csrf-invalid when using cloudfront https

  • I'm trying to get my nodebb setup working with SSL using AWS's certificate manager. To do this I'm using AWS Cloudfront. Everything is working wonderfully up until I go to set my site URL in the config.json

    As soon as I change the url from http://forum.example.com to https://forum.example.com I get csrf-invalid errors when trying to login.

    here is my config.json:

        "url": "https://forum.example.com",
        "secret": "MYSECRET",
        "database": "redis",
        "redis": {
            "host": "aws.redis.url",
            "port": "6379",
            "password": "",
            "database": "0"

    Here is my nginx configuration:

    server {
        listen 80;
        server_name forum.example.com;
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://io_nodes;
            proxy_redirect off;
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    upstream io_nodes {

    As you can see I have proxy_set_header X-Forwarded-Proto $scheme; as suggested here https://blog.nodebb.org/nodebb-v1-1-0-release/

    What am I missing in my configuration to get this working?

  • Anyone have any advice?

  • Does it matter that your Nginx configuration only defines http (listen 80) and not https (443) yet in your config.json you are saying your forum url is "url": "https://forum.example.com", ?

  • @rod Cloudfront is requesting on port 80. Would do 443 but I don't have access to the raw ssl certificates because I'm using AWS's certificate manager for free wildcard certs.



Looks like your connection to NodeBB was lost, please wait while we try to reconnect.