Authorization header format is "Authorization: Ghost [token]"

daseddy · October 10, 2019, 1:01pm

Hello. I’m new to the forum and hope someone can help me.
I used the search, but found nothing suitable.

System:
Ghost: v2.34.0
Nginx: 1.14.0
Ubuntu: 16.04
Browser: doesn’t matter.

I followed the instructions you can find in [1]. I am using the Nginx configuration, which can be found in [2]. The only difference is that I use “auth_basic”.

location / {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $http_host;
  proxy_pass http://127.0.0.1:2368;
  auth_basic            "Login";
  auth_basic_user_file  /var/www/.htaccess;
 }

Unfortunately, I cannot log in to the admin interface. The error message is:

Authorization header format is “Authorization: Ghost [token]”

During setup and when I try to log in, this error message appears.
Screenshot:
ghost_error

Does anyone know what I am doing wrong?

1] How to install & setup Ghost on Ubuntu 20.04 or 22.04
[2] https://github.com/TryGhost/Ghost-CLI/blob/master/extensions/nginx/templates/nginx-ssl.conf#L14

Kevin · October 10, 2019, 1:21pm

This is the problem, it’s overriding the authentication that Ghost itself uses. If you want to put your front-end behind basic auth that’s fine but you’ll need to exclude the /ghost/* routes from Basic Auth for the admin area to work.

daseddy · October 10, 2019, 1:30pm

Okay, this is working. Is there any chance that in future auth_basic will work? I don’t want to make my admin page accessible to the whole world.

mfdlr · November 13, 2019, 8:59pm

Could you share your config how to get it working? I mean how to exclude the /ghost/* location?

badrihippo · September 27, 2020, 10:54am

I just realised the admin domain also includes the API path: /ghost/api/. So if you’re planning to use any API or integrations, hiding your admin page behind an additional auth_basic will cause problems.

(I’d still be interested to hear solutions, though, for those who don’t plan to use integrations and just want their admin page hidden)

badrihippo · September 27, 2020, 10:58am

I’d like to know this too. I haven’t been able to figure it out yet

vurt · February 3, 2021, 1:20am

Deleted. Firefox restart fixed it.

Topic		Replies	Views
Getting Ghost API to redirect properly Developer help	2	716	January 2, 2019
Can't sign in to admin dashboard on Chrome Browser Self-hosting	2	573	August 23, 2022
Ghost Admin is a blank page with missing css and js but /blog is working Developer help	3	1498	November 22, 2018
Problems uploading content with Ghost + Docker + Nginx/Apache proxy_pass Installation	2	1334	June 6, 2020
Ghost Assets and Admin Page 404ing with Custom Nginx Config Developer help	1	933	October 6, 2019

Authorization header format is "Authorization: Ghost [token]"

Related topics