserialization: node-serialize: _$$ND_FUNC$$_ (CVE-2017-5941) funcster: __js_function See: https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/ https://www.acunetix.com/blog/web-security-zone/deserialization-vulnerabilities-attacking-deserialization-in-js/ Some generic snippets used: function() { new Function( eval( String.fromCharCode( Last two are used by nodejsshell.py, https://github.com/ajinabraham/Node.Js-Security-Course/blob/master/nodejsshell.py As base64 is sometimes (but not always) used to encode serialized values, use multiMatch and t:base64decode.


    GitHub (github.com)

    P.S.; Obviously ModSecurity can be deployed on Apache setups as well but my sense is that Nginx is the overwhelming favorite w/the nodebb community and I didn't want to start a new thread.

  • topic template in nodebb

    Technical Support
    0 Votes
    2 Posts

    Anyone please give little bit of clue. How a topic works in nodebb?

  • 0 Votes
    1 Posts

    Hello all!

    I've been recently looking into NodeBB and I'm now considering switching my current Discourse forum to NodeBB. Both are self hosted.

    However, I haven't been able to figure out a way to do that successfully.
    I've tried using https://github.com/akhoury/nodebb-plugin-import and https://github.com/BenLubar/nodebb-plugin-import-discourse to no avail.

    I'm not well versed in SQL (Postgre or Mongo), so the instructions on https://community.nodebb.org/topic/6818/switching-from-discourse/4 are a bit challenging - especially where you need to prefix all of the table names.

    If you have the time to help a beginner, I'd be grateful!