Authorization header format is "Authorization: Ghost [token]"

Hello. I’m new to the forum and hope someone can help me.
I used the search, but found nothing suitable.

Ghost: v2.34.0
Nginx: 1.14.0
Ubuntu: 16.04
Browser: doesn’t matter.

I followed the instructions you can find in [1]. I am using the Nginx configuration, which can be found in [2]. The only difference is that I use “auth_basic”.

location / {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $http_host;
  auth_basic            "Login";
  auth_basic_user_file  /var/www/.htaccess;

Unfortunately, I cannot log in to the admin interface. The error message is:

Authorization header format is “Authorization: Ghost [token]”

During setup and when I try to log in, this error message appears.

Does anyone know what I am doing wrong?


This is the problem, it’s overriding the authentication that Ghost itself uses. If you want to put your front-end behind basic auth that’s fine but you’ll need to exclude the /ghost/* routes from Basic Auth for the admin area to work.

Okay, this is working. Is there any chance that in future auth_basic will work? I don’t want to make my admin page accessible to the whole world.

Could you share your config how to get it working? I mean how to exclude the /ghost/* location?