I am not familiar with the csrf stuff and also not with nginx (the external webserver is an apache 2.4) , but I am pretty shure that CSRF is my problem here as the discourse works fine without logon and only the POST requests which are used for login fail here. My central haproxy has the internal IP 10.10.10.21 , therefore I’ve put
set_real_ip_from 10.10.10.21/24;
in the yml for the discourse.conf in the web_only container. I also tried with the default 127.0.0.1/24; but both result in the same 403 error upon login.