- What’s your URL? https://www.thedailydally.com
- What version of Ghost are you using? 3.36.0
And
- How was Ghost installed and configured? ghost-cli
- What Node version, database, OS & browser are you using? nodejs 12.19.0-deb-1nodesource1, mariadb-server 1:10.5.6+maria~focal, Ubuntu 20.04.1 LTS, Firefox 82
- What errors or information do you see in the console? No console errors - the browser reports either 502 Bad Gateway, or “The page isn’t redirecting properly” depending on the particular configuration I’m testing. “ghost log” reports entries like these:
[2020-10-29 15:45:08] INFO "GET /" 301 0ms
- What steps could someone else take to reproduce the issue you’re having?
I’m trying to set up Ghost behind a reverse proxy. The proxy server is doing the SSL termination and then it passes the request to the Ghost server via port 80 http. When Ghost is configured to use https in the URL, it throws the message shown above in the ghost log along with the browser reporting an issue with redirecting. If Ghost is configured to use http, then the site will load, but it will sometimes show broken encryption because some assets are showing up with http URLs instead of https. Does anything look incorrect here?
Reverse proxy configuration:
upstream tdd {
server 10.3.1.11;
}
server {
server_name www.thedailydally.com;
location / {
proxy_pass http://tdd;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/tdd.crt;
ssl_certificate_key /etc/nginx/ssl/tdd.key;
}
Ghost configuration:
{
"url": "https://www.thedailydally.com",
"server": {
"port": 2370,
"host": "127.0.0.1"
},
"database": {
"client": "mysql",
"connection": {
"host": "localhost",
"user": "ghost-254",
"password": "",
"database": "html_prod"
}
},
"mail": {
"transport": "Direct"
},
"logging": {
"transports": [
"file",
"stdout"
]
},
"process": "systemd",
"paths": {
"contentPath": "/var/www/www.thedailydally.com/html/content"
}
}
Nginx configuration on Ghost server:
server {
listen 80;
listen [::]:80;
server_name www.thedailydally.com;
root /var/www/www.thedailydally.com/html/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2370;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
I also noticed that when I changed the Ghost configuration from http to https, it changed the port, but did not update the nginx configuration to reflect this, so I had to manually edit the nginx configuration file after finding the errors in the nginx log.