RE: v1.6.0 Suspected Nginx Problem

Browser fails to display pages when I follow a link.

Sounds like a Socket.IO misconfiguration.

My nginx configuration is from the docs with SSL.

I also had problems when I followed the docs. What I had to do was appending a definition the end of my config.json file:

{
    "url": "https://mydomain.tld",
    "secret": "uuid4 string",
    [...]
    "socket.io": {
        "origins": "http://mydomain.tld:* https://mydomain.tld:*"
    }
}

That one tells to accept connections coming from that domain.

If the problem persists, I also did some customizing my NGINX config:

• /etc/nginx/sites-available/mydomain-tld-http.conf

# redirect everything to HTTPS
server {
       listen 80;
       listen [::]:80;

       server_name mydomain.tld *.mydomain.tld;

       include /etc/nginx/snippets/acme.conf;

       return 301 https://mydomain.tld$request_uri;
}

# remove all subdomains from HTTPS
server {
       listen 443 ssl http2;
       listen [::]:443 ssl http2;

       server_name *.mydomain.tld;

       include /etc/nginx/snippets/tlsgzip.conf;

       return 301 https://mydomain.tld$request_uri;
}

# HTTPS forum
server {
       listen 443 ssl http2;
       listen [::]:443 ssl http2;

       server_name mydomain.tld;

       root /var/www/html; #just a fallback

       location / {
               proxy_set_header X-Real-IP $remote_addr;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header X-Forwarded-Proto $scheme;
               proxy_set_header Host $http_host;
               proxy_set_header X-NginX-Proxy true;

               proxy_pass http://127.0.0.1:4567;
               proxy_redirect off;

               # Socket.IO Support
               proxy_http_version 1.1;
               proxy_set_header Upgrade $http_upgrade;
               proxy_set_header Connection "upgrade";
       }
       include /etc/nginx/snippets/tlsgzip.conf;
}

As seen, there are some includes:

• /etc/nginx/snippets/acme.conf

location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root         /var/www/html;
}
location = /.well-known/acme-challenge/ {
        return 404;
}

This is just a snippet that makes EFF's CertBot configuration simpler.

• /etc/nginx/snippets/tlsgzip.conf

ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.tld/privkey.pem;

ssl_protocols TLSv1.2 TLSv1.1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!DES-CBC3-SHA:!aNULL:!eNULL:!ADH:!EXP:!LOW:!DES:!MD5:!PSK:!SRP:!DSS:!RC4:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-CAMELLIA128-SHA;

ssl_session_cache shared:TLS:2m;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844];

gzip on;
gzip_comp_level 9;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

This snippet just adds TLS certificates and enables GZIP at maximum compression.

About the SSL cyphers, that's a huge list I copied from an old tutorial and updated myself in order to keep an A+ grade at SSL Labs.

Nodebb is running on Ubuntu 14.04

I'm running it on a Ubuntu 16.04 VPS.

SSOs are nice, but some users abandon or even deletes an account (let me say: Facebook account) to create a fresh one.

The problem is that they can't disassociate from the old account to then reassociate into the new account by themselves, neither the admin can do such thing if not by deleting the database record via database shell.

Is there somewhere I am missing in version 1.6.0 that can do what I want? If not, please move this to feature requests, as deleteUserData is already implemented on SSOs and it would be an additional button in the <Git root>/build/public/templates/account/edit.tpl template that reuses the same permission checking as for creating associations.

My problem

Users wanted to be able to create their own groups; with a single toggle in the admin dashboard, the problem got temporarily solved.

Then users wanted that each group had its own discussion space, a private category to host their topics that are in the grey zone between out of the general interest and out of the scope of the community. This plugin has been written for this scenario.

What this plugin does

For each group, a category is created and kept synced. The categories will share the same name, description, icon, background colour and background image, where the presence of an icon discards the background image. Deleting a group disables its associated category. The permissions of each category also are automatically managed.

Installation

npm install nodebb-plugin-groups-autoassigncategory

Nothing to disassociate inside "Edit":

...or "Settings":

I've got the same problem a while ago. Deactivating the broken plug-ins isn't enough: you have to uninstall (npm un <package-name>) the right one from your installation.

They usually show up in the logs from template building (node nodebb build) as errors or warns and in the dev console (node nodebb dev) as errors.

Good luck!

My problem

Users wanted to be able to create their own groups; with a single toggle in the admin dashboard, the problem got temporarily solved.

Then users wanted that each group had its own discussion space, a private category to host their topics that are in the grey zone between out of the general interest and out of the scope of the community. This plugin has been written for this scenario.

