Authorization header format is "Authorization: Ghost [token]"

Hello. I’m new to the forum and hope someone can help me.
I used the search, but found nothing suitable.

Ghost: v2.34.0
Nginx: 1.14.0
Ubuntu: 16.04
Browser: doesn’t matter.

I followed the instructions you can find in [1]. I am using the Nginx configuration, which can be found in [2]. The only difference is that I use “auth_basic”.

location / {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $http_host;
  auth_basic            "Login";
  auth_basic_user_file  /var/www/.htaccess;

Unfortunately, I cannot log in to the admin interface. The error message is:

Authorization header format is “Authorization: Ghost [token]”

During setup and when I try to log in, this error message appears.

Does anyone know what I am doing wrong?

1] How to install & setup Ghost on Ubuntu 20.04 or 22.04

This is the problem, it’s overriding the authentication that Ghost itself uses. If you want to put your front-end behind basic auth that’s fine but you’ll need to exclude the /ghost/* routes from Basic Auth for the admin area to work.

Okay, this is working. Is there any chance that in future auth_basic will work? I don’t want to make my admin page accessible to the whole world.

Could you share your config how to get it working? I mean how to exclude the /ghost/* location?

1 Like

I just realised the admin domain also includes the API path: /ghost/api/. So if you’re planning to use any API or integrations, hiding your admin page behind an additional auth_basic will cause problems.

(I’d still be interested to hear solutions, though, for those who don’t plan to use integrations and just want their admin page hidden)

I’d like to know this too. I haven’t been able to figure it out yet :confused:

Deleted. Firefox restart fixed it.