Ok, the problem was solved. But I'm not sure how exactly.
After I wrote this post I noticed that the latest version of NodeBB is 1.16.x. But while upgrading the forum i switched to 1.15.x branch (I thought that was the latest).
After that, I used ./nodebb upgrade command. Maybe this was the issue? Maybe, I switched to the previous version branch, but installed the latest version of files with the "upgrade" command? β I don't really know. But when I switched to 1.16.x and upgraded the forum again, then it worked as expected. The forum now works fine.
Unsolved Password protect access to forum
-
Hi
I want to password protect access to my forum - so a prompt for creds in advance of even seeing the forum. I have added this feature in NGINX, and it does what I expect in terms of prompting before access. My problem is, that when I add this, I get caught in a loop with the following message continously displayed:"It looks like your login session is no longer active. Please refresh this page."
I am then unable to login, or even read the forum without this message appearing.
What can I do about this? Is there another way to protect access?
Thanks in advance
M -
Share your nginx config please
-
@mattdjuk This might be a cleaner way
Force User Login
Hide content from non-logged in users and redirect them to the login page. Log into your forum as an Admin Open the Admin Control Panel, you can do this via the gears icon or by appending "/admin" to your forum URL Open the "Appearance > Custom Content (...
-
@phenomlab wowwww, it is new??? Very nice
-
@Normando Dunno - I stumbled across it a while back looking for something else
-
@phenomlab one could argue that there is nothing cleaner than basic auth from a web server
-
@julian true, yes, but cleaner in my view at application level
-
@julian said in Password protect access to forum:
@phenomlab one could argue that there is nothing cleaner than basic auth from a web server
@phenomlab said in Password protect access to forum:
@julian true, yes, but cleaner in my view at application level
Certainly both can be argued as true. My understanding of security best practices is generally speaking to block the bad stuff as far upstream as operationally feasible. Hence, if asked, I would recommend enforcing at the web sever level.
Additionally, in keeping with best practices, had I cause to be extra paranoid and/or protecting some "higher" value asset, I would recommend also enforcing/checking the policy once again at the app level. Layered onions, and all that.
So, like many things, not a simple either/or. Unless you want it to be? Seeing the simplicity in the complex is also desirable trait cuz your security posture also needs to be maintainable. For you and your resource commitment levels, eh?
Have a groovy day.
Suggested Topics
-
Unsolved Moving the forum to another server
Technical Support • • Andi
Copyright Β© 2022 NodeBB | Contributors
