Problems uploading content with Ghost + Docker + Nginx/Apache proxy_pass

Hi all,

Just recently I moved from Wordpress to Ghost for a little blog that I made.
So far I like pretty much everything about Ghost. I just have an issue that drives me crazy.

Any upload in Ghost Admin fails with nginx & proxy_pass

This is my setup:

I run Ghost in Docker on a Debian 10 host. Port 2368 of the Ghost container is exposed on port 3001 of the docker host.
In a second container I run a nginx with modsecurity. Ports 80 & 443 exposed and using proxy_pass i forward traffic to Ghost.

Everything works perfectly fine except uploads in Gohst admin. It doesn’t matter if i try to upload a theme or a picture, all uploads fail.
When I do the same directly connecting to the ghost container on port 3001 everything, even uploads work well.

  • What’s your URL? This is the easiest way for others to debug your issue
    Currently not reachable from the internet.

  • What version of Ghost are you using?
    3.17.1

  • What configuration?

Here’s my nginx conf
etc/nginx/conf.d# more ghost.conf
upstream ghost_upstream {
server ghost:3001;
keepalive 64;
}

server {
listen 80;
server_name myserver;

    client_max_body_size 0;
    chunked_transfer_encoding on;

location / {

		proxy_http_version 1.1;
		proxy_set_header X-Accel-Buffering: no;
        proxy_ignore_headers        Cache-Control;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $host:$proxy_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 900;
        proxy_redirect off;

    proxy_pass http://ghost:3001;

}

}

Here’s how i run docker:
docker run -d --restart unless-stopped --name ghost01 -e url=http://www.myserver.com -v /var/lib/docker/extvol/ghost01/var/lib/ghost/content:/var/lib/ghost/content -p 3001:2368 ghost

In the nginx error.log I find:
2020/05/28 12:23:16 [info] 44#44: *89 recv() failed (104: Connection reset by peer), client: 192.168.1.179, server: foodblog.life, request: “POST /ghost/api/v3/admin/images/upload/ HTTP/1.1”, host: “myserver”, referrer: “myserver/ghost/”

  • What steps could someone else take to reproduce the issue you’re having?
    I tried different run options for both containers, different configs and options for nginx and Apache proxy_pass, different Browsers etc…I tried out Nginx and Apache, but i keep getting the same error with Nginx and with Apache.

Any help is very much appreciated.
Thanks
Sid

FYI: i had to delete/modify all the info that looked like a link otherwhise this forum wouldn’t let me post a message as a new user. So basically just ignore almost everything that looks like a URL in my post…its not reflecting the reality.

The reason was a firewall between the browser and the ngnix/ghost server. IPS detected a “command injection”