Am I the Only Woman in This Sea of Men?

Hey guys, you’re absolutely slaying it in the IT world, and I mean that in the best way. Y’all rock this industry like it was literally built for you. Massive props for all the innovation, the clever scripts, and let’s face it, the crazy work hours you pull off.

But ladies…where are you? Seriously, I know I’m not the only one out here wielding command-line magic and troubleshooting chaos. Let me break the ice and share a bit about my journey:

I stumbled into IT back in the mid-90s when DOS was my best friend and Windows 95 was just too dang expensive for teenage me. So, I tried Linux, and let me tell you, it was love at first boot. Sure, I flirted with OS/2 Warp for a hot second, but Linux won me over, and we’ve been inseparable ever since.

Fast forward a few decades (yes, decades, let’s not talk about my age too much), and here I am: a Linux system administrator with over 300 certifications under my belt. From hardware to cybersecurity, diagnostics, and repair, I’ve dabbled in it all. If there’s a system to secure or a server to fix, I’m your girl.

But that’s not all, life isn’t just about terminal windows and kernel panics. I’m also a mom to an amazing daughter with special needs who teaches me patience and joy daily. And when I’m not juggling family life or tweaking servers, you can find me riding motorcycles, traveling, and chasing new adventures.

Oh, and because I can’t resist a good project, I’m currently building AI tools for sysadmins and crafting cool NodeBB themes. (Shameless plug for Ecliptica and Lumina, my themes inspired by solar flares and futuristic vibes. )

So, enough about me, what’s your story? How did you get here, what’s your role in tech, and what keeps you motivated? Ladies, I want to hear from you. Let’s show the world that this “sea of men” is a lot more diverse than it seems.

Let’s lift each other up, share our stories, and show the world that tech isn’t just for the boys.

---

Codename: Jessica

Linux Enthusiast | Adventurer | A Unicorn!
My Site | Join the Forum

You can also see it at my site as well. https://discussions.codenamejessica.com (No this is not a selfless little plug), It's a BIG ONE!

---

Codename: Jessica

Linux Enthusiast | Adventurer | Smart Ass
My Site | Join the Forum

add the !important like this:

h3 {
    margin-bottom: 5px !important;
}
p {
    margin-bottom: 10px !important;
}

There you go! I will make a plea to the board

@baris Hey I actually did find something "out of scope" for the Peace Template. I have disabled allowing members and guests to change skins. Although the little paint brush is still there, and registered users are able to change the skin.

---

Codename: Jessica

Linux Enthusiast | Adventurer | Smart Ass
My Site | Join the Forum

I have been working on a fun little project that I am looking to add as a plugin for NodeBB. This is still early stages, and a lot of code is hard coded which will change as I test and build.

I like the metrics that is in the Admin section, but it leaves a lot to build upon. Here is my current screen shots:

Currently it is pulling from NodeBB's API to gather some information, such as the user information, etc. Which I will be building more metrics on that as well.

Once I get this complete, I am hoping to be able to add it to the Admin section of the board. If not, I will have to build it with some authentication.

Anyways, let me know. What are some things that would be great to capture.

---

Codename: Jessica

Linux Enthusiast | Adventurer | A Unicorn!
My Site | Join the Forum

This is NodeBB's password levels:

<select id="minimumPasswordStrength" class="form-select" data-field="minimumPasswordStrength">
<option value="0">0 - too guessable: risky password</option>
<option value="1">1 - very guessable</option>
<option value="2">2 - somewhat guessable</option>
<option value="3">3 - safely unguessable</option>
<option value="4">4 - very unguessable</option>
</select>

After spending several hours combing through documentation, API references, and various search results, I couldn’t find a straightforward way to access user data externally from discussions.codenamejessica.com when using my codenamejessica.com website. This led me down a rabbit hole of researching CORS policies, cookie documentation, and related topics—it was anything but enjoyable. Along the way, I managed to break my site at least a hundred times, an experience rivaled only by my frustrations with Azure at work. To save others from the same ordeal, I’ve created a concise guide to simplify this process.

This document provides a detailed guide to resolving CORS issues when using Nginx as a reverse proxy for NodeBB, ensuring proper handling of credentials (cookies) and cross-origin requests.

---

Prerequisites

1. Access to your Nginx server configuration: Ensure you can edit the Nginx configuration files.
2. NodeBB installed and running: NodeBB should be accessible locally at http://127.0.0.1:4567.
3. SSL Certificate: Ensure your server uses HTTPS with a valid SSL certificate (e.g., managed by Certbot).

---

Problem Overview

The issue occurs because:

• The Access-Control-Allow-Credentials header is missing or improperly set.
• Cross-origin resource sharing (CORS) policies block requests when credentials (cookies) are included.
• The OPTIONS preflight request is not properly handled.

---

Steps to Fix

Step 1: Edit the Nginx Configuration

Locate your Nginx configuration file for **domain or subdomain NodeBB points too**. This is typically located in /etc/nginx/sites-available or /etc/nginx/conf.d.

