Password reset, unable to do it, even writing to the db

I forgot the password to the site I setup long ago, this is self-hosted. I don’t recall setting up email, so I skipped the normal methods and went right for writing to the db directly. For some reason I have yet to determine, even writing to the db directly does not work, that is I am still unable to login.

As my normal linux user I logged into mysql using the user/pass that ghost uses, I copied it right from the config file. No issues there.

mysql -u ghostusr -p 

Then I selected the db, and queried the users table to double check that I had the right email. Then I issued

UPDATE users SET password='$2y$10$oR1hPXrohuS8PyIFDwWSTO2EOH.rH7nhes7Bpufd3x4Fm1JKSIo1y' WHERE email = '022-449@example.com'

I used the right email, I’ve redacted it here. I generated the bcrypt hash using the following

htpasswd -bnBC 10 "" password | tr -d ':\n'

When I open the site in my Firefox browser and visit https://site/ghost/ I see in the Ngnix logs

==> /var/log/nginx/access.log <==
10.0.20.5 - - [16/Jan/2025:13:10:58 -0500] "GET /ghost/ HTTP/1.1" 200 1841 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:58 -0500] "GET /ghost/assets/vendor-0ede59da8efb5e28fa929557f7ff7154.css HTTP/1.1" 499 0 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:58 -0500] "GET /ghost/assets/videos/logo-loader-d91f93ba1dbf0f52a22815b5a571bd31.mp4 HTTP/1.1" 499 0 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:58 -0500] "GET /ghost/assets/img/apple-touch-icon-74680e326a7e87b159d366c7d4fb3d4b.png HTTP/1.1" 499 0 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:58 -0500] "GET /ghost/assets/img/favicon-a9c6dbdcdc3ae568f4e0dad92149a0e3.ico HTTP/1.1" 499 0 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:58 -0500] "GET /ghost/api/admin/users/me/?include=roles HTTP/1.1" 400 303 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:58 -0500] "GET /ghost/api/admin/site/ HTTP/1.1" 200 301 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:59 -0500] "GET /ghost/api/admin/users/me/?include=roles HTTP/1.1" 400 303 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:59 -0500] "GET /ghost/api/admin/site/ HTTP/1.1" 200 301 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:10:59 -0500] "GET /ghost/api/admin/authentication/setup/ HTTP/1.1" 200 27 "-" "-"

I then enter username and password into FIrefox and see the following in Nginx access log, nothing shows up in the error log. In the browser I’m returned to the page like nothing happened.

10.0.20.5 - - [16/Jan/2025:13:12:25 -0500] "POST /ghost/api/admin/session HTTP/1.1" 201 7 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:25 -0500] "GET /ghost/api/admin/users/me/?include=roles HTTP/1.1" 400 303 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:25 -0500] "DELETE /ghost/api/admin/session HTTP/1.1" 204 0 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:25 -0500] "GET /ghost/api/admin/config/ HTTP/1.1" 499 0 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:26 -0500] "GET /ghost/ HTTP/1.1" 200 1841 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:26 -0500] "GET /ghost/api/admin/users/me/?include=roles HTTP/1.1" 400 303 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:26 -0500] "GET /ghost/api/admin/site/ HTTP/1.1" 200 301 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:26 -0500] "GET /ghost/api/admin/users/me/?include=roles HTTP/1.1" 400 303 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:26 -0500] "GET /ghost/api/admin/site/ HTTP/1.1" 200 301 "-" "-"
10.0.20.5 - - [16/Jan/2025:13:12:26 -0500] "GET /ghost/api/admin/authentication/setup/ HTTP/1.1" 200 27 "-" "-"
$ ghost doctor

Love open source? We’re hiring JavaScript Engineers to work on Ghost full-time.
https://careers.ghost.org


✔ Checking system Node.js version - found v18.17.1
✔ Checking logged in user
✔ Ensuring user is not logged in as ghost user
✔ Checking if logged in user is directory owner
✔ Checking current folder permissions
✔ Checking system compatibility
✔ Checking for a MySQL installation
+ sudo systemctl is-active ghost_packetinspection-net
Instance is currently running
ℹ Validating config [skipped]
✔ Checking folder permissions
✔ Checking file permissions
✔ Checking content folder ownership
✔ Checking memory availability
✔ Checking binary dependencies
✔ Checking free space
✔ Checking systemd unit file
✔ Checking systemd node version - found v18.17.1

I am lost as to why this isn’t working. From a network perspective I have a “complicated” setup, as in reverse proxy which terminates the SSL, but otherwise I think it is a typical site. Is there a way for me to get more logs/debug info from ghost proper? It appears nginx, etc. is working as it should.

Alternate option: stop ghost. Start it with ghost run -D which writes spammy logging to the terminal.

Request a password reset. It’ll error, but you’ll have the email sent in your output to terminal and can paste the link in the browser.

Or configure email :)

Looks like the login request is succeeding because it returns a 201 but the subsequent request to fetch the logged in user is returning a 400 which then causes the Admin client to log out because it’s detected a “logged out” state.

I’d check your Ghost logs (or do what @Cathy_Sarisky mentions above) to see if there’s a reason for the 400. If you don’t see the corresponding GET request in the Ghost logs, work out where in your network stack the 400 is coming from - I have a feeling it may not be coming from Ghost as it’s not a typical error code we serve.