What this plugin does

For each group, a category is created and kept synced. The categories will share the same name, description, icon, background colour and background image, where the presence of an icon discards the background image. Deleting a group disables its associated category. The permissions of each category also are automatically managed.

Installation

npm install nodebb-plugin-groups-autoassigncategory

@unterm said in v1.6.0 Suspected Nginx Problem:

If I bypass Nginx and access port 4567 directly in the browser, the forum displays correctly. This leads me to believe the problem is todo with Nginx.

I simply skipped this. Sorry.

Try adding the NGINX's stable PPA and then upgrading the packages from your system:

NGINX Stable : “Nginx” team

As a last random shot, the tutorial instructs you installing the 6.x version of NodeJS, but I ignored that and installed the 8.x one.

curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
sudo apt-get install -y nodejs

Installing Node.js via package manager

(I did the same thing for MongoDB (installing the latest version, ignoring the installing instructions), but as the database is working for you, I wouldn't touch it for now)

Nothing to disassociate inside "Edit":

...or "Settings":

Sorry if I am an awful searcher, but I failed to find such mentioned disassociation option under "Settings", "Edit", "Account Info" and "Profile" in both this instance and in my installation (v1.6.0). Could you be more detailed on where I should have been looking at?

SSOs are nice, but some users abandon or even deletes an account (let me say: Facebook account) to create a fresh one.

The problem is that they can't disassociate from the old account to then reassociate into the new account by themselves, neither the admin can do such thing if not by deleting the database record via database shell.

Is there somewhere I am missing in version 1.6.0 that can do what I want? If not, please move this to feature requests, as deleteUserData is already implemented on SSOs and it would be an additional button in the <Git root>/build/public/templates/account/edit.tpl template that reuses the same permission checking as for creating associations.

Browser fails to display pages when I follow a link.

Sounds like a Socket.IO misconfiguration.

My nginx configuration is from the docs with SSL.

I also had problems when I followed the docs. What I had to do was appending a definition the end of my config.json file:

{
    "url": "https://mydomain.tld",
    "secret": "uuid4 string",
    [...]
    "socket.io": {
        "origins": "http://mydomain.tld:* https://mydomain.tld:*"
    }
}

That one tells to accept connections coming from that domain.

If the problem persists, I also did some customizing my NGINX config:

• /etc/nginx/sites-available/mydomain-tld-http.conf

# redirect everything to HTTPS
server {
       listen 80;
       listen [::]:80;

       server_name mydomain.tld *.mydomain.tld;

       include /etc/nginx/snippets/acme.conf;

       return 301 https://mydomain.tld$request_uri;
}

# remove all subdomains from HTTPS
server {
       listen 443 ssl http2;
       listen [::]:443 ssl http2;

       server_name *.mydomain.tld;

       include /etc/nginx/snippets/tlsgzip.conf;

       return 301 https://mydomain.tld$request_uri;
}

# HTTPS forum
server {
       listen 443 ssl http2;
       listen [::]:443 ssl http2;

       server_name mydomain.tld;

       root /var/www/html; #just a fallback

       location / {
               proxy_set_header X-Real-IP $remote_addr;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header X-Forwarded-Proto $scheme;
               proxy_set_header Host $http_host;
               proxy_set_header X-NginX-Proxy true;

               proxy_pass http://127.0.0.1:4567;
               proxy_redirect off;

               # Socket.IO Support
               proxy_http_version 1.1;
               proxy_set_header Upgrade $http_upgrade;
               proxy_set_header Connection "upgrade";
       }
       include /etc/nginx/snippets/tlsgzip.conf;
}

As seen, there are some includes:

• /etc/nginx/snippets/acme.conf

location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root         /var/www/html;
}
location = /.well-known/acme-challenge/ {
        return 404;
}

This is just a snippet that makes EFF's CertBot configuration simpler.

• /etc/nginx/snippets/tlsgzip.conf

ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.tld/privkey.pem;

ssl_protocols TLSv1.2 TLSv1.1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!DES-CBC3-SHA:!aNULL:!eNULL:!ADH:!EXP:!LOW:!DES:!MD5:!PSK:!SRP:!DSS:!RC4:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-CAMELLIA128-SHA;

ssl_session_cache shared:TLS:2m;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844];

gzip on;
gzip_comp_level 9;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

This snippet just adds TLS certificates and enables GZIP at maximum compression.

About the SSL cyphers, that's a huge list I copied from an old tutorial and updated myself in order to keep an A+ grade at SSL Labs.

Nodebb is running on Ubuntu 14.04

I'm running it on a Ubuntu 16.04 VPS.