Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
imJexs Posted January 4, 2022 Posted January 4, 2022 This might be a bit of a long post as I want to include as much details as possible. However, I'd greatly appreciate it if you took the time as I'm completely stumped by this one. I know nginx isn't officially supported by IPS (even though it 100% most certainly should be - it's 2022), which is why this is in community support, but I'd love any ideas from IPS guys on this as well. Setup: I am in the middle of moving our website from AWS Elastic Beanstalk to Digital Ocean running inside a Docker Swarm (maybe soon to be k8s, doesn't matter). On AWS, I am running Apache/PHP 7.3.30 and in DO I'm running Nginx/PHP 8.0.13. Both web servers are now talking to the same managed MySQL database (8.0.26), and are using the same Redis cluster for caching as well as PHP sessions. Yes, I have triple checked that PHP sessions and caching is working properly on both web servers. Problem: Whenever I am using the PHP 7.3.30 server, everything works exactly as expected. Been using this setup for ages. No issues. Whenever I switch over to the Nginx/PHP 8.0.13, everything works as expected EXCEPT I cannot login to the front end. However, logins to the ACP work fine (like, what?). Our site uses the Steam login handler with the Standard login method disabled. Even when I turn on the Standard login and try to use user/pass, I get redirected to website.com/?_fromLogin=1 but the user state doesn't actually change. The userbar still has "Login or Sign In" and if I refresh I am not actually logged in. Investigation I did some more investigating, and to make things even weirder, even just requesting the website root (mywebsite.com/), increments the "core_members.failed_login_count" and adds a timestamp to "core_members.failed_logins" columns. So just refreshing the site does that. Then after 1-2 login attempts, it locks the user's account with "too many failed login attempts". Conclusion Exact same code base, exact same 3rd party apps enabled (all written by me and PHP 8 compatible), same MySQL server, same Redis cache, same PHP session handler, but can't sign in on PHP8. I've pretty much determined it has to either be a nginx configuration error like some sort of headers thing (grasping at straws here) or its an issue with this IPS release and the said version of PHP. I am VERY open to suggestions as I'm completely out of ideas. I've traced through the login process' code and I didn't find anything that would lead to the symptoms I saw. 😕 Best, Jexs
imJexs Posted January 4, 2022 Author Posted January 4, 2022 I'm a doofus and didn't see the Advanced Self Hosting Support. If any mod sees this, please move this to https://invisioncommunity.com/forums/forum/524-advanced-self-hosting-assistance/
imJexs Posted January 4, 2022 Author Posted January 4, 2022 (edited) It was the cookie path that was being set incorrectly. Nginx was configured: server_name _; which was then being used by $_SERVER['SERVER_NAME']; in \IPS\Request::getCookiePath() which was causing the cookie path to be set to "//domain.com" instead of "/". I was under the impression that Nginx automatically set the server name to the request's host when using "_", but that is incorrect. Simply setting the correct server_name or manually changing the server name header to $host would fix it. Edited January 4, 2022 by imJexs gigantor and DSystem 1 1
Recommended Posts