Can't login, reset password or create new account!


(Etienne Bouché) #1

Hi everyone!

I got a big problem on my discourse. Since a few days, nobody can login anymore, neither in authentication by email nor by social login (Facebook, Google, Twitter …)
That’s very strange cause everything was working since 1 year with no problems. Everything broked overnight for no reason.

This is what happend for differents case (sorry it’s french …):

  • For the email connection:

Just the message " Unknown error"

  • For the social login auth:

The message says: “Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?”

  • When I try to reset the password:

“403 Forbidden”

  • And when I want to create a new account:

"We can not detect if your account has been created, please verify that you have enabled cookies."
Of course, the cookies are enabled.

Any ideas ?


(Rafael dos Santos Silva) #2

Please provide some info:

  • Forum URL
  • Are you using HTTPS?
  • Do you use a reverse proxy outside docker?

(Etienne Bouché) #3

The URL is https://colibris41.citiz-network.org and use https.

I use a nginx in reverse proxy in an independant LXC container, cause it’s a virtualization server. The forum is in a KVM and I use another KVM and LXC for another forum and website.


(Rafael dos Santos Silva) #4

Paste the location config of the reverse proxy with the header your are setting.


(Etienne Bouché) #5

This is the config enabled for my nginx…

server {
        listen  80;
        server_name     colibris41.citiz-network.org;
        listen 443 ssl;
        listen [::]:443 ssl;

        ssl_certificate /etc/letsencrypt/live/colibris41.citiz-network.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/colibris41.citiz-network.org/privkey.pem;

        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES12$
        ssl_prefer_server_ciphers on;

        add_header Strict-Transport-Security max-age=15768000;

        ssl_stapling on;
        ssl_stapling_verify on;

        ssl_trusted_certificate /etc/letsencrypt/live/colibris41.citiz-network.org/chain.pem;
        resolver 8.8.8.8 8.8.4.4 valid=86400;
        resolver_timeout 10;

        client_max_body_size 10M;

        location / {
                proxy_pass      http://10.0.2.110/;
                #proxy_pass      http://10.0.2.114/; #Redirection maintenance
       }
}

But I don’t why the problem could be there. That works fine for one year…


(Rafael dos Santos Silva) #6

You have a broken reverse proxy config:

Adding a reverse proxy increase the maintenance burden, so should be done only when necessary, and will occasionally break.

A simpler approach, with less maintenance, is using Caddy as a reverse proxy server.

Discourse is using secure cookies now, and they are more sensitive to a broken proxy.


(Etienne Bouché) #7

Ok I just added this in my proxy.conf:

  proxy_set_header        X-Forwarded-Proto https;

Everything seems to work great now! I never thought the problem would come from there. Thank’s a lot!