Twitter login with Passenger + Varnish - quick lessons learned


(Lee_Ars) #1

Not really a bug, since it’s not Discourse’s fault at all, so I figured I’d stick this in support.

Flipped on Google/Yahoo/Twitter authentication today at the request of a user, and because eh, why not—I personally would never use it, but I don’t have to :smile: It took a while to figure out exactly what had to go where on dev.twitter.com to make stuff work, but I eventually found all the right fields to fill out, thanks to to past postings here on meta.

Ran into one final issue, when actually attempting to log on with a Twitter account. The initial request to grant access to my twitter account went fine, and I saw the correct Twitter-provided username & password window. However, after entering credentials and requesting access, I got a blank page served up by my web server. It looked like the page title had twitter authentication stuff in it, and it was coming from port 8881.

I figured this problem must have something to do with Varnish and Nginx; I run my instance of Nginx on port 8881, with Varnish listening on port 80 and passing/piping/caching requests as needed. Fortunately, I didn’t have to figure out the problem myself, as some kind soul had already done so.

For future reference, the problem was that Passenger needed to be made aware that it should pretend it’s on port 80. I added the following line in the server sections (both http and https) of my Nginx Discourse virtual host configuration:

passenger_set_cgi_param SERVER_PORT 80;

Problem solved! Twitter authentication now works correctly. Hope this is helpful to someone :smile:


(Jeff Atwood) #2

Excellent, moving this to howto, since it’s more of a tutorial of how to do something.


(Sophearak) #3

I have an idea about that. but in my case i face this problem.

it redirect to port 80.
What i have to do now?

should i add passenger_set_cgi_param SERVER_PORT 80; to my discourse.conf?
i already try that and when i restart nginx i got this

nginx: [emerg] unknown directive "passenger_set_cgi_param" in /etc/nginx/conf.d/discourse.conf:21

nginx: configuration file /etc/nginx/nginx.conf test failed

Does it should be redirect to port 443?

sorry for my bad English.


(Lee_Ars) #4

passenger_set_cgi_param must be inside a server block in your nginx configuration. Make sure you’re not putting it in the http context.


(Sophearak) #5

So, I add passenger_set_cgi_param SERVER_PORT 80; in my server block in nginx.conf then when i reload nginx server i got this:

nginx: [emerg] "server" directive is not allowed here in /etc/nginx/nginx.conf:8

PS: Here my detail issue http://meta.discourse.org/t/cannot-log-in-with-google-twitter-github-after-adding-ssl/11661


(Lee_Ars) #6

You are probably missing a curly brace—or you have one too many. In the error message you mention, nginx is telling you that the problem is on line 8 in nginx.conf. Look and see what’s on that line.


(Sophearak) #7

here is my nginx.conf

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
server {
   passenger_set_cgi_param SERVER_PORT 80;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
    server_names_hash_bucket_size 64;
}

Do i miss something? :frowning:


(Lee_Ars) #8

Yes, you are missing something—the nginx docs on conf file structure are your friend! server must be inside of http.

Also, if you’re using virtual host files for nginx (maybe in /etc/nginx/conf.d?), the passenger param should be set there, with the Discourse virtual host, because otherwise the param won’t be applied correctly. You can have multiple server blocks, and IIRC that param will only apply to the server block where it’s set, rather than globally. In other words, I’m pretty sure that setting it in an empty server block does absolutely nothing.

I’d recommend taking a closer look at your nginx configuration so you can understand exactly how your Discourse site is set up.


(Sophearak) #9

A thousand thanks to you :smiley: i will take a look at that.
thanks again for your help.