Hello,
I wish know if there is some nodebb-plugin-sso-auth0 user, to know if this plugin works.
I restart, rebuild several time, but i have nothing in the GUI menu.
Thanks
Hello,
I wish know if there is some nodebb-plugin-sso-auth0 user, to know if this plugin works.
I restart, rebuild several time, but i have nothing in the GUI menu.
Thanks
Hello,
I'm working on a SSO integration from a django SSO.
In my django project i add 'oauth2_provider'
And i get this :
On the nodebb side, I started from the plugin
https://github.com/julianlam/nodebb-plugin-sso-oauth
Which I modified as a result:
The config.json file
"oauth": {
"id": "rs2yEx7aqrj7ZIgVRC9IFL7p0DyIjQwWPST4BqVW",
"secret": "6A678EDFqAYtl0sALS5rqk2mfhlBQi0HIgoGH5mPaeIpnZGni8BdOFiv"
},
and in the library.js) i change this lignes
var constants = Object.freeze({
type: 'oauth2', // Either 'oauth' or 'oauth2'
name: 'nodebb_django', // Something unique to your OAuth provider in lowercase, like "github", or "nodebb"
oauth: {
requestTokenURL: '',
accessTokenURL: '',
userAuthorizationURL: '',
consumerKey: nconf.get('oauth:key'), // don't change this line
consumerSecret: nconf.get('oauth:secret'), // don't change this line
},
oauth2: {
authorizationURL: 'https://beta.esprit-bourse.com/oauth/authorize',
tokenURL: 'https://beta.esprit-bourse.com/oauth/token',
clientID: nconf.get('oauth:id'), // don't change this line
clientSecret: nconf.get('oauth:secret'), // don't change this line
},
userRoute: '' // This is the address to your app's "user profile" API endpoint (expects JSON)
}),
I've never programmed in JS nodes, so I don't really know what to do, and I don't understand all the code.
I may have to change the information as indicated. Update profile information (around line 137 of library. js). But there is no user account to use the Oauth system
After a git clone, i can't enable the plugin so i think there is something else to change.
if someone can help me I will document everything for the link Oauth django/nodeBB. Otherwise, I'll keep the site and forum separate.
It's finaly works, when i tried again, but i didn't touch anything !
Maybe a facebook delay ?
thanks
Sorry guys,
I have a bug with facebook integration, I don't understand what i miss with this plugin, the google auth was done in 30 minutes
I have the flowing error
Blocked URL: The forwarding failed because the redirected URI is not approved in the OAuth Client settings of the application.
url in config.json :
"url": "https://betaforum.esprit-bourse.com",
Any idear ?
Thanks
Changing password does not work with reverse proxy
Hello, hello.
I have a reverse proxy (nginx) in front of me
I have done several tests, there doesn't seem to be any problem, except to change the password.
Do you have an idea?
I would like to point out that this works with direct access (without reverse proxy)
I work with alpinelinux
My setup on the reverse proxy (front) :
server {
listen 80;
listen [::]:80;
server_name forum.mydomaine.com;
root /var/www/localhost/htdocs;
#path to certobot validation
location /.well-known/acme-challenge {
root /var/www/localhost/htdocs/certbot_validation/;
}
rewrite ^ https://$server_name$request_uri? permanent;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/htdocs;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2 ;
server_name forum.mydomaine.com;
ssl on;
ssl_protocols TLSv1.2;
#Certificat
ssl_certificate /etc/letsencrypt/live/forum.mydomaine.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forum.mydomaine.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/forum.mydomaine.com/chain.pem;
#Diffie-Hellman
#ssl_dhparam /etc/ssl/private/dh4096.pem;
ssl_ecdh_curve secp384r1;
#Ciphers
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
ssl_prefer_server_ciphers on;
#Paramètres TLS
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
#OCSP Stapling
resolver 89.234.141.66 valid=300s;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
#file transfert /nextcloud options
client_max_body_size 3012M;
#HSTS
#add_header Strict-Transport-Security "max-age=31536000;";
#path to certobot validation
location /.well-known/acme-challenge {
root /var/www/localhost/htdocs/certbot_validation/;
}
#normal redirection
location / {
proxy_pass https://192.168.0.198/;
}
}
on the nodebb serveur it's the default configuration
forum:~/nodebb# cat /etc/nginx/conf.d/nodebb.conf
# redirects http requests to https
server {
listen 80;
server_name forum.mydomaine.com;
return 302 https://$server_name$request_uri;
}
# the https server
server {
# listen on ssl, deliver with speedy if possible
listen 443 ssl spdy;
server_name forum.mydomaine.com;
# change these paths!
ssl_certificate /etc/ssl/private/auto.certificat.pem;
ssl_certificate_key /etc/ssl/private/auto.certificat.pem;
# enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
There's still the problem.
I just do
./nodebb stop
./nodebb start
And I have got the probleme again
It had to be just at one moment, as I played with the configuration in all directions.
The url from config.json don't have to be the same as nginx proxy_pass
{
url": "https://forum.mydomaine.com",
"secret": "redacted",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "nodebb_passwod",
"database": "nodebb"
}
Sorry it's look good now, maybe a certificate error ...
Hello everybody
I have the following error
"connection to nodebb has been lost attempting to reconnect"
I think it's just a small problem but I can't find where I missed the nginx configuration.
I have a reverse-proxy on a virtual machine who redirect to the nodebb virtual machine.
server {
listen 80;
listen [::]:80;
server_name forum.mydomaine.com;
root /var/www/localhost/htdocs;
#path to certobot validation
location /.well-known/acme-challenge {
root /var/www/localhost/htdocs/certbot_validation/;
}
rewrite ^ https://$server_name$request_uri? permanent;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/htdocs;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2 ;
server_name forum.mydomaine.com;
ssl on;
ssl_protocols TLSv1.2;
#Certificat
ssl_certificate /etc/letsencrypt/live/forum.mydomaine.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forum.mydomaine.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/forum.mydomaine.com/chain.pem;
#Diffie-Hellman
#ssl_dhparam /etc/ssl/private/dh4096.pem;
ssl_ecdh_curve secp384r1;
#Ciphers
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
ssl_prefer_server_ciphers on;
#Paramètres TLS
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
#OCSP Stapling
resolver 89.234.141.66 valid=300s;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
#file transfert /nextcloud options
client_max_body_size 3012M;
#HSTS
#add_header Strict-Transport-Security "max-age=31536000;";
#path to certobot validation
location /.well-known/acme-challenge {
root /var/www/localhost/htdocs/certbot_validation/;
}
#normal redirection
location / {
proxy_pass https://192.168.0.198/;
}
}
on the nodebb VM
forum:~/nodebb# cat config.json
{
"url": "http://127.0.0.1:4567",
"secret": "1629663a-6847-46a6-8f45-b577e87896db",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "nodebb_passwod",
"database": "nodebb"
}
}
forum:~/nodebb# cat /etc/nginx/conf.d/nodebb.conf
# redirects http requests to https
server {
listen 80;
server_name forum.mydomaine.com;
return 302 https://$server_name$request_uri;
}
# the https server
server {
# listen on ssl, deliver with speedy if possible
listen 443 ssl spdy;
server_name forum.mydomaine.com;
# change these paths!
ssl_certificate /etc/ssl/private/auto.certificat.pem;
ssl_certificate_key /etc/ssl/private/auto.certificat.pem;
# enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# disables all weak ciphers
ssl_ciphers 'AES128+EECDH:AES128+EDH';
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}