- Used Zammad version: 5.03 (latest from package installer)
- Used Zammad installation type: package
- Operating system: Ubuntu 20.04
- Browser + version: Chrome Version 96.0.4664.110 (64-ibit) & Firefox 95.0.2 (64-bit)
Expected behavior:
Being able to login
Actual behavior:
CSRF error
Steps to reproduce the behavior:
I installed Zammad from fresh on a fresh VM yesterday, everything was functioning as usual (great product also, thank you so much ) until I followed the instructions here.. I guess it was a fresh install but not completely fresh as I’d already made a load of configurations on the front end before installing the ssl etc.
I successfully installed SSL cert from Letsencrypt and then I went onto the Adjusting the webserver configuration. Following these steps to the point, everything seem to continue working until I tried to login today and I’m hitting this error.
I added the two RequestHeader set X_FORWARDED_PROTO ‘https’ & RequestHeader set X-Forwarded-Ssl on just above the first “Proxy Pass” as suggested but this hasn’t solved anything.
Restarted apache2, rebooted etc but no change.
Aside from restoring the snapshot, is there anything I should try?
Thanks
Config here:
#
# this is an example apache 2.4 config for zammad
# Please visit https://docs.zammad.org for further input on how to configure
# your apache to work with Zammad
#
# security - prevent information disclosure about server version
ServerTokens Prod
<VirtualHost *:80>
ServerName support.youname.co.uk
Redirect permanent / https://support.youname.co.uk
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile /etc/letsencrypt/live/support.youname.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/support.youname.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/support.youname.co.uk/chain.pem
SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/support.youname.co.uk/dhparam.pem
# replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName localhost
## don't loose time with IP address lookups
HostnameLookups Off
## needed for named virtual hosts
UseCanonicalName Off
## configures the footer on server-generated documents
ServerSignature Off
ProxyRequests Off
ProxyPreserveHost On
<Proxy 127.0.0.1:3000>
Require local
</Proxy>
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
ProxyPass /assets !
ProxyPass /favicon.ico !
ProxyPass /apple-touch-icon.png !
ProxyPass /robots.txt !
ProxyPass /ws ws://127.0.0.1:6042/
ProxyPass / http://127.0.0.1:3000/
# change this line in an SSO setup
RequestHeader unset X-Forwarded-User
# Use settings below if proxying does not work and you receive HTTP-Errror 404
# if you use the settings below, make sure to comment out the above two options
# This may not apply to all systems, applies to openSuse
#ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
#ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
DocumentRoot "/opt/zammad/public"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/opt/zammad/public">
Options FollowSymLinks
Require all granted
</Directory>
</VirtualHost>