CSRF failure after backup and restore


  • Used Zammad version: 3.2
  • Used Zammad installation source: DEB
  • Operating system: Ubuntu
  • Browser + version: Chrome 80.0.3987.122

Expected behavior:

  • I am trying to move my Zammad system to a new server

Actual behavior:

  • Did a backup on old server as described here: backup and restore
  • Set up a new server with a new Zammad system
  • Restored old data
  • Got a CSRF failure
  • Assigned old IP and domain to new server
  • Still got a CSRF failure :wink:

Sorry for opening a new post, this would perfectly fit in here but that post was closed while I was typing :-/

Thanks for any help,
best regards,

This is my zammad.conf:

this is the nginx config for zammad

upstream zammad {
server localhost:3000;

upstream zammad-websocket {
server localhost:6042;

Added - Automatically redirect HTTP to HTTPS Nginx

server {
listen 80;
server_name my.domain.de;
return 301 https://$host$request_uri;

Added - HTTPS configuration for Zammad

server {
listen 443 http2 ssl;

ssl_certificate /etc/letsencrypt/live/my.domain.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.de/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security “max-age=63072000; includeSubdomains”;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

replace ‘localhost’ with your fqdn/domain name if you want to use zammad from remote

server_name my.domain.de;

root /opt/zammad/public;

access_log /var/log/nginx/zammad.access.log;
error_log /var/log/nginx/zammad.error.log;

client_max_body_size 50M;

location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
expires max;

location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 86400;
proxy_pass http://zammad-websocket;

location / {
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 180;
proxy_pass http://zammad;

gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any;

Please have a look at this thread, it will solve your issue:

Thank you very much! I figured it out now.
But here is the next problem:
Everything is restored, I did

zammad run rake searchindex:rebuild

but I am not able to login, this is the error I get:
Requesting a new password does not work either.

Any ideas?
Thanks in advance :wink:

Please don’t mix topics.
Lookup the provided ID with a friendly grep in your production log.

These error ids are generated randomly and have no real connection to learn what went wrong.

Hehe, thanks for the hint. It shows that I am not mixing topics, but that was lucky :wink:

[2020-03-07T14:49:42.690917 #2136-47063552666340] ERROR – : Error ID cSlzkeB p: CSRF token verification failed!

That error haunts me…

Fixed it.
What I did:

1.: Go to the old system.
2.: Find this in settings:

It was set to “https”, that was the mistake. Set it to “http”.
3. Do the backup
4. Restore on new server.
5. Get a beer.


Glad you could solve it.
I see flaws in your list thoguh.

DId you mean:

3. Do the backup
4. Get a beer.
5. Restore on new server.
6. Get a beer.

? :wink:

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.