Users unable to login after container rebuild


#1

I have rebuilt the container yesterday and my users including admin can not login to the site. When the login details are entered, it brings the user back to the index page and without giving any errors. Does anyone else experiencing the same issue? Can anyone suggest the solution asap please.


Discourse lost the ability to login for all accounts
(Rafael dos Santos Silva) #2

Try visiting /users/admin-login


(Jeff Wong) #3

Probably would be good to give a few details to assist in debugging -
I’d first check if you’re out of space on your host. (df -h)

How are your users logging in? Are you using local logins? oauth? some other integrations?
Do you have any logs on the server side?
What plugins have you installed?


#4

Here is output for disk space, i got 1.7 GB free space on the disk:

ubuntu@ip-10-0-0-225:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 484M 12K 484M 1% /dev
tmpfs 100M 388K 99M 1% /run
/dev/xvda1 20G 18G 1.7G 92% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
none 5.0M 0 5.0M 0% /run/lock
none 497M 1.3M 496M 1% /run/shm
none 100M 0 100M 0% /run/user

I am using local logins plus google, facebook, GitHub, linkedin and yahoo.

No I don’t have any additional logs setup and the logs within the dockers are not helping me out.

For plugins, find attached the list of my installed plugins,


(Alan Tan) #5

Do you have an SSL certificate installed for you site? If not, is SiteSetting.force_https turned on?

I ran into this in dev because of


#6

This was it, used the method mentioned by @Falco to login as admin and unchecked forced SSL option.

Surprisingly I have these settings from months and didn’t experienced this issue till now, also my dev environment is clone of production and it still works perfect even after docker rebuild.

Thanks guys for support :slight_smile:


(Rafael dos Santos Silva) #7

The secure cookie flag was commited only two days ago, and will break where https isn’t properly setup.

Good to know that everything is back up :thumbsup:


(Jeff Atwood) #8

Hmm interesting, I wonder if the site should throw up an alert when force https is set, yet the site is not being served via https @sam?


(Sam Saffron) #9

we can’t actually do that cause proxies may be involved, for example the meta container we host serves stuff to the nginx terminator over port 80


(Felix Freiberger) #10

You could detect it client side, in JavaScript, but that’s probably too much complexity?


(Alan Tan) #11

Since there is a request object, I think we will be able to determine the scheme from the host and only set the secured cookies if the scheme is HTTPS?