Error 403 when trying to add articles or change any options

ikarus84 · 4 نوفمبر 2016، 11:24ص

First of all a big thank you for the software, that you are developing! It is absolutely amazing and sometimes unbelievable to me, that it is open source: .
I’ve been using discourse for building a community forum for the city of Bonn:

Lately I’ve been working a lot on design and the webserver, which is also serving some other websites. Everything seemed to work after my changes of design and webserver, I was even able to post some “release notes”:

Just now, whenever I try to add an article or change options, I get an error 403.
I tried to change some options in my nginx-config back to previous states, but it didn’t help. I tried to change the css-additions, but I can’t save them. I tried to understand this article to try this, but I didn’t understood, where to copy-paste the code:

Maybe you can help me find the error?

ikarus84 · 4 نوفمبر 2016، 11:30ص

Discourse version: v1.7.0.beta7 +15

Added code in </body> to add a topmenü:

<script type="text/javascript">
$(function() {
  var $topDiscourseSub = $('#top-discourse-sub');
  $('#top-discourse-link').hover(function() {
    $topDiscourseSub.show();
  }, function() {
    $topDiscourseSub.hide();
  });
});
</script>

zogstrip · 4 نوفمبر 2016، 1:42م

Seems like your site is down?

ikarus84 · 4 نوفمبر 2016، 4:09م

http://isup.me/bonn.community
It’s just you. http://bonn.community is up.

ikarus84 · 4 نوفمبر 2016، 6:13م

Maybe someone can help debugging, when he see the menu and font-files. There is javascript-code involved, hope that this doesn’t cause the bug:

schriftart.dcstyle.json.html (437 Bytes)
piwik-statistiken.dcstyle.json.html (1.1 KB)
menue.dcstyle.json.html (6.6 KB)

neil · 4 نوفمبر 2016، 6:15م

It’s down for me too. It’s always redirecting to https, and it fails to load on https.

Falco · 4 نوفمبر 2016، 6:21م

ikarus84 · 4 نوفمبر 2016، 7:35م

Sorry, there was in error in my nginx-config. For me everything was fine and visible. Now it should be for you as well. Still the problem with error 403 stays.

I case, my nginx-config as well:

##############################
### Docker: Bonn.Community ###
##############################


server {
        listen 80;
        server_name bonn.community www.bonn.community;
        return 301 https://bonn.community$request_uri;
}

server {
        listen 443 ssl spdy;
        server_name www.bonn.community;
        ssl_certificate /etc/letsencrypt/live/bonn.community/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/bonn.community/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
	      ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 5m;
        return 301 https://bonn.community$request_uri;
}

server {
        listen 443 ssl spdy;
        server_name bonn.community;
        ssl_certificate /etc/letsencrypt/live/bonn.community/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/bonn.community/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
	      ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 5m;
        add_header Strict-Transport-Security max-age=31536000;
        location / {
            proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
            proxy_set_header Host $http_host;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

ikarus84 · 4 نوفمبر 2016، 7:53م

And a last hint for today…

ikarus84 · 5 نوفمبر 2016، 12:40ص

A new day, new try:

2016/11/05 01:16:30 [crit] 788#0: *27 connect() to unix:/var/discourse/shared/standalone/nginx.http.sock failed (2: No such file or directory) while connecting to upstream, client: 93.232.205.234, server: bonn.community, request: "GET / HTTP/1.1", upstream: "http://unix:/var/discourse/shared/standalone/nginx.http.sock:/", host: "bonn.community"
2016/11/05 01:16:31 [crit] 788#0: *49 connect() to unix:/var/discourse/shared/standalone/nginx.http.sock failed (2: No such file or directory) while connecting to upstream, client: 93.232.205.234, server: bonn.community, request: "GET / HTTP/1.1", upstream: "http://unix:/var/discourse/shared/standalone/nginx.http.sock:/", host: "bonn.community"
2016/11/05 01:16:59 [crit] 788#0: *27 connect() to unix:/var/discourse/shared/standalone/nginx.http.sock failed (2: No such file or directory) while connecting to upstream, client: 93.232.205.234, server: bonn.community, request: "GET / HTTP/1.1", upstream: "http://unix:/var/discourse/shared/standalone/nginx.http.sock:/", host: "bonn.community"

ikarus84 · 5 نوفمبر 2016، 11:10ص

My browser tells me, that discourse is failing to load the file “timings”. Because of [‘BAD CSRF’] I get error 403.I am really lost, where else to search to solve the bug.

I rebuild discourse with plenty of different options
I tried to proxy nginx with sockets and ports and different config-files
I reinstalled the docker image.
I read all related articles here and tried the solutions, but none of them worked out.
and I don’t know where to look else.

ikarus84 · 5 نوفمبر 2016، 12:06م

Also removed all modifications following this post:
https://meta.discourse.org/t/customization-hangs-on-save/31796/12
No help, even after rebuilding.

ikarus84 · 5 نوفمبر 2016، 12:26م

Holy moly, finally!
I need to add a simple line to my nginx config:

proxy_set_header X-Forwarded-Proto https;

Who could guess that? So thank you and see you!

الموضوع		الردود	مرات العرض
Mixed SSL since upgrade Installation	14	643	30 ديسمبر 2022
Run other websites on the same machine as Discourse Self-Hosting how-to , advanced-setup	66	133882	23 فبراير 2025
Discourse has stopped opening Installation	39	5732	19 مارس 2022
Sudden HTTP 403 errors with Discourse Docker ("BAD CSRF") Bug	5	132	25 ديسمبر 2024
Error trying to edit a post with an image in (NginX Proxy Manager?) Installation	44	3733	16 أغسطس 2022

Error 403 when trying to add articles or change any options

الموضوعات ذات الصلة