• Welcome to Simple Machines Community Forum. Please login or sign up.
December 07, 2021, 05:29:54 AM

News:

SMF 2.1 RC4 has been released! Try it out and help us test! :) Read more.


How to get SMF working properly behind a reverse proxy server over https?

Started by thenakedscientists, January 15, 2018, 07:30:48 AM

Previous topic - Next topic

thenakedscientists

Dear all

My forum is a sub-site within a main site powered by drupal. The forum is customised to look like the drupal site but is actually running independently of it. I did initially experiment with a drupal SMF bridge but it was a bit of a nightmare for various reasons and keptm ejecting users, so I divorced the two again.

SMF runs very happily over https://

However, as part of the main site development I am now trying to install varnish in front of drupal to speed it up. Because we're using SSL I also need a proxy in front of varnish because varnish doesn't support https://

So, on my dev server, containing a clone of the live site, I have the following stack:

Pound (listening on https and also redirecting any non-https (port 80 traffic) to https) <=> Varnish5.1 <=> Apache2.4

I have config'd varnish to pass through any forum traffic, because the forum is fast anyway so I don't need that additionally cached, and the cookie for the login as well as the header settings for SMF prevent caching anyway.

Under this config, the drupal site works fine.

For anonymous users, the SMF forum is fine.

But I cannot log in. It keeps chucking session expired errors for my user, even on a cookie-cleared, cache-cleaned machine.

Has anyone else successfully set up a stack similar to this and made it work with SMF? if so, can anyone guide me on how to investigate this and chase down the cause of my problem?

Yours gratefully,

Chris

Illori

SMF and varnish dont work well together. i would not recommend using them together.

thenakedscientists

I'm bypassing varnish by adding an exception in vcl-recv that passes through any forum url; as such, it should not be a problem.

I know this because if I run varnish as the front end (ie using port the varnish port to access the site and the forum) then it works fine and I can log in no problem.

It's when I add SSL / pound on the front that I get this headache, so there's something else happening here I think.

Jailer

It has to be something in your Pound configuration. I run my forum behind a nginx reverse proxy with SSL and it works great.

thenakedscientists

Thanks Jailer.

What do you use as the config for board url in Settings.php, and the links to your themes etc directories? Absolute, or relative urls, with, or without https://?

Cheers
Chris

thenakedscientists

A further update:

To make troubleshooting easier I have removed varnish from the equation by temporarily pointing Pound straight at apache. (So pound listens on https:// port and fwds to the apache2.4 listening port).

This confirms that varnish is not the cause of the problem because I am still getting session expired errors when trying to log in.

But, if I access the forum via the apache port (so go to localhost:81 - which is the port apache is listening to) and access the forum not over https, then I can log in no problem. If I then revert back to https:// i.e. go via Pound - then I am logged in and using the forum no problem.

Can someone please explain what must be going on to cause this?

Cheers

thenakedscientists

I've now rigged up nginx as the reverse proxy ahead of apache serving the forum.

I have nginx listening on port 443 (https://) and the forum being server by apache; nginx is set to redirect all port 80 requests to 443, picking up and fixing any dodgy links within the forum.

I can browse the forum as an anonymous user no problem, but as soon as I try to log in I get a session expired error when it does the session verification (login2). The wording is:

An Error Has Occurred!
Your session timed out while posting. Please go back and try again.

I'd really appreciate some advice on this please from someone who can tell me what might be causing this. Is it something as mundane as the fact that I'm doing this over a self-signed certificate created just for testing? Or is there some silly gotcha that I am overlooking.

Is it a cookie problem that's triggering this?

Cheers

drewactual

Add a sessions check to the login form in the theme you're using.

thenakedscientists

Thank you, @drewactual - but I'm using the core theme for testing, so I would have thought this was intrinsic to that already?

Illori

i dont think the core theme has the sessions added to it, double check on your install.

thenakedscientists

Thanks Illori; so can you please advise me a) what to check for and b) if I find I need to add session checking, how I do that?

Thanks

Chris

Aleksi "Lex" Kilpinen

A Finnish Project Manager (Support Specialist)
 Happily running multiple SMF 2.x installations.
  Fooling around with i7-10700 @ 2,90GHz-4.80GHz / 16Gb / RTX-2070 Super / 3840x2160 / Win 10 x64


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Advertisement: