csrf-invalid when using cloudfront https

killerham

I'm trying to get my nodebb setup working with SSL using AWS's certificate manager. To do this I'm using AWS Cloudfront. Everything is working wonderfully up until I go to set my site URL in the config.json

As soon as I change the url from http://forum.example.com to https://forum.example.com I get csrf-invalid errors when trying to login.

here is my config.json:

{
    "url": "https://forum.example.com",
    "secret": "MYSECRET",
    "database": "redis",
    "redis": {
        "host": "aws.redis.url",
        "port": "6379",
        "password": "",
        "database": "0"
    }
}

Here is my nginx configuration:

server {
    listen 80;
    server_name forum.example.com;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://io_nodes;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

upstream io_nodes {
    ip_hash;
    server 127.0.0.1:4567;
    server 127.0.0.1:4568;
}

As you can see I have proxy_set_header X-Forwarded-Proto $scheme; as suggested here https://blog.nodebb.org/nodebb-v1-1-0-release/

What am I missing in my configuration to get this working?

killerham

Anyone have any advice?

rod

Does it matter that your Nginx configuration only defines http (listen 80) and not https (443) yet in your config.json you are saying your forum url is "url": "https://forum.example.com", ?

killerham

@rod Cloudfront is requesting on port 80. Would do 443 but I don't have access to the raw ssl certificates because I'm using AWS's certificate manager for free wildcard certs.