I have rebuilt the container yesterday and my users including admin can not login to the site. When the login details are entered, it brings the user back to the index page and without giving any errors. Does anyone else experiencing the same issue? Can anyone suggest the solution asap please.
Probably would be good to give a few details to assist in debugging -
I’d first check if you’re out of space on your host. (
How are your users logging in? Are you using local logins? oauth? some other integrations?
Do you have any logs on the server side?
What plugins have you installed?
Here is output for disk space, i got 1.7 GB free space on the disk:
ubuntu@ip-10-0-0-225:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 484M 12K 484M 1% /dev
tmpfs 100M 388K 99M 1% /run
/dev/xvda1 20G 18G 1.7G 92% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
none 5.0M 0 5.0M 0% /run/lock
none 497M 1.3M 496M 1% /run/shm
none 100M 0 100M 0% /run/user
I am using local logins plus google, facebook, GitHub, linkedin and yahoo.
No I don’t have any additional logs setup and the logs within the dockers are not helping me out.
For plugins, find attached the list of my installed plugins,
Do you have an SSL certificate installed for you site? If not, is
SiteSetting.force_https turned on?
I ran into this in dev because of
This was it, used the method mentioned by @Falco to login as admin and unchecked forced SSL option.
Surprisingly I have these settings from months and didn’t experienced this issue till now, also my dev environment is clone of production and it still works perfect even after docker rebuild.
Thanks guys for support
The secure cookie flag was commited only two days ago, and will break where https isn’t properly setup.
Good to know that everything is back up
Hmm interesting, I wonder if the site should throw up an alert when force https is set, yet the site is not being served via https @sam?
we can’t actually do that cause proxies may be involved, for example the
meta container we host serves stuff to the nginx terminator over port 80
Since there is a request object, I think we will be able to determine the scheme from the host and only set the secured cookies if the scheme is HTTPS?