Anmeldeproblem bei https-Aufruf

das Problem besteht darin das ich folgende Fehlermeldung erhalte, wenn ich Seafile über den DNS Namen von Extern über https aufrufe und das Anmeldeformular abschicke.

Verboten (403)

CSRF-Verifizierung fehlgeschlagen. Anfrage abgebrochen.

Mehr Information ist verfügbar mit DEBUG=True.

Die Seafile Startseite mit dem Login ist ganz normal erreichbar.
Spreche ich Seafile direkt von Intern mit der Server-IP an klappt alles Problemlos.

Auf dem Server läuft Ubuntu 18.04 LTS, Seafile in der version 6.3.4 mit einem Apache Webserver.

Das Zertifikat habe ich mit Let’s Encrypt nach der offizillen Dokumentation installiert. Bei dem Seitenaufruf erscheint auch das Grüne Schloss.

In den Apache Logs sind keine Informationen zu dem Fehler, die einzige Fehlerinformation die ich ausfindig machen konnte befindet sich in der seahub.log Datei und sieht wie folgt aus:

2018-12-13 08:38:27,705 [WARNING] _reject Forbidden (Referer checking failed - https://[meinseafileserver]/accounts/login/?next=/ does not match any trusted origins.): /accounts/login/

Habe schon diverse Lösungsansetzte probiert, bisher nicht erfolgreich.
Vielen Dank schon mal im Vorfeld.

CRSF ist gegen Cross-Site Scripting und Schützt dich for falschen Inhalten. Hast du deine Browsereinstellungen verändert? Ansonsten lösche mal den Cache bevor du es probierst.

Danke erstmal für die schnelle Antwort, aber nein ich habe nichts an den Browsereinstellungen geändert.
Ich habe es auch schon mit mehreren Browsern probiert, Resultat war die gleiche Fehlermeldung.
Auch nach löschen des Caches erscheint der selbe Fehler.

Ich vermute einen Fehler in der Apache Config, kannst du die mal hier posten ?

Ja klar hier:

# Global configuration

# ServerRoot: The top of the directory tree under which the server’s
# configuration, error, and log files are kept.
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL/>);
# you will save yourself a lot of trouble.
# Do NOT add a slash at the end of the directory path.
#ServerRoot "/etc/apache2"

# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#Mutex file:${APACHE_LOCK_DIR} default

# The directory where shm and other runtime files will be stored.

DefaultRuntimeDir ${APACHE_RUN_DIR}

# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars

# Timeout: The number of seconds before receives and sends time out.
Timeout 2400

# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to “Off” to deactivate.
KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars

# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., apache org (on) or (off).
# The default is off because it’d be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you do define an error logfile for a
# container, that host’s errors will be logged there and not here.
ErrorLog ${APACHE_LOG_DIR}/error.log

# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, …, trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.

** Options FollowSymLinks**
** AllowOverride None**
** Require all denied**

<Directory /usr/share>
** AllowOverride None**
** Require all granted**

<Directory /var/www/>
** Options Indexes FollowSymLinks**
** AllowOverride All**
** Require all granted**

#<Directory /srv>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
AccessFileName .htaccess

# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<FilesMatch “^.ht”>
** Require all denied**

# The following directives define some format nicknames for use with
# a CustomLog directive.
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
LogFormat “%v:%p %h %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” vhost_combined
LogFormat “%h %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” combined
LogFormat “%h %l %u %t “%r” %>s %O” common
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent

# Include of directories ignores editors’ and dpkg’s backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Danke, ich meinte die vhost Config - Kannst du die auch noch posten?

<VirtualHost *:443>
ServerName (MeinServerName)
DocumentRoot /var/www

ServerAlias (MeinServerName)
SSLCertificateFile /etc/letsencrypt/live/(MeinServerName)/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(MeinServerName)/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Alias /media /home/seafile/seafile-server-6.3.4/seahub/media

<Location /media>
Require all granted

RewriteEngine On

#seafile fileserver

ProxyPass /seafhttp http:://
ProxyPassReverse /seafhttp http:://
RewriteRule ^/seafhttp - [QSA,L]


SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
ProxyPass / http:://
ProxyPassReverse / http:://

Die doppelten Doppelpunkte hinter dem http sind beabsichtigt, da ich bei normaler Schreibweise einen Uploadfehler bekomme.