Ghost Issues or Bugs?

Not sure if this is a bug or something else related to configurations within Ghost.

The system specs are as follows:

OS: Ubuntu 22.04.3 LTS x86_64 
Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-8.1) 
Kernel: 5.15.0-105-generic 
CPU: AMD EPYC 7642 (2) @ 2.299GHz 
Memory: 881MiB / 3911MiB 
Disk (/): 13G / 29G (46%) 
Ghost-CLI version: 1.26.0
Ghost version: 5.82.3

While the website and the Ghost Console seems to be working fine, I am not able to search on the site and when in the Console and looking at Design and Branding, the preview does not show. See images below:

image1603×1018 66.7 KB

I am not seeing anything specific in the logs, so not sure what could be causing the issues. Any thoughts on direction or where to look would be greatly appreciated.

This problem usually relates to a reverse proxy not being set up correctly.

Can you share details of your setup?

Any errors in the browser console? (F12 to open dev tools…)

I have an external nginx reverse proxy that feeds to the server, then the Ghost install followed the Official Ghost install guide for Ubuntu, which has the local server nginx service running.

secdoc@ubuntu2204-kvm-svr:/var/www/secdoc$ sudo nginx
[sudo] password for secdoc: 
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
nginx: [emerg] still could not bind()
secdoc@ubuntu2204-kvm-svr:/var/www/secdoc$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2024-04-20 22:30:44 UTC; 1 day 17h ago
       Docs: man:nginx(8)
    Process: 680 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 726 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 745 (nginx)
      Tasks: 3 (limit: 4558)
     Memory: 11.3M
        CPU: 447ms
     CGroup: /system.slice/nginx.service
             ├─745 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             ├─746 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ">
             └─747 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ">

Apr 20 22:30:44 ubuntu2204-kvm-svr systemd[1]: Starting A high performance web server and a reverse proxy server...
Apr 20 22:30:44 ubuntu2204-kvm-svr systemd[1]: Started A high performance web server and a reverse proxy server.
secdoc@ubuntu2204-kvm-svr:/var/www/secdoc$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
secdoc@ubuntu2204-kvm-svr:/var/www/secdoc$ 

Here is the Dev Tools Output:

image1612×1023 204 KB

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793. (Reason: CORS request did not succeed). Status code: (null).

None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==”. ghost
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793. (Reason: CORS request did not succeed). Status code: (null).

None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==”.

The website site loads without an issue…

Your site URL is configured as http:

https://www.secdoc.tech/ghost/api/admin/site/

You need to update the configured Ghost URL to https://www.secdoc.tech/ (either through the env or config.production.json), and restart Ghost for the change to take effect.

Changing that seems to break the site redirects.

image1552×845 58.9 KB

So the site is using Cloudflare WAF to NGINX reverse Proxy to Server. The certs and such for the ssl live on the reverse proxy.

I have a single external IP that I have several services tied to, so the reverse proxy is performing forwarding based on URL/Port combinations.

This usually happens if the SSL mode is flexible

@vikaspotluri123 Can you clarify…I am not sure what you mean with that statement?

Here’s the CloudFlare docs on that, you’ll want to set it to full or full (strict):

@
That was already set within the Cloudflare configuration.

image1031×544 43.8 KB

Any other thoughts?

How did you install Ghost? Are you setting the X-Forwarded-Proto header when you proxy back?