CSFR Error while login behind HA Proxy

Hi guys, I hope this is the right section to ask for help about this.
I recently changed the reverse proxy I have in front of the discourse server.
I have a server with several discourse installed and a reverse proxy on front that point domains to the right web server.

I’ve used HA Proxy on both setup but the difference it’s the platform, before it was installed in PFSense, and now on OPNSense.

The reverse proxy works perfectly but if I try to login I get the CSFR error and can’t really do anything.

nothing have changed in the discourse setup and the HA Proxy configuration is copied over so should be fine.
I’ve turned on XforwardFor and SSL but still discourse don’t seems to keep the same IP from the client but sees only the one from the proxy.

This the reddit post where I’ve asked support as well: https://www.reddit.com/r/OPNsenseFirewall/comments/l4ltxb/migration_from_pfsense_to_opnsense_ha_proxy/?utm_source=share&utm_medium=web2x&context=3

I don’t know if it’ll fix the csfr problem (which I think has to do with https certificate problems, but don’t really know), but the forwarded for boot your did by telling the nginx inside the container what addresses to trust. You can search here for X-forwarded-for and find examples of how to fix that.

Thanks for your reply.
I had a look on the forum for that but can’t really find any updated information.

there is a bunch of old topics with the reference of Real_ip to put in nginx inside the container, but I have no clue on how to do that.

do you suggest any specific guide?

I don’t see a specific guide, but I’ll try to create one soon. Here’s this Inconsistent / missing registration & last IP - #13 by pfaffman that I think should give you what you need for the real-ip bit.

You need to send an X-Forwarded-Proto header as well.


THANKS! Really I was 3 days I was running around in circles and this solved it!

I’ve added the Proto Header as well and it worked!

1 Like

FWIW, there are many example configurations for reverse proxy servers in front of the Discourse app, including this one, almost all address “X-Forwarded-Proto”:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.