Edit the file to include the following configuration:

server {
    listen 80;
    server_name forum.example.com;

    # Global CORS Headers
    add_header Access-Control-Allow-Origin https://example.com always;
    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
    add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
    add_header Access-Control-Allow-Credentials true always;

    location / {
        # Handle OPTIONS preflight requests
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin https://example.com always;
            add_header Access-Control-Allow-Credentials true always;
            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
            add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
            return 204; # No Content
        }

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /assets/uploads/ {
        add_header Cross-Origin-Resource-Policy cross-origin always;
        add_header Access-Control-Allow-Origin "https://example.com" always;
        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
        add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
    }

    location ~ ^/api/(categories|topic|posts|users|login|groups|admin|email|flags|notifications|search|tags|post|outgoing)$ {
        # Add CORS headers
        add_header Access-Control-Allow-Origin https://example.com always;
        add_header Access-Control-Allow-Credentials true always;
        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
        add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;

        # Handle OPTIONS preflight requests
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin https://example.com always;
            add_header Access-Control-Allow-Credentials true always;
            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
            add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
            return 204; # No Content
        }

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:4567;
    }

    # HTTPS Configuration
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

# Redirect HTTP to HTTPS
server {
    if ($host = forum.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name forum.example.com;
    return 404; # managed by Certbot
}

---

Step 2: Restart Nginx

Save the changes and restart Nginx to apply the new configuration:

sudo systemctl restart nginx

---

Step 3: Clear Browser Cache

Clear your browser cache and cookies to ensure no stale configurations interfere with testing.

---

Step 4: Test the Configuration

1. Open Browser Developer Tools:

   • Go to the Network Tab.
   • Trigger a cross-origin request (e.g., from https://example.com to https://forum.example.com).

2. Inspect the Request and Response Headers:

   • Ensure the following headers are present in the response:
     • Access-Control-Allow-Origin: https://example.com
     • Access-Control-Allow-Credentials: true
     • Access-Control-Allow-Methods: GET, POST, OPTIONS
     • Access-Control-Allow-Headers: Authorization, Content-Type

3. Verify Preflight (OPTIONS************) Requests:

   • Confirm that the OPTIONS requests return a 204 No Content response with the correct CORS headers.

4. Test API Calls:

   • Use an API client like curl to verify the headers:

     curl -X OPTIONS https://forum.example.com/api/users/ \
     -H "Origin: https://example.com" \
     -H "Access-Control-Request-Method: GET" \
     -H "Access-Control-Request-Headers: Authorization, Content-Type" -v
     

---

Step 5: Debugging

If the issue persists:

1. Check Nginx Logs:

   sudo tail -f /var/log/nginx/error.log
   

2. Verify the Backend (NodeBB):

   • Ensure NodeBB is not overriding or omitting the required headers.

3. Repeat Testing:

   • Retest using both browser tools and curl.

---

This configuration should resolve the CORS issue and allow cross-origin requests with credentials. If further issues arise, revisit the headers and proxy configuration for adjustments.

Changing Cookie Settings in NodeBB

To ensure cookies work correctly across domains (e.g., example.com and forum.example.com), configure the following settings in NodeBB:

1. Edit the config.json file in the NodeBB root directory:

   Add or modify the cookieDomain and cookie properties as follows:

   {
       "cookieDomain": ".example.com",
       "cookie": {
           "sameSite": "None",
           "secure": true
       }
   }
   

   • cookieDomain: Ensures cookies are shared across the main domain and subdomains.
   • sameSite: Set to None to allow cross-origin requests with credentials.
   • secure: Set to true to ensure cookies are only sent over HTTPS.

2. Restart NodeBB:

   Apply the changes by restarting NodeBB:

   ./nodebb restart
   

3. Verify Cookies:

   Use your browser's developer tools to check that the cookies are:

   • Accessible on both example.com and forum.example.com.
   • Marked with the correct domain, Secure, and SameSite attributes.

With these changes, cookies should work seamlessly across your domains, ensuring proper authentication and session handling for cross-origin requests.

Additional Steps: Configuring Cookies in the NodeBB Admin Control Panel

In addition to editing the config.json file, update the cookie settings in the NodeBB Admin Control Panel:

1. Access the Admin Control Panel:

   • Navigate to Admin -> Settings -> Cookies.

2. Set the Cookie Domain:

   • Add .example.com as the cookie domain.

3. Save Changes:

   • Ensure you click "Save" to apply the changes.

4. Restart NodeBB:

   • Restart NodeBB to ensure all settings take effect:

     ./nodebb restart
     

This ensures that cookies are properly configured for cross-origin requests and shared between the primary domain and subdomains.

---

Codename: Jessica

Linux Enthusiast | Adventurer | Smart Ass
My Site | Join the Forum

@baris Thank you, yeah I already did that, fork will make the modification once I move the main site's header over and put it in its breadcrumb area. Anyways, I really appreciate how quickly you respond, and will continue to do my addons over time.

Try now, if it doesn't work. Then log out and log in, it should work then