I'm deploying Ghost (0.7.6) in a VPS using Nginx (1.8.1). To make the dashboard and sign-in page secure, I force any request to use HTTPS when accessing such pages (such as /ghost
page). But, for any request to any other page (such as accessing the Ghost blog itself) I want to force it to use HTTP. Ghost is up listening on 127.0.0.1:2368
.
Strangely, the result is not as what I expected: Every time I access my blog (let's say the url is ab
), it says that my site has ERR_TOO_MANY_REDIRECTS
and it redirects between http://ab
and https://ab
(or between http://ab/signin
and https://ab/signin
). BUT, when I access the admin dashboard ( https://ab/ghost
or http://ab/ghost
), it acts as expected (no error, correctly redirects to use HTTPS).
Any help?
My Nginx configuration:
# Configuration for http://a.b
server {
listen 80;
server_name a.b;
location ^~ /ghost { # /ghost should be accessed securely
return 301 https://$host$request_uri;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2368;
}
}
# Configuration for http://a.b
server {
listen 443 ssl;
server_name a.b;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers '...';
location ^~ /ghost { # /ghost should be accessed securely
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2368;
}
location / { # Force to use HTTP
return 301 http://$host$request_uri;
}
}
Any kind of help would be appreciated :')
https://github.com/TryGhost/Ghost/issues/2796
location ^~ /ghost { # /ghost should be accessed securely
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2368;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.