Using nginx + thin giving Invalid form authenticity token error

Added by Deoren Moor over 9 years ago

First of all, thank you for looking at this.

Background

I have a few light use production installations of where I use Apache & mod_passenger to run Redmine. Those work great, no problems whatsoever.

I recently got the idea that when I did my next installation, I'd use nginx and Thin, since this install would be on a host that would be limited in resources.

The Problem

I have everything configured and mostly working, but I'm getting some strange behavior.

  1. User visits index/welcome page (any browser)
  2. User clicks Sign in (any browser)
  3. User is redirected to login page (any browser)
  4. User enters username/password and is redirected back to the index/welcome page (any browser)

Mozilla Firefox (tested with 3.6.12), Windows XP

At this point the index page doesn't show the user is logged in. If the user navigates to a different link within Redmine, or hits F5/refresh, then the site will show they are logged in.

Google Chrome, Windows XP

At this point the index page shows the user is logged in, but logging out only returns the user to the index/welcome page and doesn't actually log the user out. Clicking on My Account redirects to the login page, clicking on the name of a project will show the user no longer logged in.

Internet Explorer 8, Windows XP

At this point the index page shows the user is logged in, and logging out returns the user to the index/welcome page and shows that the user is logged out. If they click on Home, it will show them logged in again. Clicking on My Page redirects them to the login form.

The configuration

This is the part where I inevitably forget something. Please ask if I don't specify something you believe would be helpful in troubleshooting this.

  • Ubuntu 10.10 32bit
  • OpenLDAP on localhost, providing auth for select users
  • nginx 0.8.53
  • thin1.8 [1.2.4-1]
  • Redmine 1.0.3
  • mysql-server [5.1.49-1ubuntu8]
  • gem list
    *** LOCAL GEMS ***
    
    actionmailer (2.3.5)
    actionpack (2.3.5)
    activerecord (2.3.5)
    activeresource (2.3.5)
    activesupport (2.3.5)
    mysql (2.8.1)
    rack (1.0.1)
    rails (2.3.5)
    rake (0.8.7)
    rmagick (2.13.1)
    

Installation directory

Checked out the latest "SVN tag:http://redmine.rubyforge.org/svn/tags/1.0.3/ to /opt/redmine

environment.rb

I added this to the bottom, per the link noted in the file.

# http://www.redmine.org/wiki/redmine/HowTo_Install_Redmine_in_a_sub-URI
Redmine::Utils::relative_url_root = "/redmine"

Other config files

I've attached every config file I can think of that would be related, but let me know if I'm overlooking something. The one thing that might look like an issue is the rewrite rules within projects.conf , but I get the same behavior mentioned above if they're removed (with nginx && thin restarted after).

Thanks again for your time.

redmine.yml Magnifier - Thin configuration (384 Bytes)

nginx.conf - nginx config file (2.64 KB)

proxy.inc.conf - nginx include file - proxy options (704 Bytes)

ssl.inc.conf - nginx include file - ssl options (405 Bytes)

projects.conf - nginx Redmine vhost file (2.52 KB)

Replies (7)

RE: Using nginx + thin giving Invalid form authenticity token error - Added by Deoren Moor over 9 years ago

Oh, one thing I had meant to mention at the beginning, this installation uses a sub-uri (/redmine/), but I get the same problem if I configure it to serve Redmine from /

I can list the specific config options for that scenario if needed.

RE: Using nginx + thin giving Invalid form authenticity token error - Added by Deoren Moor over 9 years ago

Forgot to mention this:

RAILS_ENV=production script/about
About your application's environment
Ruby version              1.8.7 (i686-linux)
RubyGems version          1.3.7
Rack version              1.0
Rails version             2.3.5
Active Record version     2.3.5
Active Resource version   2.3.5
Action Mailer version     2.3.5
Active Support version    2.3.5
Application root          /opt/redmine
Environment               production
Database adapter          mysql
Database schema version   20100819172912

RE: Using nginx + thin giving Invalid form authenticity token error - Added by Felix Schäfer over 9 years ago

This sounds like a cookie issue. Make sure you get the cookie(s) from redmine and they are sent back by the browser to redmine.

RE: Using nginx + thin giving Invalid form authenticity token error - Added by Deoren Moor over 9 years ago

Thank you for the reply.

I've checked with all browsers I mentioned and they're receiving a cookie with this info:

Site: projects.whyaskwhy.org
Cookie name: _redmine_session

Name: _redmine_session
Content: (very long string of chars)
Host: projects.whyaskwhy.org
Path: /
Send For: Any type of connection
Expires: At end of session

I'll be happy to post screen shots if that will help. I'm going to go ahead and install tcpdump to try and capture cookie(s) and will update with what I find.

RE: Using nginx + thin giving Invalid form authenticity token error - Added by Deoren Moor over 9 years ago

Here is my production.log file.

If I hit refresh on Mozilla Firefox , this additional entry is added to production.log:

Processing WelcomeController#index (for 192.168.1.96 at 2010-11-13 11:22:08) [GET]
  Parameters: {"action"=>"index", "controller"=>"welcome"}
Rendering template within layouts/base
Rendering welcome/index
Completed in 46ms (View: 23, DB: 7) | 200 OK [http://projects.whyaskwhy.org/redmine/]

See anything useful?

production.log - /opt/redmine/log/production.log (1.05 KB)

RE: Using nginx + thin giving Invalid form authenticity token error - Added by Deoren Moor over 9 years ago

After nearly pulling my hair out in frustration, I think I figured out what the deal is.

I turned on debug logging in my nginx vhost file and within additional_environment.rb.example

Changed this line:

#config.log_level = :debug

to:

config.log_level = :debug

In my nginx error log I had this:

[ pid=2547 thr=3066133360 file=ext/nginx/HelperAgent.cpp:568 time=2010-11-14 13:10:50.574 ]: Couldn't forward the HTTP response back to the HTTP client: It seems the user clicked on the 'Stop' button in his browser.

After lots of what I felt were probably unrelated hits via Google, I started going through attachment:nginx.conf line-by-line until I came across the expires directive.

I edited attachment:nginx.conf and changed this value:

expires max;

to:

expires epoch;

and now logins/logouts are working as expected.

Figures that it would something so simple.

RE: Using nginx + thin giving Invalid form authenticity token error - Added by Deoren Moor over 9 years ago

Oh, changing the expires directive also fixes the same problem if using nginx/passenger (I tried that too).

(1-7/7)