Run Ghost without Nginx but with Cloudfront and HTTPS

If you are trying to set Ghost behind Cloudfront but without Nginx you are probably facing the too_many_redirects issue.

The problem relays on Cloudfront not sending X-Forward-Proto, it sends Cloudfront-Forward-Proto, which Ghost doesn’t support.

The solution (as a patch) for now it’s to create a middleware in the express configuration to copy Cloudfront-Forward-Proto to X-Forward-Proto.
In current/index.js you can add this middleware after the sentry setup:


/* this horrible hack */
parentApp.use(function(req, res, next) {
    req.headers = {...req.headers, 'x-forwarded-proto': req.headers['cloudfront-forwarded-proto']}
/* end of this horrible hack */

debug('Initialising Ghost');

This is far from a nice solution but it does the job, I’ll check to fork Ghost and add the option to be able to set the source of the protocol from the config.env.json but I don’t think it’s going to be accepted as a merge.

Hope this helps anyone, I saw some old posts about this without a clear solution, just some replies like “don’t use cloudfront” or “add an nginx in the middle” which I wanted to avoid.