Clean install error 403 admin login

Developer help Installation
1

I just installed the latest version of Ghost 6 on a clean VPS with Ubuntu 24.04.3.

Node is v22.19.0.

Ghost Doctor doesn’t give any errors.

I followed the official guide in the Ghost documentation.

When I try to log in as admin, I get this:

There was a problem on the server.

vendor-aed0068cf9b67d042dd23a6343545b7b.js:492  GET https://example.com/ghost/api/admin/users/me/?include=roles 403 (Forbidden)

{
    "message": "Authorization failed",
    "context": "Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication.",
    "type": "NoPermissionError",
    "details": null,
    "property": null,
    "help": null,
    "code": null,
    "id": "076d8880-8c95-11f0-9245-cb6e031f245a",
    "ghostErrorCode": null
}

I don’t use proxies or services like claudeflare or anything else.
Everything is extremely clean and simple.
What could be the problem?
Do you need any additional information for debugging?

Thanks for help

2

Is login actually broken or are you just seeing the 403 error? A 403 is expected, it’s the server saying you’re not logged in yet when the admin app makes an API request to check.

3

  • The frontend is working properly.

  • The /ghost URL is visible, and I can see the page and the login form correctly. If I open the console, I immediately see “ghost/api/admin/users/me/?include=roles 403 (Forbidden)

  • When I try to log in, I see the preloader on the “sign in” button until it times out “504 Gateway Time-out,” and the header “There was a problem on the server” appears at the top.

4

So the 403 is expected and not a problem. The gateway error is a problem, you’ll need to review your proxy server and Ghost logs to see what the issue is.

I expect it’s a mail issue where your transactional email config isn’t set up in a working manner meaning the 2FA email that’s sent when logging in from an unknown browser is timing out when attempting to be sent. There are numerous topics for that on the forum if you search :slight_smile:

5

Has anything changed in the Ghost core that’s causing this issue?

I’ve done dozens of Ghost installations, and I’ve never encountered this problem.

I’ve never had to change anything in the configuration after a clean install to log in as admin.

I just want to log in; I’m not interested in sending emails right now.

6

I figured out the problem, I left it “Direct” but I noticed that the “staffDeviceVerification” variable was set to True for some reason, I set it to “False” and now I can log in without any problems

1 Like