Aafter installation, create the first account (admin account) and log in.
Actual behavior:
Unfortunately it always fails when trying to create the “first” admin account. We always get the message “can’t create User”.
Steps to reproduce the behavior:
We have installed the server several times according to the instructions and have always followed the instructions.
No matter whether from Zammad himself or from other websites, no installation went better.
So far we have used Debian10, CentOS7 and Ubuntu 18.04 for the Linux distributions.
Also had no influence on the result.
The logfile you provided states you’re having issues with CSRF:
I, [2020-03-02T11:30:58.951421 #65725-47398749952320] INFO -- : Processing by UsersController#create as JSON
I, [2020-03-02T11:30:58.951535 #65725-47398749952320] INFO -- : Parameters: {"firstname"=>"Johannes", "lastname"=>"Weisgerber", "email"=>"someone@domain.tld", "password"=>"[FILTERED]", "role_ids"=>[], "id"=>"c-2"}
I, [2020-03-02T11:30:58.951995 #65725-47398749952320] INFO -- : CSRF token verification failed
I suspect you using HTTPs for your installation.
While that’s perfectly fine, the default configuration might be missing the required vhost configuration.
If you’re running apache, add the following two lines within your Zammad vhost configuration:
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
In case you don’t have the headers module active in apache, additionally run a2enmod headers.
If you’re a nginx user, replace the following line proxy_set_header X-Forwarded-Proto $scheme;
by proxy_set_header X-Forwarded-Proto https;.
With these changes, after restarting your webserver, you should be good to go!
unfortunately that is not the solution either.
Even if I set the settings to “http” I still get the message that I cannot create an account.
Is there another source in the system that can cause this error?
None I can think of if you’re not using like more than one proxy.
If the nginx mentioned above is one of several proxies, then this will be hard to correct for us here.
You’re having CSRF token issues, the by me linked configuration changes are technically solving this issue. Reload your browser and ensure it’s not a caching issue.