Slava Bezgachev profile image
I'm currently looking for a job! Get in touch if you're looking for an experienced Javascript developer.

CSRF verification failed issue in self-hosted GlitchTip using a reverse proxy.

2024-09-29

devopshostingproxy

The Issue

I recently deployed GlitchTip on my own server using Docker and a reverse proxy. Everything was working fine until I tried to log in. I was greeted with a CSRF verification failed error.

Details of the error:

Origin checking failed - https://glitchtip.mydomain.com does not match any trusted origins.

Reading the documentation didn’t help much, and I'm not very familiar with Python or Django. So, I had to dig into the source code to find the solution.

The Solution

In my docker-compose file, I added the following environment variable to the GlitchTip service:

environment:
  - CSRF_TRUSTED_ORIGINS: https://glitchtip.mydomain.com

My full docker-compose file looks like this:

# Uncomment version if using an older version of docker compose
version: "3.8"
x-environment:
  &default-environment
  DATABASE_URL: postgres://path_to_db
  SECRET_KEY: some_secret_string # best to run openssl rand -hex 32
  PORT: 8080
  EMAIL_URL: smtp://smpt_creds_to_aws_ses # Example smtp://email:password@smtp_url:port https://glitchtip.com/documentation/install#configuration
  GLITCHTIP_DOMAIN: https://glitchtip.mydomain.com # Change this to your domain
  DEFAULT_FROM_EMAIL: glitchtip@mydomain.com # Change this to your email
  CELERY_WORKER_AUTOSCALE: "1,3"  # Scale between 1 and 3 to prevent excessive memory usage. Change it or remove to set it to the number of cpu cores.
  CELERY_WORKER_MAX_TASKS_PER_CHILD: "10000"
  CSRF_TRUSTED_ORIGINS: https://glitchtip.mydomain.com

x-depends_on:
  &default-depends_on
  - postgres
  - redis

services:
  postgres:
    image: postgres:16
    environment:
      POSTGRES_HOST_AUTH_METHOD: "trust"  # Consider removing this and setting a password
    restart: unless-stopped
    volumes:
      - pg-data:/var/lib/postgresql/data
  redis:
    image: redis
    restart: unless-stopped
  web:
    image: glitchtip/glitchtip
    depends_on: *default-depends_on
    ports:
      - "8080:8080"
    environment: *default-environment
    restart: unless-stopped
    volumes:
      - uploads:/code/uploads
  worker:
    image: glitchtip/glitchtip
    command: ./bin/run-celery-with-beat.sh
    depends_on: *default-depends_on
    environment: *default-environment
    restart: unless-stopped
    volumes:
      - uploads:/code/uploads
  migrate:
    image: glitchtip/glitchtip
    depends_on: *default-depends_on
    command: ./bin/run-migrate.sh
    environment: *default-environment

volumes:
  pg-data:
  uploads: