真正的错误似乎是 无法验证 CSRF 令牌真实性。答案就在这个帖子中:Can't Login to Discourse - CSRF Token Authenticity
我在 apache2.conf 文件中添加了以下内容:
RequestHeader set X-Forwarded-Proto https
错误日志如下:
Started POST "/session" for {my.ip} at 2021-08-07 11:45:54 +0000
Processing by SessionController#create as */*
Parameters: {"login"=>"{me}", "password"=>"[FILTERED]", "second_factor_method"=>"1", "timezone"=>"America/Denver"}
Can't verify CSRF token authenticity.
Rendered text template (Duration: 0.0ms | Allocations: 1)
Filter chain halted as :verify_authenticity_token rendered or redirected
Completed 403 Forbidden in 13ms (Views: 1.5ms | ActiveRecord: 0.0ms | Allocations: 898)