I setup my ghost blog in a VM to self host. I established a CloudFlare Zero Trust tunnel. I have SSL set to strict. I can view the blog at its domain on the same network as the VM and the Search bar works. When I view the blog outside of my LAN from my phone or computer, the search bar doesnt work. Everything else seems fine though. Can anyone please help?
My ghost blog is set to the domain and not local IP.
My Nginx config is:
server {
listen 80;
listen [::]:80;
server_name name;
return 302 https://$server_name$request_uri;
}
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
server_name name;
location / {
add_header 'Access-Control-Allow-Origin' '*';
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:2368;
client_max_body_size 50m; # Increase if needed for uploads
}
}
1 Like
The search bar uses the Content API to build an index in the user’s browser; it looks like the API is protected by CFZT so the request is failing.
I’m not familiar with CFZT. Do you have any tips on how I can resolve it?
Got it figured. Never mind.
As the OP didn’t explain how they the fixed this, I"ll guess because I also self-host and sometimes see different behavior from within my network vs outside of it.
When the domain name of a blog resolves to an IP address, it could either by a public IP address that works for everyone, or a private IP address that only works on your network.
Once the translation has happened from domain names to IP addresses, routing tables specify how to get from set of IP addresses to another.
Now consider the case where you are on your home network trying to access a self-hosted blog on the same network, but you using the public DNS name.
There is already a direct private network route between you and the server. But the public domain name points the public IP address of your network, where the router has to understand how to resolve the issue.
The situation can be handled by “split DNS”, where the same domain name resolves to different IPs inside and outside the network, or it can be handled by “hairpin DNS”.
In my case, if I’m having trouble accessing my sellf-hosted blog from my phone while at home, I can temporarily turn off wifi on my phone, which causes the request to the website to come from outside the network through the cellular network rather than inside.
You can read more about split DNS or hairpin DNS if you run into problems like that:
If the OP had a different root cause, it would be great to hear what the solution was so others could benefit.
1 Like
