Error 403 when trying to add articles or change any options


(Sascha Foerster) #1

First of all a big thank you for the software, that you are developing! It is absolutely amazing and sometimes unbelievable to me, that it is open source: :heart:.
I’ve been using discourse for building a community forum for the city of Bonn:


Lately I’ve been working a lot on design and the webserver, which is also serving some other websites. Everything seemed to work after my changes of design and webserver, I was even able to post some “release notes”:

Just now, whenever I try to add an article or change options, I get an error 403.
I tried to change some options in my nginx-config back to previous states, but it didn’t help. I tried to change the css-additions, but I can’t save them. I tried to understand this article to try this, but I didn’t understood, where to copy-paste the code:

Maybe you can help me find the error?


(Sascha Foerster) #2
  • Discourse version: v1.7.0.beta7 +15

Added code in </body> to add a topmenü:

<script type="text/javascript">
$(function() {
  var $topDiscourseSub = $('#top-discourse-sub');
  $('#top-discourse-link').hover(function() {
    $topDiscourseSub.show();
  }, function() {
    $topDiscourseSub.hide();
  });
});
</script>

(Régis Hanol) #3

Seems like your site is down?


(Sascha Foerster) #4

http://isup.me/bonn.community
It’s just you. http://bonn.community is up.


(Sascha Foerster) #5

Maybe someone can help debugging, when he see the menu and font-files. There is javascript-code involved, hope that this doesn’t cause the bug:

schriftart.dcstyle.json.html (437 Bytes)
piwik-statistiken.dcstyle.json.html (1.1 KB)
menue.dcstyle.json.html (6.6 KB)


(Neil Lalonde) #6

It’s down for me too. It’s always redirecting to https, and it fails to load on https.


(Rafael dos Santos Silva) #7


(Sascha Foerster) #8

Sorry, there was in error in my nginx-config. For me everything was fine and visible. Now it should be for you as well. Still the problem with error 403 stays.

I case, my nginx-config as well:

##############################
### Docker: Bonn.Community ###
##############################


server {
        listen 80;
        server_name bonn.community www.bonn.community;
        return 301 https://bonn.community$request_uri;
}

server {
        listen 443 ssl spdy;
        server_name www.bonn.community;
        ssl_certificate /etc/letsencrypt/live/bonn.community/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/bonn.community/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
	      ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 5m;
        return 301 https://bonn.community$request_uri;
}

server {
        listen 443 ssl spdy;
        server_name bonn.community;
        ssl_certificate /etc/letsencrypt/live/bonn.community/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/bonn.community/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
	      ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 5m;
        add_header Strict-Transport-Security max-age=31536000;
        location / {
            proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
            proxy_set_header Host $http_host;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

(Sascha Foerster) #9

And a last hint for today…


(Sascha Foerster) #10

A new day, new try:

2016/11/05 01:16:30 [crit] 788#0: *27 connect() to unix:/var/discourse/shared/standalone/nginx.http.sock failed (2: No such file or directory) while connecting to upstream, client: 93.232.205.234, server: bonn.community, request: "GET / HTTP/1.1", upstream: "http://unix:/var/discourse/shared/standalone/nginx.http.sock:/", host: "bonn.community"
2016/11/05 01:16:31 [crit] 788#0: *49 connect() to unix:/var/discourse/shared/standalone/nginx.http.sock failed (2: No such file or directory) while connecting to upstream, client: 93.232.205.234, server: bonn.community, request: "GET / HTTP/1.1", upstream: "http://unix:/var/discourse/shared/standalone/nginx.http.sock:/", host: "bonn.community"
2016/11/05 01:16:59 [crit] 788#0: *27 connect() to unix:/var/discourse/shared/standalone/nginx.http.sock failed (2: No such file or directory) while connecting to upstream, client: 93.232.205.234, server: bonn.community, request: "GET / HTTP/1.1", upstream: "http://unix:/var/discourse/shared/standalone/nginx.http.sock:/", host: "bonn.community"

(Sascha Foerster) #11

My browser tells me, that discourse is failing to load the file “timings”. Because of [‘BAD CSRF’] I get error 403.I am really lost, where else to search to solve the bug.

  • I rebuild discourse with plenty of different options
  • I tried to proxy nginx with sockets and ports and different config-files
  • I reinstalled the docker image.
  • I read all related articles here and tried the solutions, but none of them worked out.
  • and I don’t know where to look else. :frowning:

(Sascha Foerster) #12

Also removed all modifications following this post:


No help, even after rebuilding. :cry:


(Sascha Foerster) #13

Holy moly, finally!
I need to add a simple line to my nginx config:

proxy_set_header X-Forwarded-Proto https;

Who could guess that? So thank you and see you!


[HELP] Cannot login, error shows "BAD CSRF"
(Régis Hanol) #14