New install leaves me with session mismatch + invalid csrf
-
@julian @yariplus - yes, we are running behind a load balancer listening to https. Is that an issue?
-
@tin If your load balancer terminates SSL and proxies the connection to nginx (and NodeBB) as http, then nginx is telling NodeBB that the protocol is HTTP when it should be HTTPS.
proxy_set_header X-Forwarded-Proto $scheme;Change this to
httpsand try again?
-
@julian, that did the trick. Thank you so much!
-
I have never gotten this new install to work. It is extremely frustrating.
I have an older install, that is on 1.2 or 1.3, that I upgrade to 1.4.0 and it started having the same problems, so I reverted to the snapshot I had made of that VM prior to upgrading.
I am going to delete the new VM and start over one more time.
-
So I have the site working. I did not have this line in my Nginx config. My Nginx is on a different host, not the same one.
proxy_set_header X-Forwarded-Proto $scheme;But I have never had it and the previous existing sites have worked.
It also does not explain why I received the error on the existing install after an upgrade from 1.3.0 to 1.4.0
-
@JaredBusch That's a new requirement -- surprised we didn't catch that it was missing in your config earlier
-
@JaredBusch said in New install leaves me with session mismatch + invalid csrf:
proxy_set_header X-Forwarded-Proto $scheme;
server { listen 80; server_name www.docfindy.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567/; proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { listen 80; server_name docfindy.com; return 301 http://www.docfindy.com$request_uri; }I am using Mongo 3.2 and Nodebb 1.4.2, this is my nginx config file, session mismatch still present, plaase help.
@JaredBusch @julian
-
@Pramvir-Rathee here is my current Nginx config for the site.
server { client_max_body_size 40M; listen 443 ssl; server_name community.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.254.0.35:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name community.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent; }
