• @julian I'm getting this error. The forums work for people who were logged in before I upgraded (went from 1.0.3 to 1.2.1) but no one who wasn't logged in can do so and no new users can register. And as far as I can tell, I can't even temporarily disable the CSRF token as a work-around, which is pretty frustrating.

    1. CONFIG.JSON URL value is correct, but involves a subdomain installation (/forums) and an HTTPS URL.

    2. COOKIEDOMAIN was already blank, but I ran the redis script to clear it anyway.

    3. This value was not present (because it was not in the original NGINX configuration document), but I added it and nothing changed. The NGINX config I use is given below. It's probably important to note that I use SSL for all incoming connections, and the URL value from my config.json includes https:// at the beginning. NGINX and NodeBB are run on the same server, so SSL is not used between them.

      location /forums {
              client_max_body_size 20M;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header Host $http_host;
              proxy_set_header X-NginX-Proxy true;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_redirect off;
              # Socket.IO Support
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "upgrade";
  • GNU/Linux Admin

    Not sure if you need /forums defined in both the location block and the proxy pass block...

  • @julian it was required to make this configuration work back in 1.0.x. Is there one or another of the two you would recommend removing? My only other option at this point seems to be to revert to the VM snapshot I made of 1.0.3, but that's going to mean losing about a week's worth of new posts, since I didn't notice this was broken after the upgrade.

  • Global Moderator Plugin & Theme Dev

    @Shaun can you post your config.json? Remove your passwords etc. Just want to make absolutely sure.

  • @PitaJ I will grab the whole thing for you, tomorrow, if I remember, but the "url" value is "https://www.example.com/forums" and I think that's the only value that should have an impact, here.

  • @PitaJ

        "url": "https://www.example.net/forums",
        "secret": "88888888-8888-8888-8888-888888888888",
        "database": "redis",
        "port": 4567,
        "redis": {
            "host": "",
            "port": "6379",
            "database": "0"

  • @julian Also ... the location block is because I serve the URL from /forums on the reverse proxy. It is included in the proxy pass because NodeBB is also configured to respond to /forums (so, accessing it by the IP and Port directly from my network also requires appending "/forums"). I found that it must be set that way for various resource paths (CSS and script files, I think) to get served correctly.

  • GNU/Linux Admin

    Sounds about right, but I recall vaguely that setting it in the proxy pass block means that NodeBB itself receives the request without /forum... sort of like nginx captures it and removes it from the url as it proxies it.

    Just something to think about, not sure if it applies here, but it would explain why the session mismatch is occurring.

    Perhaps back up the nginx config and play around with the various configurations until you hit upon one that works?

  • @julian said in Session Mismatch:

    sort of like nginx captures it and removes it from the url as it proxies it.

    That can't be the case, because NodeBB doesn't respond without the /forums. For example, if I put the IP and port into my address bar (, I get a connection refused error, but responds. Edit: This isn't to say that the sub-folder installation couldn't be the cause of the problem - just that NginX seems to be passing the URL correctly.

    I'm kind of wondering if this has something to do with SSL.

  • @julian
    Ok. Thanks.

Suggested Topics

| | |

© 2014 – 2022 NodeBB, Inc. — Made in Canada.