CSFR Error while login behind HA Proxy

crospa91 · January 25, 2021, 1:16pm

Hi guys, I hope this is the right section to ask for help about this.
I recently changed the reverse proxy I have in front of the discourse server.
I have a server with several discourse installed and a reverse proxy on front that point domains to the right web server.

I’ve used HA Proxy on both setup but the difference it’s the platform, before it was installed in PFSense, and now on OPNSense.

The reverse proxy works perfectly but if I try to login I get the CSFR error and can’t really do anything.

nothing have changed in the discourse setup and the HA Proxy configuration is copied over so should be fine.
I’ve turned on XforwardFor and SSL but still discourse don’t seems to keep the same IP from the client but sees only the one from the proxy.

This the reddit post where I’ve asked support as well: https://www.reddit.com/r/OPNsenseFirewall/comments/l4ltxb/migration_from_pfsense_to_opnsense_ha_proxy/?utm_source=share&utm_medium=web2x&context=3

pfaffman · January 25, 2021, 1:45pm

I don’t know if it’ll fix the csfr problem (which I think has to do with https certificate problems, but don’t really know), but the forwarded for boot your did by telling the nginx inside the container what addresses to trust. You can search here for X-forwarded-for and find examples of how to fix that.

crospa91 · January 25, 2021, 2:19pm

Thanks for your reply.
I had a look on the forum for that but can’t really find any updated information.

there is a bunch of old topics with the reference of Real_ip to put in nginx inside the container, but I have no clue on how to do that.

do you suggest any specific guide?

pfaffman · January 25, 2021, 2:47pm

I don’t see a specific guide, but I’ll try to create one soon. Here’s this Inconsistent / missing registration & last IP - #13 by pfaffman that I think should give you what you need for the real-ip bit.

RGJ · January 25, 2021, 3:39pm

You need to send an X-Forwarded-Proto header as well.

crospa91 · January 26, 2021, 10:01am

THANKS! Really I was 3 days I was running around in circles and this solved it!

I’ve added the Proto Header as well and it worked!

neounix · January 26, 2021, 10:07am

FWIW, there are many example configurations for reverse proxy servers in front of the Discourse app, including this one, almost all address “X-Forwarded-Proto”:

system · February 25, 2021, 10:07am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to install Discourse behind Apache mod_proxy? installation	8	2186	October 16, 2019
Troubleshooting "BAD CSRF" error on initial site setup? support	18	5474	April 30, 2021
Discourse behind reverse proxy and https installation	18	6251	March 13, 2022
I want to install using a reverse proxy for Apache installation	13	3873	August 8, 2021
Wanting to run Discourse alongside apache installation	13	1745	September 7, 2019

CSFR Error while login behind HA Proxy

Related Topics