• I get error:

    Session Mismatch
    It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.
    

    When I click [OK] it appears again (infinitely).

    My server config is:

    upstream io_nodes {
    ip_hash;
    server 127.0.0.1:4567;
    server 127.0.0.1:4568;
    server 127.0.0.1:4569;
    }
    
    server {
    server_name example.com;
    listen 192.168.100.42;
    listen 192.168.100.42:443 ssl;
    listen [::];
    listen [::]:443 ssl;
    ssl_certificate /home/userhomedir/ssl.cert;
    ssl_certificate_key /home/userhomedir/ssl.key;
    root /home/userhomedir/public_html;
    index index.html index.htm index.php;
    access_log /var/log/virtualmin/example.com_access_log;
    error_log /var/log/virtualmin/example.com_error_log;
    
    if ($scheme = http) {
    return 301 https://$server_name$request_uri;
    }
    
    #  if ($host ~ ^www\.) {
    #     return 301 https://example.com$request_uri;
    #  }
    
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    
    # https://github.com/NodeBB/NodeBB/issues/4734
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Socket.io Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    
    
    gzip            on;
    gzip_min_length 1000;
    gzip_proxied    off;
    gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;
    
    location @nodebb {
    proxy_pass http://io_nodes;
    }
    
    location ~ ^/(images|language|sounds|templates|uploads|vendor|src\/modules|nodebb\.min\.js|stylesheet\.css|admin\.css) {
    root /home/usernodebb/nodebb/public;
    try_files $uri $uri/ @nodebb;
    }
    
    location / {
    proxy_pass http://io_nodes;       
    }    
    
    } # end of server example.com
    
    
    server {
    server_name live.example.com;
    listen 192.168.100.42:443 ssl;
    listen [::]:443 ssl;
    ssl_certificate /home/userhomedir/ssl.cert;
    ssl_certificate_key /home/userhomedir/ssl.key;
    access_log /var/log/virtualmin/live.example.com_access_log;
    error_log /var/log/virtualmin/live.example.com_error_log;
    
    location / {
    
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    
    # https://github.com/NodeBB/NodeBB/issues/4734
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Socket.io Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    
    gzip            on;
    gzip_min_length 1000;
    gzip_proxied    off;
    gzip_types      text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json;
    
    proxy_pass http://io_nodes;
    
    } # end of location block
    
    } # end of server live.example.com
    

    My config.json is:

    {
        "url": "https://example.com",
        "port": [4567,4568,4569],
        "bind_address": "127.0.0.1",
        "secret": "<hehehe>",
        "database": "mongo",
        "socket.io": {
            "transports": ["websocket", "polling"],
            "address": "live.example.com"
        },
        "mongo": {
            "host": "127.0.0.1",
            "port": "27017",
            "username": "nodebb",
            "password": "<hehehe>",
            "database": "nodebb"
        },
        "redis": {
            "host":"127.0.0.1",
            "port":"6379",
            "password":"<hehehe>",
            "database": 0
        }
    }
    

    It is not working the same way also if I change

        "socket.io": {
            "transports": ["websocket", "polling"],
            "address": "live.example.com"
        },
    

    to

        "socket.io": {
            "transports": ["websocket", "polling"],
            "address": "https://live.example.com"
        },
    

    I tried first to visit https://live.example.com first and then https://example.com. This way I don't see the error message. However, when I delete all of the browser cookies and visit https://example.com directly - it shows the same error.

    When I visit https://live.example.com/ it did not show the error message, however I don't want visitors to use the subdomain to access the website (because this way caching of images by CloudFlare/Incapsula will not work).

    Tried to downgrade socket.io - no effect.

    Reported here: https://github.com/NodeBB/NodeBB/issues/5430


  • I made it to work.

    I tried to post more details here, but I got error:

    Error
    
    Post content was flagged as spam by Akismet.com
    

    Here is my original post: http://pastebin.com/5s9jUe6N

    Also, Pastebin gave me similar error and I needed to solve a captcha...

  • GNU/Linux Admin

    @vstoykov Hm, that is quite interesting, so you need to manually set cookieDomain to .example.com with the leading period for it to work? I was always under the impression that it was optional...


  • Fyi I simply replaced

    proxy_set_header X-Forwarded-Proto $scheme;
    

    by

    proxy_set_header X-Forwarded-Proto https;
    

    in my Nginx config, to make my NodeBB work with CloudFlare, since I am using their automatic SSL certificate (my server receives HTTP requests then, not HTTPS).

    Hope this helps 🙂


  • So based on what I'm reading and after trying every combination of settings I can find, it seems like not using cloudflare ( at least the free plan). But given that there are people that will DDoS a site "just cause" is there a way to force the downgrade ?

    I'd like to add that even after disabling cloudflare I still seem to be having socket io issues.

    "GET /socket.io/?EIO=3&transport=polling&t=LlpXxXp HTTP/1.1" 400 23


  • @wolfman2g1 honestly CloudFlare is pretty senseless regarding DDoS protection. With a proper host the chance of a DDoS is close to 0. I am running a top 100K Alexa site without CloudFlare protection (just DNS for faster resolving) and never ran into any issues in the past 4 years.


  • @AOKP
    I think I'm fine with not using cloudflare. At the moment I'm just trying to get the site stable. I'm still getting disconnects even without using Cloudflare.

  • Swedes

    Seams to work great with cloudflare for me 🙂 I like the ssl support and DNS gui. But i guess I would not die without it 😛


  • @Jenkler Are you using ssl between your server and cloud flare?

  • Swedes

    Yes I do 😉 check out nodebb.se for usecase! Plz notify me if something seams broken! I am using Cloudflares own certs.


  • @Jenkler looks great man. I'm still trying to understand why I'm getting 400 errors for socket io.

  • Swedes

    I guess you have som configuration issues in nginx!

    Here is my config! Maybe this will help you 😉

    Server block

            server
            {
                    listen 443 ssl;
                    location @nodebb
                    {
                            proxy_pass http://www-nodebb-se:4567;
                    }
                    location ~ ^\/assets\/(.*)
                    {
                            root /server/nodejs/nodebb.se/www/;
                            try_files /build/public/$1 /public/$1 @nodebb;
                    }
                    location /plugins/
                    {
                            root /server/nodejs/nodebb.se/www/build/public/;
                            try_files $uri @nodebb;
                    }
                    location /
                    {
                            proxy_pass http://www-nodebb-se:4567;
                    }
                    proxy_http_version 1.1;
                    proxy_redirect off;
                    proxy_set_header Connection "upgrade";
                    proxy_set_header Host $http_host;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_set_header X-Real-IP $remote_addr;
    
                    server_name nodebb.se www.nodebb.se;
                    ssl_certificate /server/nginx/ssl/nodebb.se.crt;
                    ssl_certificate_key /server/nginx/ssl/nodebb.se.key;
    
                    if ($host != 'www.nodebb.se')
                    {
                            rewrite ^/(.*)$ https://www.nodebb.se/$1 permanent;
                    }
            }
    
    

    Global block

          ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
            ssl_prefer_server_ciphers on;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
    

    BTW, if someone know any tweeks please advice 😛 And plz explain why!

Suggested Topics

| |