I have https which is a certificate from Cloudflare.

My Nginx server has the configurations from the documentation.
When I have enabled: “url: “http://forum.example.com” - login works.

When I set in config.json
“url: “https://forum.example.com” - error

Error message:

Login failed.
Login failed, probably due to session expiration. Try again.

In the URL, there is an error: "https://forum.example.com/login?error=csrf-invalid"

It needs https because, without it, the Google SSO plugin doesn't work for me

my nginx:

server {
         listen 80;
         server_name example.com;
         return 301 https://forum.example.com;
}


server {
    listen 80;

    server_name forum.example.com www.forum.example.com;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        client_max_body_size 10M;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Where is your 443 server block?

 server {
     listen               443 ssl http2;

I have SSL from the Cloudflare proxy - do I still need SSL on the Nginx?

I am not sure whether that might cause issues. You can test and let us know.

I know that for this site we have CloudFlare SSL (set to Full Strict), and also deploy our own certificate with nginx.