I have a separate nginx fronting my Zammad deployment.
From this, I get these logs:
10.255.255.42 - - [14/Aug/2025:12:50:30 +0200] “GET /auth/failure?message=ActionController%3A%3AInvalidAuthenticityToken&strategy=saml HTTP/2.0” 422 460 “https://zammad.mydomain.hosting/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:141.0) Gecko/20100101 Firefox/141.0”
10.255.255.13 - - [14/Aug/2025:12:50:30 +0200] “GET /ws HTTP/1.1” 101 1708808 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.0.0”
And then, from the zammad-docker-compose-rails container, I get:
I, [2025-08-14T12:51:57.177314#1-12620780] INFO – : Started GET “/auth/failure?message=ActionController%3A%3AInvalidAuthenticityToken&strategy=saml” for 172.20.0.2 at 2025-08-14 12:51:57 +0200
I, [2025-08-14T12:51:57.182221#1-12620780] INFO – : Processing by SessionsController#failure_omniauth as HTML
I, [2025-08-14T12:51:57.182285#1-12620780] INFO – : Parameters: {“message”=>“ActionController::InvalidAuthenticityToken”, “strategy”=>“saml”}
E, [2025-08-14T12:51:57.185558#1-12620780] ERROR – : Message from saml: ActionController::InvalidAuthenticityToken (Exceptions::UnprocessableEntity)
app/controllers/sessions_controller.rb:156:in failure_omniauth' app/controllers/application_controller/handles_transitions.rb:16:in handle_transaction’
I, [2025-08-14T12:51:57.186878#1-12620780] INFO – : Completed 422 Unprocessable Entity in 4ms (Views: 0.6ms | ActiveRecord: 0.6ms (4 queries, 1 cached) | GC: 0.0ms)
Is there a line proxy_set_header X-Forwarded-Proto $scheme;
in your docker’s nginx config? I’m just guessing that it might be an SSL issue considering your two nginx instances.
