When using nginx reverse proxy HTTPS, the URL is: https://ghost.xxx.net Email sending will report an error failure

When using nginx reverse proxy HTTPS, the URL is: https://ghost.xxx.net
Email sending will report an error failure.
ERROR Failed to send email. Reason: Mail command failed: 436 “MAIL FROM” does not conform with authentication [@ sm060104] (Authentic Account)

The same email configuration, when I use URL: http://ip:2368 The sending was successful

nginx config:
server {
listen 443 ssl;

server_name ghost.xxxx.net;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_certificate  /etc/nginx/cert/xxxx.pem;
ssl_certificate_key /etc/nginx/cert/xxx.key;


location ^~ / {
    #proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_pass http://192.168.10.10:2368;
}

What mail server have you configured? Is there anything in its logs?

Mail delivery has nothing to do with Nginx configuratiin. Please share you transactional mail settings from the Ghist config file.

However, the message suggests mail authentication failed. This could be as simple as userid / password error or mail configuration.

Without details, we’re guessing.

I used the same email configuration, and the error only occurs when replacing the URL with a domain name. Here is my configuration:
{
“url”: “https://ghost.smartorders.net”,
“server”: {
“port”: 2368,
“host”: “::”
},
“mail”: {
“from”: “no-reply@smartorders.net”,
“transport”: “SMTP”,
“options”: {
“host”: “email-smtp.ap-northeast-1.amazonaws.com”,
“port”: 465,
“service”: “SES”,
“auth”: {
“user”: “userID”,
“pass”: “mypassword”
}
}
},
“logging”: {
“transports”: [
“file”,
“stdout”
]
},
“process”: “systemd”,
“paths”: {
“contentPath”: “/var/lib/ghost/content”
}
}

Deploy using Docker, version Ghost: 5.91.0

Your configuration file is strange.
If you are using Docker, you should configure with docker-compose.yml, not config.development.json.
Did you run two ghost instances? One from ghost-cli, another from ghost docker image?

You can refer tthis doc for more ghost docker configuration details: https://hub.docker.com/_/ghost

OK,I modified the docker-compose.yml file to start and commented out the startup with # on the URL.
I also used the latest image.
When I use the domain name, the email still displays the same error message as shown above: Reason: Mail command failed: 436 “MAIL FROM” does not conform with authentication [@ sm060104].
I changed the url: http://192.168.16.27:2368 ==> #url: https://ghost.smartorders.net,
Email can be used normally

#docker-compose.yml
version: “3.3”
services:
ghost:
image: ghost:5.93.0
container_name: ghost
network_mode: “host”
restart: always
logging:
driver: “json-file”
options:
max-size: “1m”
max-file: “1”
volumes:
- ${work_dir}/data/ghost/data:/var/lib/ghost/content
env_file:
- ./common/common.env
environment:
LANG: en_US.UTF-8
database__connection__filename: ‘/var/lib/ghost/content/data/ghost.db’
url: https://ghost.smartorders.net
#url: http://192.168.16.27:2368
NODE_ENV: production
database__client: mysql
database__connection__host: 127.0.0.1
database__connection__user: root
database__connection__password: ${mysqlPass}
database__connection__database: ghost
mail__from: ${mailFrom}
mail__transport: SMTP
mail__options__host: ${mailHost}
mail__options__port: 465
mail__options__auth__user: ${mailAuthUser}
mail__options__auth__pass: ${mailAuthPass}
mail__options__secure_connection: ‘true’

You don’t need port mapping in docker-compose.yml, and your Ghost still can run?

When you start the Ghost instance, what command do you use: ghost start or docker compose ...

After trying to send emails many times, I only get an error when subscribing. I can send test emails normally in the “https://ghost.smartorders.net/ghost” backend. Is it a problem with my configuration?

I am using network_made: ‘host’, using the host port, which can be accessed. Currently, I have found an error message when sending emails to subscribe

“mail__options_service” is not set

I don’t know how to set the type of mail__options_service on Alibaba Cloud, but when I don’t set it, I use url: http://ip:port At that time, emails can also be sent normally. So I think this configuration has nothing to do with the domain name?

You wrote “service:SES” in config.production.json, and you just need to migrate it to docker-compose.yml, otherwise Ghost uses its default mail service.

It would be an nginx conf issue.
add_header ‘Referrer-Policy’ ‘same-origin’;

I tried, but it didn’t solve the problem

This issue only occurs when using domain access, subscription cannot send emails, and no configuration changes have been made in the URL: https://domain/ghost Email will be sent normally during registration

Try Ghost(Pro) for 9 dollars. Its very hard to make Ghost self-hosted works , digitalocean droplet is good too(5$ and so on). I am running a Ghost blog on a Raspberry pi but just made It following a tutorial, i am not a geek.

Maybe it’s the Nginx configuration? This is the biggest difference between accessing via IP and domain access.