- Used Zammad version: 3.4x
- Used Zammad installation source: docker
- Operating system: Ubuntu 20.04.1 LTS
- Browser + version: Firefox Developer Edition (latest) + Vivaldi (latest)
Expected behavior:
- Authenticate with Google
Actual behavior:
- I get an error saying:
422: The change you wanted was rejected.
Message from google_oauth2: csrf_detected
Steps to reproduce the behavior:
- Setup google authentication
My environment is locked down (only 1 public ip available) so I’m forced to use this configuration. I have a Debian 9 server that is public-facing with a public IP. It is running the latest version of Nginx and is proxy passing the configuration over to the internal-only zammad server. The configuration on this server:
server {
server_name support.mydomain.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/support.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/support.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/support_access_log;
error_log /var/log/nginx/support_error_log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://10.222.2.38/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Base-Path /search;
proxy_read_timeout 100000;
proxy_send_timeout 100000;
proxy_connect_timeout 100000;
send_timeout 100000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
}
server {
if ($host = support.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name support.mydomain.com;
return 404; # managed by Certbot
}
This passes over to the Zammad Docker container NGINX. With this configuration, I have two questions.
- Can I avoid the preconfigured nginx container and use my public server’s nginx to connect directly to the server’s rails and websocket? I haven’t been able to get the ports to be exposed to do this. I tried forwarding iptables, etc, no luck. I hate the idea of two nginx servers being proxy passed.
- With the two proxy servers, what do I need to do to get the correct IP addresses reported rather than my public server’s internal ip? I’m only seeing the server IP in the logs.
The public server is using letsencrypt for the front end stuff. The internal servers are using plain http.
Any guidance would be great. This will help our school district a lot with handling student/parent issues (rather than our current way: email… yuck)
Edit: When I try to add Google as a channel I get the error:
500: We’re sorry, but something went wrong.
I’m not sure where to see logs for docker.
