Hi,

I'm having troube installing my OpenProject instance on my server. I installed OpenProject in a virtual machine using the default settings. When I create an SSH tunnel and open the VM in a browser everything works fine. However, when opening the same website using reverse proxy things are not so fine.

1. During login, I'm getting Unable to verify Cross-Site Request Forgery token. Did you try to submit data on multiple browsers or tabs? Please close all tabs and try again. It's impossibble to login due to this error.
2. When I once magically happened to login, almost every link I open opens in a new tab. This seems very odd to me and doesn't look like the default behaviour.

Here's the current state of my Nginx config, which was originally taken from here:

upstream web {
    server 1.2.3.4;
}

server {

	server_name example.com;

    location / {
        proxy_pass_header  Server;
        proxy_set_header   Host $http_host;
        proxy_set_header   X-Real-IP $remote_addr;
        #proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   X-Scheme $scheme;
        proxy_redirect     off;
        proxy_pass         http://web/;
	}

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name example.com;
    return 404; # managed by Certbot


}

Some people recommended to set under Settings -> General the proto option to HTTPS. But there is no such an option in my installation.

What am I doing wrong?

Sam