Hi, logging in to the Ghost admin doesn’t work for me at the moment and I think it’s because the API server is not redirecting properly.
If I call:
curl -I https:///ghost/api/v2/admin/session
I get the following:
date: Thu, 27 Dec 2018 13:09:48 GMT
strict-transport-security: max-age=15724800; includeSubDomains; preload
The redirect URL is with HTTP instead of HTTPS, so my browser blocks the request which is why I think login fails.
I am running Ghost 2.9.1 as a Docker container. I have set the url environment variable with the correct protocol (HTTPS). The server is running behind an nginx reverse proxy which is configured with proxy_set_header X-Forwarded-Proto https.
Is there some other config I’m missing?