SSL configured Ghost generates a few non-HTTPS links in the body


#1

Hey.
Im using version 2.10.1. with NGINX as reverse proxy. When opening a page in browser get notification about mixed content on the page. While looking at the source of the page I saw that some links werent generated with https. Namely:

<link rel="canonical" href="http://example.com/blog/" />

    "publisher": {
        "@type": "Organization",
        "name": "Example",
        "logo": "http://example.com/blog/content/images/2019/02/logo-green-1.png"
    }, 

My nginx config is as follows:

       location /blog/ {
           proxy_pass http://172.31.39.114:4000/blog/;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Host $host;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header Host $http_host;
        }

My ghost config is:

  "url": "http://example.com/blog",
  "urlSSL": "https://example.com/blog",
  "server": {
    "port": 2368,
    "host": "0.0.0.0"
  }

Weirdly, if i just use https link in “url” parameter, it breaks proxy pass, because after that i can’t even curl to ghost install on http, as it tries to redirect to https, which of course wouldn’t work.

Is there something Im missing? Thanks !


#2

You need to have Ghost configure nginx as it was previously done -

  1. ghost config set url https://example.com/blog

  2. ghost setup nginx

  3. ghost restart

The urlSSL configuration option does not exist:


#3

This isn’t an option for me, unfortunately. Ghost is installed on it’s own, separate instance and has no (and shouldn’t have, really) knowledge about our main reverse-proxy.

Can you, or anyone just point to me to an issue with my NGINX config ? As in, what exactly ghost-cli would do differently that would make it work right.


#4

Make sure check that your http config is redirecting to SSL, and check out the nginx tepate that the cli uses:


#5

Im not sure to which “http config” you’re referring to.

NGINX section for ghost is written in my first post and it’s exactly the same one as in the template, minus X-Real-IP header, which shouldn’t make a difference.
My ghost does work on https, the only issue is those few HTTP links in the header\body of the rendered page.
And I assume it’s because in my ghost config, i have URL written with http:

"url": "http://example.com/blog",

But if i switch it to https, it stops working at all even on it’s own, because now node server wants to serve content over https.

curl http://127.0.0.1:2368/blog
Moved Permanently. Redirecting to https://127.0.0.1:2368/blog/

#6

I think there were a couple of misunderstandings :slight_smile: Here’s a couple of things that should hopefully help:

  1. Your ghost url must be configured to https.
  2. If you don’t set the x-forwarded-proto header, the ghost instance will redirect you. That’s why you got a redirect with curl. If you access the site through nginx, you shouldn’t run into a redirect issue

#7

Oh… got it. x-forwarded-proto was what’s needed to make it work over HTTP internally.

Thanks, Vikas, that solved it.


closed #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.