HTTP OAuth calback is requested even if HTTPS is enabled

(Sean Whalen) #1

I have HTTPS enabled on my site, enforced by a 301 redirect from HTTP to HTTPS by the reverse proxy in front of it. When I tried to login with Google, Google complained that the requested callback URL did not match the registered callback URL, the difference being that the registered callback URL uses HTTPS, and the requested URL uses HTTP…

(Sam Saffron) #2

That would be the cause, you need to ensure NGINX has the headers set correctly, when we need to enforce this we add:

 - replace:
         filename: /etc/nginx/conf.d/discourse.conf
         from: $thescheme;
         to: https;
         global: true

(Sean Whalen) #3

Where does that go? I tried adding it web_only.yml, under


And got

Errno::ENOENT: No such file or directory - /etc/nginx/conf.d/discourse.conf

(Sam Saffron) #4