Can't get full site ssl

I’m using the docker image to intall ghost. I pulled the latest image 3.9.0 then run it with

docker run -d --name ghostx -e url= -p 3001:2368 --restart=always -v /home/ubuntu/ghost/blog:/var/lib/ghost/content ghost

And I intalled nginx for reverse proxy and ssl. It seems work fine, but I find the admin page shows Mixed Content, google it for some help get two related issues.

Then I run the image with url=https,I fall into a endless redir loop. No matter how I modify the nginx configuration file, it is useless. Here is my current configuration

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_redirect off;


Then I try to curl the docker port.

curl -I                             
HTTP/1.1 301 Moved Permanently
X-Powered-By: Express
Cache-Control: public, max-age=31536000
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 52
Date: Thu, 05 Mar 2020 19:47:33 GMT
Connection: keep-alive

curl -I                       
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number

I used to deploy, which is also a node.js app. It runs with ROOT_URL=http://localhost:3000.
but it works fine behind nginx.

-e url=

This needs to be -e url= if you are using https.

pls read the complete question, I tried change it to https.
It cause a endless redirect loop.

If I change nginx conf at the same time like proxy_pass;
It cause a ssl handshake failed.

[error] 16464#16464: *11 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client:, server:, request: "HEAD / HTTP/2.0", upstream: "", host: ""

That sounds like you’re missing the x-forwarded-proto header.

You can see example nginx setup in the Ghost-CLI package which is the official/supported install method

1 Like