change password Faild with reverse proxy



  • Changing password does not work with reverse proxy

    Hello, hello.
    I have a reverse proxy (nginx) in front of me
    I have done several tests, there doesn't seem to be any problem, except to change the password.
    Do you have an idea?
    I would like to point out that this works with direct access (without reverse proxy)

    I work with alpinelinux

    My setup on the reverse proxy (front) :

    server {
    listen       80;
    listen       [::]:80;
    server_name  forum.mydomaine.com;
    root         /var/www/localhost/htdocs;
    #path to certobot validation
    location /.well-known/acme-challenge {
       root /var/www/localhost/htdocs/certbot_validation/;
       }
    rewrite ^ https://$server_name$request_uri? permanent;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    root  /var/www/htdocs;
    }
    }
    server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2 ;
    server_name  forum.mydomaine.com;
    ssl on;
    ssl_protocols TLSv1.2;
    #Certificat
    ssl_certificate /etc/letsencrypt/live/forum.mydomaine.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/forum.mydomaine.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/forum.mydomaine.com/chain.pem;
    #Diffie-Hellman
     #ssl_dhparam /etc/ssl/private/dh4096.pem;
     ssl_ecdh_curve secp384r1;
    #Ciphers
    ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
    ssl_prefer_server_ciphers on;
    #Paramètres TLS
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_session_tickets off;
    #OCSP Stapling
     resolver 89.234.141.66  valid=300s;
    resolver_timeout 5s;
    ssl_stapling on;
    ssl_stapling_verify on;
    #file transfert /nextcloud options
    client_max_body_size    3012M;
      #HSTS
     #add_header Strict-Transport-Security "max-age=31536000;";   
    #path to certobot validation
    location /.well-known/acme-challenge {
       root /var/www/localhost/htdocs/certbot_validation/;
    }
    #normal redirection
     location / {
           proxy_pass https://192.168.0.198/;
     }
    }
    

    on the nodebb serveur it's the default configuration

    forum:~/nodebb# cat /etc/nginx/conf.d/nodebb.conf

    # redirects http requests to https
    server {
    listen 80;
    server_name forum.mydomaine.com;
    return 302 https://$server_name$request_uri;
    }
    
    # the https server
    server {
    # listen on ssl, deliver with speedy if possible
    listen 443 ssl spdy;
    server_name forum.mydomaine.com;
    # change these paths!
    ssl_certificate      /etc/ssl/private/auto.certificat.pem;
    ssl_certificate_key  /etc/ssl/private/auto.certificat.pem;
    
    # enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    # disables all weak ciphers
    ssl_ciphers 'AES128+EECDH:AES128+EDH';
    
    ssl_prefer_server_ciphers on;
    
    location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    
    proxy_pass http://127.0.0.1:4567;
    proxy_redirect off;
    
    # Socket.IO Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
        }
     }

  • Community Rep

    What is not working? Are you receiving an error? Are there any errors in the nodebb log file?


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.