NextAuth behind nginx https proxy doesn't get session
I have got my app working in development and now wanted to move everything to production. My Database, Next.js and NGINX all run in docker containers. To create a secure connection I configured nginx to handle SSL and redirect everything to https. Now I'm facing the following problem:
- When I sign in without the proxy enabled on an http connection everything works fine
- When I turn on the proxy:
- The "Sign in with discord" button redirects me to the same site again but with ?csrf=true at the end
- Clicking it again now redirects to discord correctly
- After logging in a session is created in the database but calling session.user returns null
I don't get what part fo the authentication fails here. can someone give some advice please
My config:
- NEXTAUTH_URL='https://production.com'
- discord callback: 'https://production.com/api/auth/callback/discord''
- nginx config:
upstream nextjs {
server 172.17.0.4:3000;
}
server {
# Redirect HTTP requests to HTTPS.
listen 80;
server_name localhost;
root /srv/public;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name localhost;
root /srv/public;
server_tokens off;
ssl_certificate /SSL-Cert/my.crt;
ssl_certificate_key /SSL-Cert/my.key;
location / {
try_files $uri $uri/ @nextjs;
}
location @nextjs {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://nextjs;
proxy_cookie_path / "/; HTTPOnly; Secure";
}
}
1 Reply
I have just tried it in Safari and it looks like the issue is only present in chrome... now im really confused
Well... looks like i did 4h of troubleshooting for nothing. Some cookie in my browser was set incorrectly during development and after clearing all caches and cookies it works fine now. dont ask me why