Run two NodeBB forums in parallel on same server
-
I tried to run two NodeBB forums in parallel. And apparently they interfere with each other regarding CSRF tokens and SID.
I setup two independ copies of NodeBB /opt/nodebb/tf1 (port 4567) and /opt/nodebb/tf2 (port 4568). Both are proxied through an Apache 2.4 server. The config file of the server looks like:
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ProxyRequests off <Proxy *> Order deny,allow Allow from all </Proxy> RewriteEngine On RewriteCond %{REQUEST_URI} ^/tf1/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] RewriteRule /tf1/(.*) ws://localhost:4567/tf1/$1 [P,L] ProxyPass /tf1/ http://localhost:4567/tf1/ ProxyPassReverse /tf1/ http://localhost:4567/tf1/ RewriteCond %{REQUEST_URI} ^/tf2/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] RewriteRule /tf2/(.*) ws://localhost:4568/tf2/$1 [P,L] ProxyPass /tf2/ http://localhost:4568/tf2/ ProxyPassReverse /tf2/ http://localhost:4568/tf2/ </VirtualHost>Looking at the cookies I have, it seems to me that the express.sid cookie might be the culprit. Its path is set to / instead to either /tf1/ or /tf2/.
-
Definitely were the cookies. Digged in the code and found the problem in src/middleware/index.js. Created a pull request that fixes this problem:
https://github.com/NodeBB/NodeBB/pull/4663 -
@Dravere I tried this but it didn't seem to resolve the problem for me. I don't have the sites in sub-folders - I'm using different ports instead i.e 4567 and 4566
I added the code here:
Made the session cookie aware of the possible relative path by Dravere · Pull Request #4663 · NodeBB/NodeBB
When you run two NodeBB forums on the same host but in different subfolders (e.g. http://example.com/tf1/ and http://example.com/tf2/) the session cookies will interfer with each other, because their path is set to '/'. This small change sets the path of the session cookies to the relative path if the relative path is set. The cookies for the socket.io have their path already set correctly. So no change is necessary there.
GitHub (github.com)
