Thank you, I will give that a try! While I am logged in on my current browser I can’t seem to login if I go to incognito (or a new session.) My username/password isn’t working even though I certainly didn’t change it. I just get, “Failed to send email. Please check your site configuration and try again.” I likely don’t have working mail services setup at the moment. Is there something I am missing here? This is an odd one.
You either need to configure email (a good idea!), or you can disable device verification (the 2fa email code) by adding this to your config:
`{
“security”: {
“staffDeviceVerification”: false
}
}
`
After adding the nginx config I noticed that there was a missmatch between nginx port forward port and the port Ghost was running on. I fixed it and now everything is working again!
Hey everyone,
Ghost 6.0.3 contains a fix for self-hosters that use a separate domain for their site and Ghost Admin:
Is it possible to use ActivityPub in the following scenario?
- Self-hosted Ghost, Public ActivityPub
- Separate admin URL: admin.domain[.]com is the admin URL, public URL is www.domain[.]com
- Admin URL is not publicly available - no DNS records published for admin.domain[.]com
- location ~ /ghost/api/admin/site is not limited to specific internal IPs in nginx reverse proxy
- location ~ /ghost/ is limited to specific internal IPs in nginx reverse proxy
I have this set up configured to limit the attack surface of my blog. When I configure my nginx reverse proxy to allow access to www.domain[.]com/ghost/api/admin/site/, I get an infinite number of redirects if I’m internal and the URL bar reflects admin.domain[.]com/ghost/api/admin/site. If I’m external the URL bar reflects admin.domain[.]com/ghost/api/admin/site and it can’t be found, obviously because admin.domain[.]com is not published.
Just wondering if this scenario / behavior has been accounted for / should be working properly / is expected behavior. Thanks!
Hey team,
I have the same problem. Is there a solution?
- Self-hosted Ghost
- The admin URL is the same as the public one
- I have already added these rules to the nginx config: Added activitypub path to nginx by rmgpinto · Pull Request #1963 · TryGhost/Ghost-CLI · GitHub
- Ghost-CLI version: 1.28.3
- Ghost version: 6.1.0
Ghost Log:
[2025-10-03 09:04:48] INFO "GET /.ghost/activitypub/v1/feed/reader/" 404 42ms [2025-10-03 09:04:48] INFO "GET /.ghost/activitypub/users/index/" 404 35ms
[2025-10-03 09:04:48] INFO "GET /.ghost/activitypub/v1/account/me/" 404 63ms [2025-10-03 09:04:49] INFO "GET /.ghost/activitypub/v1/account/me/follows/following/" 404 37ms
[2025-10-03 09:04:49] INFO "GET /.ghost/activitypub/v1/blocks/accounts/" 404 70ms [2025-10-03 09:04:50] INFO "GET /.ghost/activitypub/v1/blocks/domains/" 404 43ms [2025-10-03 09:04:50] INFO "GET /.ghost/activitypub/v1/notifications/unread/count/" 404 26ms
Part of nginx conf:
`location ~ /.ghost/activitypub/* {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
add_header X-Content-Type-Options $header_content_type_options;
proxy_ssl_server_name on;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known/(webfinger|nodeinfo) {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
add_header X-Content-Type-Options $header_content_type_options;
proxy_ssl_server_name on;
proxy_pass http://127.0.0.1:2368;
}`
Thanks!
This tells me your nginx conf isn’t right. Traffic to .ghost/activitypub should be going to the activitypub server (ap.ghost.org), not to your Ghost install.
You linked the PR that has the right values, and you’ll see if you check it again that you’re supposed to proxypass ``http://ap.ghost.org, but you’ve got your Ghost install listed instead.
(If you’re trying to self-host ActivityPub, then you need to be pointing to your activitypub container, still not to your Ghost install.)
Make sure you reload NginX and then restart Ghost after making changes.
@Denis_Doroshchuk are you using Cloudflare?
Might be helpful to check the network tab. What domain is the request going to, when it redirects?
Don’t know if this might be of use, but worth a try:
Cathy! You helped me solve the issue I’ve been having for 3 sites!
Thank you so much!
Hi all, sorry but I’ve been trying to figure out what’s going on with ActivityPub for self hoster and haven’t succeeded.I’m using Docker Image from Coolify cloud to deploy Ghost 6.5.3. I’m deploying a separate MySQL instance that I’ve linked to my Ghost instance using environment variables and everything works fine, except for ActivityPub.
I’m not using Caddy, but Traefik, which is used by Coolify by default.I’m completely lost because I’m not a developer, I’m just tinkering around and up until now I’ve been managing pretty much on my own, but this feature escapes me.Can anyone give me some guidance on what I need to do to at least get started on solving this problem?
You need a section in your compose with labels and have traefik proxy ap.ghost.org
what is ap.ghost.org ? The link is broken
That’s the proxy you have to configure via labels for ActivityPub to work. My best recommendation is to just have it configured via Docker Compose with Caddy instead of reinventing the wheel if you cannot get it figured out. I have no experience with Coolify at all, but I do have some knowledge with Traefik, but it’s really not worth the hassle as a selfhoster.