Reverse proxy to dradis: nginx config advice

Hi Team! I like using dradis, and am standing up one on a local LAN and trying to proxy it with nginx (instead of locally on my machine). Using self-signed certs, and my nginx config is as below:

It seems to work fine at first, loads up GET request of page in browser and accepts the initial password - but then I cannot login with any user. (“Please sign in first. Access denied.”) Curiously, if i poke a hole in the firewall and access directly from http://IP:3000, it does allow logging in, so i believe this to be a proxy issue not handing parts of dradis pages properly. Does anyone have an example of a working config they could post? Thank you!!

nginx config in /etc/nginx/sites-enabled/local :
server {
listen 80;
return 301 https://$host$request_uri;
#redirect all http 80 traffic to https 443
server {
listen 443 ssl;
server_name local;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://localhost:3000; # slashes here can be bullshit, be careful

Hi @smolbytes, I’m assuming you’re getting the error: ActionController::InvalidAuthenticityToken when logging in. Try adding the following directives inside the location block:

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on
proxy_set_header X-Forwarded-Port 443
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass ....