Syncthing on a subdomain with nginx

Avamander · June 1, 2017, 10:09pm

Syncthing gives mysterious CSRF errors when proxied by nginx and when placed on a subdomain. How can I get it working?

Relevant config file entry:

location / {
    proxy_http_version      1.1;
    proxy_set_header        X-Real_IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-NginX-Proxy   true;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection $connection_upgrade;
    proxy_pass              http://syncthing;
    proxy_read_timeout      1200;
    proxy_connect_timeout   240;
    client_max_body_size    0;
}

I suggested that Syncthing should allow manual changing of actual server address it’s being served on (separated from bind address) but maintainer(s) said it’s all automagical (if it was it wouldn’t fail like this mistaking the proxy as CSRF).

calmh · June 2, 2017, 5:41am

My nginx didn’t understand the $connection_upgrade; so I removed it. Apart from that, your setup works fine for me.

What are you doing to get the CSRF error? Maybe it has nothing to do with the proxying.

Avamander · June 3, 2017, 12:18am

All I’m doing is just opening subdomain.domain.com with the config I posted. Nothing loads and when I view the failing links directly CSRF error is what I get. Also $connection_upgrade needs

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

calmh · June 3, 2017, 3:21pm

Opening an API URL directly with no CSRF token and no API key legitimately results in a CSRF error. This is probably unlrelated to whatever is your actual problem.

system · July 3, 2017, 3:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.