Comments (10)
@habnai Thanks for the report. Are you using ModSecurity or Naxsi? Please post the relevant lines in your /opt/nginx/logs/error.log
.
from setup-ghost-blog.
hi, i am using ModSecurity this is the log
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^PRUM_EPISODES/']
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Trying to append variable name [ARGS] value [token]
2016/09/11 15:08:57 [info] 2258#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity for nginx (STABLE)/2.9.0 (http://www.modsecurity.org/) configured.
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: PCRE compiled version="8.35 "; loaded version="8.35 2014-04-04"
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: LIBXML compiled version="2.9.1"
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^PRUM_EPISODES/']
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0: ModSecurity: Successfully appended variable
from setup-ghost-blog.
@habnai Your log looks normal. Sorry I am traveling and cannot look into this further today.
from setup-ghost-blog.
no problem i will try to find whats the problem and give you note. good travel :)
from setup-ghost-blog.
Hi i think i found the problem its in nginx config i removed proxy_set_header X-Forwarded-Proto $scheme;
nginx-modsecurity-include.conf, and from naxsi also, i tested it after and all worked good with https and with http so i dont know why exacly this make error.
from setup-ghost-blog.
@habnai First, thank you for finding the problem and contributing with your pull request.
This line in the Nginx config file, proxy_set_header X-Forwarded-Proto $scheme;
is required so that Ghost blog can learn whether the user is visiting via HTTP or HTTPS. This could avoid "redirect loops" when Ghost blog is set to force HTTPS. Please refer to TryGhost/Ghost#2796.
Therefore generally I don't think removing that line is a good idea, although it does seems to help for your use case.
from setup-ghost-blog.
Hi, you have right,i back it and keep looking for the problem.
from setup-ghost-blog.
@habnai Thank you. I think as long as the workaround works fine for you and you don't force HTTPS, feel free to continue using it. I don't want to take too much of your time on this : )
from setup-ghost-blog.
I dont like workaround somthing :),i like it clear i use https for all blog ,just for this issue maybe its bug in ghost.i Will see and Good work
from setup-ghost-blog.
@habnai After further troubleshooting, the underlying cause of this issue has been identified. It is solely caused by the caching of HTTP 302 reponses in the Nginx configuration. For password-protected blogs, visiting the blog home page will be redirected (302) to "/private" for authentication. After that the user is redirected back (302) to the home page. However, because there is an existing 302 redirect cached for the home page, a redirect loop is created.
To resolve this issue, simply edit all Nginx config files and replace this line proxy_cache_valid 200 302 10m;
with proxy_cache_valid 200 10m;
. Or you may run these commands:
sed -i "s/proxy_cache_valid 200 302 10m;/proxy_cache_valid 200 10m;/" /opt/nginx/conf/nginx*.conf
service nginx restart
No other changes to the Nginx config files are required. You can revert the proxy_set_header X-Forwarded-Proto
change if needed.
from setup-ghost-blog.
Related Issues (14)
- multiblog not working HOT 6
- naxsi error when change password HOT 3
- 一些短字符域名,例如1w.nz,无法作为绑定域名进行脚本安装 HOT 2
- please add LetsEncrypt & HOT 1
- 关于 Ghost 版本更新的问题 HOT 1
- I can't find the path of nginx conf. HOT 1
- 这个ghost 默认是安装到哪个路径? HOT 2
- Restart not working HOT 1
- Is there any plan to support the Ghost version 1.0.0 ? HOT 1
- 老师,我不要域名,直接IP...这个怎么弄 HOT 1
- 能否增加对centos的支持呢 HOT 1
- failed (13: Permission denied), HOT 1
- Transaction check error conflicts HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from setup-ghost-blog.