When running an NGINX reverse proxy in front of Discourse you cannot log into the site. After submitting your credentials you are taken back to the index page and do not have a session. No errors are displayed and it seems from the logs that the login was successfull.
Creating scope :open. Overwriting existing method Poll.open.
Started GET "/" for 10.42.4.0 at 2021-10-05 14:24:41 +1300
Processing by ListController#latest as HTML
Rendered list/list.erb within layouts/application (Duration: 8.8ms | Allocations: 1141)
Rendered layout layouts/application.html.erb (Duration: 22.9ms | Allocations: 3194)
Completed 200 OK in 189ms (Views: 23.9ms | ActiveRecord: 0.0ms | Allocations: 21280)
Creating scope :open. Overwriting existing method Poll.open.
Started GET "/session/csrf" for 10.42.4.0 at 2021-10-05 14:24:52 +1300
Processing by SessionController#csrf as JSON
Completed 200 OK in 384ms (Views: 0.3ms | ActiveRecord: 0.0ms | Allocations: 5303)
Started POST "/session" for 10.42.4.0 at 2021-10-05 14:24:52 +1300
Processing by SessionController#create as */*
Parameters: {"login"=>"admin", "password"=>"[FILTERED]", "second_factor_method"=>"1", "timezone"=>"Pacific/Auckland"}
Completed 200 OK in 1043ms (Views: 0.3ms | ActiveRecord: 0.0ms | Allocations: 147364)
Started POST "/login" for 10.42.4.0 at 2021-10-05 14:24:54 +1300
Processing by StaticController#enter as HTML
Parameters: {"username"=>"admin", "password"=>"[FILTERED]", "redirect"=>"https://forum.test.financefeast.io/"}
Redirected to https://forum.test.financefeast.io/
Completed 302 Found in 3ms (ActiveRecord: 0.0ms | Allocations: 710)
Started GET "/" for 10.42.4.0 at 2021-10-05 14:24:54 +1300
Processing by ListController#latest as HTML
Rendered list/list.erb within layouts/application (Duration: 46.7ms | Allocations: 11808)
Rendered layout layouts/application.html.erb (Duration: 308.6ms | Allocations: 53646)
Completed 200 OK in 1123ms (Views: 311.1ms | ActiveRecord: 0.0ms | Allocations: 167190)
Tested without the NGIX reverse proxy in front of discourse and logins are fine. Is there any specific configuration for NGINX to get this working?
This is the NGINX conf:
server {
listen 80;
server_tokens off;
server_name forum.test.financefeast.io;
location / {
return 301 https://$host$request_uri;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30m;
add_header Pragma public;
add_header Cache-Control "public";
}
}
server {
ssl_certificate /etc/nginx/certs/test.financefeast.io-bundle.crt;
ssl_certificate_key /etc/nginx/certs/test.financefeast.io.key;
listen 443 ssl;
server_name forum.test.financefeast.io;
location / {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type';
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_pass https://kube_lb;
}
}