I am running the latest CKAN (2.9) on a fresh installation.
However, here the symptoms:
- when I login via web, and browse the site, all sites seem to have forgotten that I already logged in.
- when I F5 the site, it shows that I'm logged in, while other pages don't - until I F5(ctrl+R) them too.
- when I delete Browser cache (NOT cookies), all pages show up fine
The nginx conf says specifically to ignore caches if auth cookie is set:
proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;
proxy_temp_path /tmp/nginx_proxy 1 2;
server {
listen 80 default;
server_name mydoma.in;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mydoma.in;
client_max_body_size 100M;
ssl on;
ssl_certificate /etc/my/cert.pem;
ssl_certificate_key /etc/my/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-A$
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# add_header Strict-Transport-Security "max-age=31536000 includeSubdomains;";
add_header Strict-Transport-Security "max-age=600; includeSubdomains;";
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_cache cache;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 30m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
# In emergency comment out line to force caching
# proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
}
}
Now this talks about the history buffer - but should be irrelevant, if a login cookie gets set, no?
I am guessing there's some kind of bug, since I never experienced that in SSL-less CKAN 2.8, but this needs to be investigated more.
What I'll try to do:
- roll back to HTTP to narrow down / reproduce
- enable SSL on ckan 2.8
- (maybe) deactivate caching altogether
Any hints welcome
