Can't login, reset password or create new account due to 403 Forbidden error

poka · January 7, 2017, 12:02pm

Hi everyone!

I got a big problem on my discourse. Since a few days, nobody can login anymore, neither in authentication by email nor by social login (Facebook, Google, Twitter …)
That’s very strange cause everything was working since 1 year with no problems. Everything broked overnight for no reason.

This is what happend for differents case (sorry it’s french …):

For the email connection:

Just the message " Unknown error"

For the social login auth:

The message says: “Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?”

When I try to reset the password:

“403 Forbidden”

And when I want to create a new account:

“We can not detect if your account has been created, please verify that you have enabled cookies.”
Of course, the cookies are enabled.

Any ideas ?

Falco · January 7, 2017, 6:18pm

Please provide some info:

Forum URL
Are you using HTTPS?
Do you use a reverse proxy outside docker?

poka · January 7, 2017, 10:24pm

The URL is https://colibris41.citiz-network.org and use https.

I use a nginx in reverse proxy in an independant LXC container, cause it’s a virtualization server. The forum is in a KVM and I use another KVM and LXC for another forum and website.

Falco · January 8, 2017, 1:30am

Paste the location config of the reverse proxy with the header your are setting.

poka · January 8, 2017, 10:30am

This is the config enabled for my nginx…

server {
        listen  80;
        server_name     colibris41.citiz-network.org;
        listen 443 ssl;
        listen [::]:443 ssl;

        ssl_certificate /etc/letsencrypt/live/colibris41.citiz-network.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/colibris41.citiz-network.org/privkey.pem;

        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES12$
        ssl_prefer_server_ciphers on;

        add_header Strict-Transport-Security max-age=15768000;

        ssl_stapling on;
        ssl_stapling_verify on;

        ssl_trusted_certificate /etc/letsencrypt/live/colibris41.citiz-network.org/chain.pem;
        resolver 8.8.8.8 8.8.4.4 valid=86400;
        resolver_timeout 10;

        client_max_body_size 10M;

        location / {
                proxy_pass      http://10.0.2.110/;
                #proxy_pass      http://10.0.2.114/; #Redirection maintenance
       }
}

But I don’t why the problem could be there. That works fine for one year…

Falco · January 8, 2017, 4:42pm

You have a broken reverse proxy config:

Adding a reverse proxy increase the maintenance burden, so should be done only when necessary, and will occasionally break.

A simpler approach, with less maintenance, is using Caddy as a reverse proxy server.

Discourse is using secure cookies now, and they are more sensitive to a broken proxy.

poka · January 8, 2017, 11:43pm

Ok I just added this in my proxy.conf:

  proxy_set_header        X-Forwarded-Proto https;

Everything seems to work great now! I never thought the problem would come from there. Thank’s a lot!

Francois_Bacconnet · March 11, 2019, 8:54am

Bonjour,

I just installed Discourse version Bitnami v2.2.2 with auto-install on GCP (Google Cloud Platform).
After setting up https, I encounter the 403 issue.
I tried your solution, aka adding a line (proxy_set_header X-Forwarded-Proto https;) in proxy.conf
1/ I had a very hard time to find the file
2/ Found proxy-html.conf in /opt/bitnami/apache2/conf/extra
3/ added the line there, restarted apache and it did not work

I’m not sure it’s the right file
I’m not sure it is used
I’m not sure if that line is enough

Please, help!

zogstrip · March 11, 2019, 9:02am

Bonjour François,

I’m sorry but we don’t support Bitnami installs. You will have to ask their support.

Francois_Bacconnet · March 13, 2019, 9:29am

Salut @zogstrip

I get you. I did as requested a post to Bitnami support => 403 Forbidden on Logins - Discourse - Bitnami Community
I was given instructions very similar to those in this thread, but the same way, they both don’t work. I am stuck for tow days.
I am more and more willing to reset everything down. I chose the Bitnami solution on GCP because I never used VMs and I wanted to cut some hassle as I set this forum alone and am more of a front-end specialist.

So, do you think it is worth I start over with a non-Bitnami version you would support?
And if so, is it compatible with GCP? Are there step by step instructions to set it up?
I’m not very familiar with the CL but I can deal with it as I do for 30 years

I would really like to use Discourse to replace LUDGEF, my 75K members G+ community, but I am not paid for that and would really appreciate some help.

Have a nice day.

codinghorror · March 13, 2019, 9:37am

We definitely recommend following our official install guide.

Topic		Replies	Views
403 Forbidden on Logins (started after update to latest version) support	6	3503	November 11, 2016
Login fails with "Unknown error" support	5	2051	December 13, 2019
Twitter, Github and normal username and password logins not working after upgrade installation unsupported-install	35	6966	October 22, 2016
Fresh install returning 502 Bad Gateway installation unsupported-install	28	344	April 11, 2024
Infinite 301 redirect with reverse proxy setup installation	6	1497	March 18, 2022

Can't login, reset password or create new account due to 403 Forbidden error

Related Topics