NodeBB and IIS as reverse-proxy
So, I'm having some issues with setting up NodeBB to run on a IIS webserver using it's reverse proxy feature. When I load the website, it works. I can see the forum and browse it however, I (and others) cannot log into it instead receiving the error message:
I have ARR (Application Request Routing) enabled, at least the proxy bit, with the default settings. I then set up a new site for the forum, set that up etc. I then added a "Reverse Proxy" like suggested in this thread (apparently a rewrite rule is all that's needed) to route the requests to the NodeBB application listening on the port "1337".
And yes, I have set up the
config.jsonto have the
https://forum.example.com(the same subdomain as on IIS).
Any help would be appreciated, I've been trying to get this to work for the past couple of days (I even had a hacked setup where Apache was the reverse-proxy for NodeBB) to no avail. And it seems the original thread is dead since the last activity was from May 2016.
Edit: I've even followed this article and installed the "WebSocket" role and stuff to the server but, still getting the error.
Ok. So, I believe I've gotten a little further.
I was looking around earlier and found that you need to set the "HTTP_X_FORWARDED_PROTO" header. So, I did this (set it to "https") and I can log in! Woo.
Edit: I also followed this article to allow the outbound rewrite rule to work in ISS (when using the "Reverse Proxy" rewrite rule).
Now, the issue is that when someone else goes to the forum they're also logged into my account. I've got a feeling that this is another header that needs to be set, just not sure if this is true/what needs to be set.
AFAIK, ARR should be setting the "X-Forwarded-For" header with the IP/Port of the client. At least, that's what I understood from this stackoverflow
Edit2: I've even tried to change the name of the headers in ARR to match the ones in the Nginx proxy example:
console.log('blacklist testing:', clientIp);to the blacklist.js file (
src/meta/blacklist.js) and the log outputs
blacklist testing: 127.0.0.1. So, it is a problem with the proxy settings.
To try and remedy this I've added another server variable to the rewrite rule to pass the real IP through (doesn't work)
Edit: So, I've managed to send the client's IP to the application but, the sessions are still screwing up.