So I spent a couple hours with this, I realized this issue relates heavily to this post so if anyone wants to delete this one, or merge it with that one be my guest.The solution, as stated in the post, was updating the nginx files, but the changes referenced in that git file weren’t sufficient for me. I also have very little experience with this kind of stuff, so all I know is from reading though these forum posts, github PRs and using ChatGPT. But basically changing my ssl to this
#ssl certs, etc...
# ActivityPub proxy (HTTPS)
location ~ /.ghost/activitypub/* {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host; #Note this addition
add_header X-Content-Type-Options $header_content_type_options;
proxy_ssl_server_name on;
proxy_pass https://ap.ghost.org;
}
# WebFinger & NodeInfo (HTTPS)
location ~ /.well-known/(webfinger|nodeinfo) {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host; #Note this addition
add_header X-Content-Type-Options $header_content_type_options;
proxy_ssl_server_name on;
proxy_pass https://ap.ghost.org;
}
# Main app proxy
location / {
proxy_set_header X-Forwarded-Host $http_host; #Note this addition
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
add_header X-Content-Type-Options $header_content_type_options;
}
client_max_body_size 1g;
}
My non-ssl one looks like this:
#root, servername, etc ...
# ActivityPub proxy (HTTP)
location ~ /.ghost/activitypub/* {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host; #Note this addition
add_header X-Content-Type-Options $header_content_type_options;
proxy_ssl_server_name on;
proxy_pass https://ap.ghost.org;
}
# WebFinger & NodeInfo (HTTP)
location ~ /.well-known/(webfinger|nodeinfo) {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host; #Note this addition
add_header X-Content-Type-Options $header_content_type_options;
proxy_ssl_server_name on;
proxy_pass https://ap.ghost.org;
}
# ACME only (don’t shadow other .well-known paths)
location ^~ /.well-known/acme-challenge/ { allow all; }
# Everything else → HTTPS
location / {
return 301 https://$host$request_uri;
}
client_max_body_size 50m;
}
That did the job for me. Hope it helps someone else with the same issue.