lsin
March 5, 2020, 7:49pm
1
I’m using the docker image to intall ghost. I pulled the latest image 3.9.0 then run it with
docker run -d --name ghostx -e url=http://blog.writ.design -p 3001:2368 --restart=always -v /home/ubuntu/ghost/blog:/var/lib/ghost/content ghost
And I intalled nginx for reverse proxy and ssl. It seems work fine, but I find the admin page shows Mixed Content, google it for some help get two related issues.
opened 02:26AM - 13 Jun 17 UTC
closed 06:11PM - 18 Oct 17 UTC
bug
server / core
needs info
Something that really annoys me when trying to get my posts to work with https i… s that dragging an image into the ghost editor will automatically point to the http version of the image. This means that my page is only partially secure, and to fix it I have to go through every image.
opened 10:31PM - 12 Feb 18 UTC
closed 09:11AM - 13 Feb 18 UTC
Welcome to Ghost's GitHub repo! 👋🎉
Do you need help or have a question? Pleas… e come chat in Slack: https://ghost.org/slack 👫. Found a bug? Please fill out the sections below... thank you 👍
### Issue Summary
My blog is self-hosted using an https site and I am getting the following warning that is in Chrome. I've replaced my actual domain with <my domain> in the error message for my personal privacy.
/ghost/#/signin:1 Mixed Content: The page at 'https://<mydomain>/ghost/#/signin' was loaded over HTTPS, but requested an insecure image 'http://<mydomain>/content/images/2018/02/favicon.ico?t=1518474189048'. This content should also be served over HTTPS.
### Steps to Reproduce
1. Configure NGINX as an SSL proxy to ghost
2. Browse to your personal ghost website /admin and login. After logging in, the lock icon on the browser changes to indicate insecure. Chrome throws the error listed above indicating that favicon.ico is being loaded over http (not https), despite the rest of the content being served as https.
Any other info e.g. Why do you consider this to be a bug? What did you expect to happen instead?
I would expect favicon.ico to be served over https like all of the rest of the data.
### Technical details:
* Ghost Version: 1.21.1
* Node Version: 6.11.2
* Browser/OS: FireFox and Chrome on OpenBSD
* Database: sqlite
Then I run the image with url=https,I fall into a endless redir loop. No matter how I modify the nginx configuration file, it is useless. Here is my current configuration
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3001;
proxy_redirect off;
}
}
Then I try to curl the docker port.
curl -I 127.0.0.1:3001
HTTP/1.1 301 Moved Permanently
X-Powered-By: Express
Cache-Control: public, max-age=31536000
Location: https://127.0.0.1/
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 52
Date: Thu, 05 Mar 2020 19:47:33 GMT
Connection: keep-alive
curl -I https://127.0.0.1:3001
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
lsin
March 5, 2020, 8:09pm
2
I used to deploy rocket.chat, which is also a node.js app. It runs with ROOT_URL=http://localhost:3000.
Kevin
March 5, 2020, 9:04pm
3
-e url=http://blog.writ.design
This needs to be -e url=https://blog.writ.design if you are using https.
lsin
March 6, 2020, 6:10am
4
pls read the complete question, I tried change it to https.
lsin
March 6, 2020, 6:12am
5
If I change nginx conf at the same time like proxy_pass https://127.0.0.1:3001 ;
[error] 16464#16464: *11 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 38.147.160.61, server: blog.writ.design, request: "HEAD / HTTP/2.0", upstream: "https://127.0.0.1:3001/", host: "blog.writ.design"
Kevin
March 6, 2020, 9:35am
6
That sounds like you’re missing the x-forwarded-proto header.
You can see example nginx setup in the Ghost-CLI package which is the official/supported install method https://github.com/TryGhost/Ghost-CLI/blob/master/extensions/nginx/templates/nginx-ssl.conf