NodeBB and IIS as reverse-proxy

Havoc

So, I'm having some issues with setting up NodeBB to run on a IIS webserver using it's reverse proxy feature. When I load the website, it works. I can see the forum and browse it however, I (and others) cannot log into it instead receiving the error message:

I have ARR (Application Request Routing) enabled, at least the proxy bit, with the default settings. I then set up a new site for the forum, set that up etc. I then added a "Reverse Proxy" like suggested in this thread (apparently a rewrite rule is all that's needed) to route the requests to the NodeBB application listening on the port "1337".

0_1517837936338_a651f721-a720-43eb-9207-0c00dbb973ad-image.png

And yes, I have set up the config.json to have the url set to https://forum.example.com (the same subdomain as on IIS).

Any help would be appreciated, I've been trying to get this to work for the past couple of days (I even had a hacked setup where Apache was the reverse-proxy for NodeBB) to no avail. And it seems the original thread is dead since the last activity was from May 2016.

Edit: I've even followed this article and installed the "WebSocket" role and stuff to the server but, still getting the error.

davidr

@administrators Sorry for the tag but I feel like this needs attention..?

Havoc

Ok. So, I believe I've gotten a little further.

I was looking around earlier and found that you need to set the "HTTP_X_FORWARDED_PROTO" header. So, I did this (set it to "https") and I can log in! Woo.

Edit: I also followed this article to allow the outbound rewrite rule to work in ISS (when using the "Reverse Proxy" rewrite rule).

Now, the issue is that when someone else goes to the forum they're also logged into my account. I've got a feeling that this is another header that needs to be set, just not sure if this is true/what needs to be set.

AFAIK, ARR should be setting the "X-Forwarded-For" header with the IP/Port of the client. At least, that's what I understood from this stackoverflow

0_1518010593373_77e4eb83-85a2-499f-b2c8-81668c51fe29-image.png

Edit2: I've even tried to change the name of the headers in ARR to match the ones in the Nginx proxy example:

0_1518012392805_bec88324-517e-4828-a4f6-53ae80f917a5-image.png

davidr

@baris I am REALLY sorry to tag, but he has been trying to do this for the last couple of days. I would appreciate any little intel

Havoc

I've added console.log('blacklist testing:', clientIp); to the blacklist.js file (src/meta/blacklist.js) and the log outputs blacklist testing: 127.0.0.1. So, it is a problem with the proxy settings.

~~To try and remedy this I've added another server variable to the rewrite rule to pass the real IP through (doesn't work)~~

Edit: So, I've managed to send the client's IP to the application but, the sessions are still screwing up.

<baris>

Hi guys, sorry I can't be of any help. I don't have any experience with IIS, but you seem to be on the right track, the client's IP should be forwarded to the node backend by your webserver.