Ghost serves images over HTTP randomly causing chrome warnings

Hello all,

After setting up my SSL cert on www.fastcomet.org I am getting warnings on some pages due to mixed content being served. The error makes sense:

• The page is served over https, however it requests images over http.
• Also, “A cookie associated with a resource at http://ethical-business-principles.com/ was set with SameSite=None but without Secure”

It seems to me that Ghost should have some configuration set so that all is run/served in HTTPS mode. The weird thing is this:

• issues with http-requested img’s seem to occur on pages, not posts. However, on the page
  https://ethical-business-principles.com/creative-commons/ one image is correctly loaded (over https) and the other incorrectly (http), so Ghosts behaviour seems to be inconsistent…

More info/context

• Version: Ghost 3.2.0
• Config (site is running in development mode so this is config.development.json:

  GNU nano 2.0.9                                File: config.development.json

{
  "url": "https://ethical-business-principles.com/",
  "server": {
    "port": 2368,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "sqlite3",
    "connection": {
      "filename": "/home/erikstes/public_html/content/data/ghost-local.db"
    }
  },
  "mail": {
    "transport": "Direct"
  },
  "logging": {
    "transports": [
      "file",
      "stdout"
    ]
  },
  "process": "local",
  "paths": {
    "contentPath": "/home/erikstes/public_html/content"
  }
}

• Google Chrome browser
• When I try to run ghost setup ssl in the server terminal I get the following error:

Found a development config but not a production config, running in development mode instead
Nginx config file does not exist, skipping SSL setup

However, my setup includes Apache, not Nginx. Is there any docs on how to set Apache up correctly?

Meanwhile this problem has been solved. I needed to restart Ghost which I did not do after changing my json config file. After that I needed to remove and re-add some posts and pictures in order for https to fully work

Hi Waingor, I’m having the same issue in fastcomet, can you tell me if you could solve it and how?

Thank you!

Check my last post in this thread : ) That’s what I did. Also make sure that you dont have any hard coded HTTPS url’s in your posts / page URLs. If the problem persists and it seems to be theme related: contact the creators of maxim, you can find their details on theme forest. They are cool and respond very quickly. Good luck Diego

Hey Waingor, I told fastcomet that the problem was the install of ghost was made using the HTTP url and ask them if they could change it for the HTTPS. They did, and everything was fixed.

Thank you!

@Diego I’m on FastComet too, but I’m not seeing the change… could you please spin up a fresh Ghost instance and then look at the url: initially set in the config.development.json file?

I did on just now and here is the config.development.json file:

test1287×1064 91 KB

Here is how I fix this. (I simply edit my Ghost site files in the browser-based File Manager of my cPanel-hosted Ghost sites.)

(Also note that after making the below change, you may need to Restart your Ghost and/or possibly also re-upload the offending images in your posts to reset the URLs in the database.)

Anyhoo, this first block of code below shows the entire contents of the config.development.json file in the root directory of my Ghost site.

Here you can see that that the “url”: was (by default, at the time of installation) set to http instead of https (as it should be, to prevent a bunch of glitchy error notices i.e. images and other content links either not working, or redirecting to https paths):

{
  "url": "http://keeper.gwarp.com/",
  "server": {
    "port": 2379,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "sqlite3",
    "connection": {
      "filename": "/home/gwarp/KEEPER/content/data/ghost-local.db"
    }
  },
  "mail": {
    "transport": "Direct"
  },
  "logging": {
    "transports": [
      "file",
      "stdout"
    ]
  },
  "process": "local",
  "paths": {
    "contentPath": "/home/gwarp/KEEPER/content"
  }
}

In this second block of code you can see that I’ve just changed http to https (while leaving everything else as-is):

{
  "url": "https://keeper.gwarp.com/",
  "server": {
    "port": 2379,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "sqlite3",
    "connection": {
      "filename": "/home/gwarp/KEEPER/content/data/ghost-local.db"
    }
  },
  "mail": {
    "transport": "Direct"
  },
  "logging": {
    "transports": [
      "file",
      "stdout"
    ]
  },
  "process": "local",
  "paths": {
    "contentPath": "/home/gwarp/KEEPER/content"
  }
}

HAHAHA this is pure comedy for me.

Images serving over HTTP instead of HTTPS? That’s 100% because of the incorrect way fastcomet runs ghost on their shared hosting environment. My god. Stop recommending it, stop using it for ghost.