I have a recent install of Grav, all plugins are up to date and running on Ubuntu 18.04/PHP 7.2/Apache.
Everything works fine browsing the site/admin panel on my LAN by IP, but if I use my URL either on LAN or WAN and try to log into the admin panel I get a red bar that says “Invalid Security Token”. A few pages have ACL, and if I try to login there I get an access denied message, again only over the URL.
The website is behind a Nginx reverse proxy that is also handling the SSL, and I’m pretty sure this is my issue… Nginx is just doing a proxy_pass to the IP:port of the Grav server. I’m just not sure where to start with the troubleshooting. I cannot find anything in the logs showing what the issue may be.
Secure to No
Reverse Proxy to Yes
Remote Verify Peer to Off