1 Like

I forgot to say, I tried setting up email, but I never saw any connection to the postfix instance running on the same machine.

I tried running it like you suggested and got the following. I’m not using SQLite. :-(

$ ghost run -D

Love open source? We’re hiring JavaScript Engineers to work on Ghost full-time.
https://careers.ghost.org

The `ghost run` command is used by the configured Ghost process manager and for debugging. If you're not running this to debug something, you should run `ghost start` instead.
+ sudo node current/index.js
[2025-01-16 19:34:43] INFO Ghost is running in development...
[2025-01-16 19:34:43] INFO Listening on: 127.0.0.1:2368
[2025-01-16 19:34:43] INFO Url configured as: http://localhost:2368/
[2025-01-16 19:34:43] INFO Ctrl+C to shut down
[2025-01-16 19:34:43] INFO Ghost server started in 0.555s
[2025-01-16 19:34:43] ERROR SQLITE_CANTOPEN: unable to open database file

SQLITE_CANTOPEN: unable to open database file

"Unknown database error"

Error ID:
    500

Error Code:
    SQLITE_CANTOPEN

----------------------------------------

Error: SQLITE_CANTOPEN: unable to open database file
    at /data/www/packetinspection.net/versions/5.106.1/node_modules/knex-migrator/lib/database.js:57:19

[2025-01-16 19:34:43] WARN Ghost is shutting down
[2025-01-16 19:34:43] WARN Ghost has shut down
[2025-01-16 19:34:43] WARN Ghost was running for a few seconds

Here is the config file (db password obfuscated)

$ cat config.production.json
{
  "url": "http://packetinspection.net/",
  "server": {
    "port": 2368,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "mysql",
    "connection": {
      "host": "127.0.0.1",
      "user": "ghostusr",
      "password": "word-word-word-word-word-word",
      "database": "ghostpacket"
    }
  },
  "mail": {
    "transport": "Direct"
  },
  "logging": {
    "transports": [
      "file",
      "stdout"
    ]
  },
  "process": "systemd",
  "paths": {
    "contentPath": "/data/www/packetinspection.net/content"
  }
}

Thank you Kevin. I finally found the ghost logs, until now they have eluded me, and am checking them now.

I found what I believe to be the issue, my LB configuration needs fixing.

{“name”:“Log”,“hostname”:“ghost001”,“pid”:17568,“level”:50,“version”:“5.106.1”,“req”:{“meta”:{“requestId”:“7f2cabce-2fec-4b18-8e36-6f953d79e258”,“userId”:null},“url”:“/users/me/?include=roles”,“method”:“GET”,“originalUrl”:“/ghost/api/admin/users/me/?include=roles”,“params”:{},“headers”:{“x-forwarded-for”:“10.0.0.188, 10.0.20.5”,“x-forwarded-proto”:“http”,“x-real-ip”:“10.0.20.5”,“host”:“packetinspection.net”,“connection”:“close”,“accept”:“application/json, text/javascript, /; q=0.01”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate, br, zstd”,“content-type”:“application/json; charset=UTF-8”,“x-ghost-version”:“5.106”,“app-pragma”:“no-cache”,“x-requested-with”:“XMLHttpRequest”,“dnt”:“1”,“sec-gpc”:“1”,“sec-fetch-dest”:“empty”,“sec-fetch-mode”:“cors”,“sec-fetch-site”:“same-origin”,“cookie”:“REDACTED”},“query”:{“include”:“roles”}},“res”:{“_headers”:{“x-powered-by”:“Express”,“content-version”:“v5.106”,“vary”:“Accept-Version, Accept-Encoding”,“cache-control”:“no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0”,“content-type”:“application/json; charset=utf-8”,“content-length”:“303”,“etag”:“W/"12f-YbTuCNZp51ejn2LcG+HWh0oBYMQ"”},“statusCode”:400,“responseTime”:“15ms”},“err”:{“id”:“b9b79470-d446-11ef-a41f-fb2057e38aab”,“domain”:“http://packetinspection.net/",“code”:null,“name”:“BadRequestError”,“statusCode”:400,“level”:“normal”,“message”:"Request made from incorrect origin. Expected ‘https://packetinspection.net’ received ‘http://packetinspection.net’.”,“stack”:“BadRequestError: Request made from incorrect origin. Expected ‘https://packetinspection.net’ received ‘http://packetinspection.net’.\n at cookieCsrfProtection (/data/www/packetinspection.net/versions/5.106.1/node_modules/@tryghost/session-service/lib/session-service.js:93:19)\n at Object.getUserForSession (/data/www/packetinspection.net/versions/5.106.1/node_modules/@tryghost/session-service/lib/session-service.js:327:13)\n at async authenticate (/data/www/packetinspection.net/versions/5.106.1/core/server/services/auth/session/middleware.js:43:26)”,“hideStack”:false},“msg”:“Request made from incorrect origin. Expected ‘https://packetinspection.net’ received ‘http://packetinspection.net’.”,“time”:“2025-01-16T20:16:10.047Z”,“v”:0}

Thank you @Kevin and @Cathy_Sarisky for your suggestions and tips! I got it working, I think something about having double reverse proxies caused some issues (it shouldn’t in theory like double NAT). Having nginx in the path is redundant so I removed that and now things are working as I expect and I have regained access to the site.

Thank you!

1 Like