Double URL problem after login | https in config.json gives session error

MJ

Hello, I got a problem.

I got the Double URL Problem and I find out my config.json URL was not right.

My website is https://keen.wtf and my config file is "url": "http://keen.wtf", If I have this, It will give the Double URL problem when a person registers or log in.

If I change it to "url": "https://keen.wtf", I have a message

"Session Mismatch
It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page."

I'm running nginx if it something has to do with it or you need me post some information, I will do if you need something.

What can I do?

MJ

This post is deleted!

MJ

Can somebody help me please?

Do I need to change something in the Nginx config, or what do I need to do?

julian

Hi @MJ, two things:

1. The double URL issue is resolved in latest master, so if you want to update to it, it should no longer happen.

2. Your config.url should really be https, though, so if you post your nginx config, I can help debug.

MJ

@julian thank you, I go post nginx config just a minute

MJ

This is nginx.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # nginx-naxsi config
        ##
        # Uncomment it if you installed nginx-naxsi
        ##

        #include /etc/nginx/naxsi_core.rules;

        ##
        # nginx-passenger config
        ##
        # Uncomment it if you installed nginx-passenger
        ##

        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

MJ

this is the file nginx/sites-enabled/keen.wtf.conf

server {
        listen                          80;
    server_name                 keen.wtf;
        rewrite     ^           https://$host$request_uri? permanent;
}

server {

        listen                          80;
        listen                          443 ssl;
    server_name                 keen.wtf;
    ssl_certificate     /etc/letsencrypt/live/keen.wtf/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/keen.wtf/privkey.pem; # managed by Certbot
    include                     /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam                 /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        ssl_stapling            on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000";



    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

julian

The nginx config looks to be without issue -- when you switch the config.json url to the https value, you say you get an error about a session mismatch.

What happens when you try to clear your cookies?

MJ

@julian so I must exacly do this

"url": "https://keen.wtf",

in Nodebb/config.json

MJ

Did change it to "url": "https://keen.wtf", same error.

Cleared cookies - same error
Other browser - same error
On the Phone - same error

MJ

Change the language to English so the error is in English. This I get when I try to login on phone (and other browsers).

julian

Okay two things:

1. Remove the listen 80; from the https block, it is unneeded.
2. Add proxy_set_header X-Forwarded-Proto $scheme;, it seems to be missing.

Then reload nginx and it should hopefully be gone.

MJ

@julian did this.

did reload nginx now gonna check

MJ

Not working, same error

/etc/nginx/sites-enabled/keen.wtf.conf does look like this now

server {
        proxy_set_header X-Forwarded-Proto $scheme;
    server_name                 keen.wtf;
        rewrite     ^           https://$host$request_uri? permanent;
}

server {

        listen                          80;
        listen                          443 ssl;
    server_name                 keen.wtf;
    ssl_certificate     /etc/letsencrypt/live/keen.wtf/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/keen.wtf/privkey.pem; # managed by Certbot
    include                     /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam                 /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        ssl_stapling            on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000";



    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

baris

@MJ said in Double URL problem after login | https in config.json gives session error:

proxy_set_header X-Forwarded-Proto $scheme;

That should be in the location block I think, like this

 location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

See here for sample nginx configs.

MJ

@baris I will do

MJ

Guys you helped me a lot Thank you it's all fine now

julian

Great! Enjoy your NodeBB!

KevinPan

I have deployed NodeBB via Windows IIS (IIS Node), and I have met the same problem, how can I hot fix this issue.