The Problem:
When I navigate to my homepage, everything works fine, no issues at all. When I navigate to /ghost
, however, it briefly displays the admin page without any CSS before quickly redirecting me to: /ghost/#/site
with no admin elements displayed (e.g. sidebar). There are 2 scroll bars, one for the homepage, and one for the admin view which primarily shows oversized icons and links without any styling (image). Note: this only happens after I am signed into the admin page. If I clear my cookies, I am presented with the login page to sign in. After signing in, I am redirected.
My Configuration:
- Running Ghost-CLI version 1.9.1 and Ghost version 2.21.0.
- Cloudflare <-> Nginx Reverse Proxy (Using Cloudflare’s origin certificate for SSL) <-> Ghost’s Nginx Server
- Ghost is configured to use https:// (Running
ghost config url https://...
did not change the Ghost Nginx configuration file, it was still set to port 80, so I made a self-signed certificate that my reverse proxy verified and set the Ghost Nginx server to use port 443… Maybe the problem lies here?)
Questions:
- Has anyone else done what I am doing (Using Cloudflare’s SSL with a seperate reverse proxy sitting between the internet and Ghost’s Nginx)? Is there a better way to accomplish this?
- Previous to this specific issue, I was having problems where the Ghost admin page was sending mixed http/https content back to the browser (The homepage was not, however), which made me realize I did not have Ghost configured to use https. I set my Ghost instance URL to use https, and that’s when these issues started happening… Did I miss a step here?
Configurations:
Ghost Nginx Configuration
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.carsonseese.com;
root /var/www/ghost/system/nginx-root;
ssl_certificate /etc/nginx/ssl/cloudflare.pem;
ssl_certificate_key /etc/nginx/ssl/cloudflare.key;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
Nginx Reverse Proxy Configuration
server {
server_name blog.carsonseese.com;
listen 80;
listen 443 ssl;
include /etc/nginx/cloudflare-allow.conf;
deny all;
ssl_certificate /etc/nginx/ssl/cloudflare/carsonseese.com/pem;
ssl_certificate_key /etc/nginx/ssl/cloudflare/carsonseese.com/key;
location / {
proxy_pass https://192.168.150.17;
proxy_ssl_trusted_certificate /etc/nginx/ssl/cloudflare/carsonseese.com/pem;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 50m;
client_body_buffer_size 128k;
}
access_log /var/log/nginx/access.log;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}