Login Unsuccessful After Domain Change

ww9rivers

I have been testing NodeBB successfully for a while. Now I want to change its domain name -- I cannot get it to log me in using the new domain.

NodeBB is running behind a Nginx proxy, I believe that I have change all the configurations to refer to the new domain name.

The old domain is bbs.domain1.com. The new domain is domain2.org.

[EDIT]:
When trying to log into the new domain, I get "Login Unsuccessful / We were unable to log you in, likely due to an expired session. Please try again".

On the backend in the NodeBB log, I get this:

2023-09-11T06:10:16.139Z [4567/191235] - error: POST /login
invalid csrf token

The funny thing is, however, I can still log in using the old domain, even after I removed it from the Nginx proxy config, as both domain names resolve to the same server for now.

I tried to remove all session info from the database, restarted NodeBB, etc. all to no avail.
[/EDIT]

Here is the Nginx proxy config:

server {
        server_name     domain2.org;

        # SSL configuration
        #
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/bbs.domain1.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/bbs.domain1.com/privkey.pem; # managed by Certbot


        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-NginX-Proxy true;
                proxy_set_header Host $http_host:$server_port;
                proxy_pass http://127.0.0.1:4567;
                proxy_cookie_domain domain2.org $host;
                proxy_ssl_session_reuse on;
                proxy_cache_bypass $http_upgrade;
                proxy_redirect off;
                # Socket.IO Support
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

The config.json file for NodeBB is:

{
    "url": "https://domain2.org",
    "secret": "###################################",
    "database": "postgres",
    "postgres": {
        "host": "127.0.0.1",
        "port": "5432",
        "username": "nbbuser",
        "password": "############################",
        "database": "nodebb",
        "ssl": "false"
    },
    "bind_address": "127.0.0.1",
    "port": "4567"
}

Any pointers / thoughts / insights would be greatly appreciated!

ww9rivers

@phenomlab It seems that I may have it fixed.

As I could log in using the old domain, I took out the Session cookie domain setting in the admin section. Then log in using the new domain started to work. Actually, both domains work now.

Earlier I changed that value from the old domain name to the new domain. But that didn't work. Then I saw a tip under the setting box that reads "Leave blank for default". So I made it blank. I assume that the default is the host name in the HTTP request?

I want to think you for your writing. That lead me to the right direction.

phenomlab

What happens when you try to login? You can try this

https://sudonix.org/topic/249/invalid-csrf-on-dev-install

ww9rivers

@phenomlab Silly me! I was distracted...I edited the post with login errors added. Invalid CSRF is indeed what I got. I'll go read the details you provided. Thank you!

ww9rivers

@phenomlab It seems that I may have it fixed.

As I could log in using the old domain, I took out the Session cookie domain setting in the admin section. Then log in using the new domain started to work. Actually, both domains work now.

Earlier I changed that value from the old domain name to the new domain. But that didn't work. Then I saw a tip under the setting box that reads "Leave blank for default". So I made it blank. I assume that the default is the host name in the HTTP request?

I want to think you for your writing. That lead me to the right direction.