Self-hosted Ghost behind NGINX proxy manager

I’m putting Ghost behind NGINX proxy manager. It works fine for viewing, but when I try to get to the admin panel ( https://www.DOMAIN.org/ghost ), it times out:

from access.log:

[17/Jun/2025:16:12:24 -0500] “POST /ghost/api/admin/session HTTP/1.1” 504 176 “https://www.DOMAIN.org/ghost/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:139.0) Gecko/20100101 Firefox/139.0”

from error.log:

2025/06/17 16:12:24 [error] 712102#712102: *20594 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.0.0.158, server: www.DOMAIN.org, request: “POST /ghost/api/admin/session HTTP/1.1”, upstream: “http://127.0.0.1:2368/ghost/api/admin/session”, host: “www.DOMAIN.org”, referrer: “https://www.DOMAIN.org/ghost/”

I haven’t changed anything in the regular NGINX configuration that serves the pages, and my NGINX proxy manager setup contains this setup in the Advanced tab:

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;

I should also note that ghost is running on a VM and not in docker.

Any ideas??

Have you checked your Ghost logs? My guess is that your transactional mail config is not set up correctly and so Ghost is timing out when attempting to send the 2FA code email when you log into the admin area from a new device.

There are some docs on mail config here, and if you search on the forum you’ll find many examples of people dealing with specific problems they ran into - e.g. DigitalOcean blocking SMTP ports.

In my case, when I try to log in the admin panel (when I didn’t configure mailgun), I’ve got a direct message Failed To Log In, please try again later. And When I click on the forgot button message was Failed to Send email link .
But here is time out. I think here is an another problem…

I “think” that all cookies should be passed through nginx proxy manager by default.

“message”: “Authorization failed”,
“context”: “"Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication."”,
“stack”: "NoPermissionError: Authorization failed\n at authorizeAdminApi

These are the headers from the log:

“headers”: {
“x-forwarded-for”: “2601:246:5d80:e090:24e8:215d:4009:3f87, 172.69.17.200, 10.0.0.158”,
“x-forwarded-proto”: “http”,
“x-real-ip”: “10.0.0.158”,
“host”: “www.DOMAIN.org”,
“connection”: “close”,
“x-forwarded-scheme”: “https”,
“cf-ray”: “951b0fbe586af32d-ORD”,
“app-pragma”: “no-cache”,
“accept-encoding”: “gzip, br”,
“cdn-loop”: “cloudflare; loops=1”,
“sec-fetch-site”: “same-origin”,
“sec-fetch-mode”: “cors”,
“cf-visitor”: “{"scheme":"https"}”,
“sec-fetch-dest”: “empty”,
“referer”: “https://www.DOMAIN.org/ghost/”,
“cf-connecting-ip”: “2601:246:5d80:e090:24e8:215d:4009:3f87”,
“cf-ipcountry”: “US”,
“alt-used”: “www.DOMAIN.org”,
“x-requested-with”: “XMLHttpRequest”,
“user-agent”: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:139.0) Gecko/20100101 Firefox/139.0”,
“accept”: “application/json, text/javascript, /; q=0.01”,
“accept-language”: “en-US,en;q=0.5”,
“content-type”: “application/json; charset=UTF-8”,
“x-ghost-version”: “5.119”,
“cookie”: “REDACTED”
},
“query”: {
“include”: “roles”
}

This was it. I setup mail and was sent the 2FA and logged on fine. THANKS!!!

Again same problem. Would be great if during installation ghost on self-host have option something like “configure transaction e-mail now or later”. Or just small remind option.