CSRF token verification failed! - Docker nginx zammand.conf

  • Used Zammad version: 3.6.0
  • Used Zammad installation source: Docker-compose
  • Operating system: ubuntu 20.04.2
  • Browser + version: chrome latest.

Expected behavior:

*Be able to login

Actual behavior:

  • CSRF token verification failed!

Steps to reproduce the behavior:

I’ve tried everything to get my login working again.
It worked fine for my original users but any new users can not login they get this error: CSRF token verification failed!.

I’ve tried setting the zammad.conf in the docker image zammad-nginx /opt/zammad/contrib/nginx/zammad.conf
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;

but when I reload nginx, the default config changes this back to:
proxy_set_header X-Forwarded-Proto $scheme;

I then did the following:

map $http_x_forwarded_proto $real_scheme {
default $http_x_forwarded_proto;
‘’ $scheme;

to the “server {” in zammad config file. This has now broken nginx docker container and it kicks me out of bash after 3-4 seconds. So I can’t get that working at all.

I’m really new to docker and this has been really frustrating, I just need a little help to force https and get the login for zammad working again.
I’m running the nginx proxy which all looks fine, I also run cloudflare but I have tried both disabling and enabling this with the same results.

I’m out of options. any help would be much appreciated.

Hi @technoicon

there are several posts on this subject. Just do a search for “CSFR” and you will find plenty of solutions that have already been discussed in the forum.



Figured out that Zammad is listening on HTTP but the settings were set to HTTPS which is really what I want to use but to get it working I set zammad to http using this command.

docker exec -it zammad-docker-compose_zammad-railsserver_1 bash
rails c
=> "https"
docker-compose down
docker-compose up -d

So from what I can understand now, My reverse proxy takes the connection via https, then connects to zammad via http.

I tried so many things to make https work all the way through, but it just doesn’t and changing any settings in the zammad-nginx container doesn’t seem to work for whatever reason.

I’m not a docker expert so I don’t understand how that works.

1 Like

If you’re accessing Zammad via https in your Browser, the http_type has to be https.
Other wise you’ll have issues with accessing and using Zammad.

Also note that the compose has environment files which you can use to override default values if needed:

I have no idea what this means.
What is the compose?

how do you use the environmental variables? can you give an example?

There are some issues, for example, links in emails don’t work. Everything else works fine though and I can login, which is probably a bigger issue than anything else.

Docs are finally updated, they should help you:

Everything else docker-compose specific is out of my scope and should be covered by their docs.

Please have a look into your system settings…

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.