Question
Trouble with ghost, nginx and ssl
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×Hi Sam,
I’ve just set up something similar to you, just thought I’d point out that you may run into issues with users hitting port 80 and getting errors because you’ve Strict-Transport-Security enabled.
Something like this might be a better option, redirecting all users from port 80 HTTP to port 443 HTTPS:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.example.com example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ipv6only=on;
server_name www.example.com example.com;
access_log /var/log/nginx/www.example.com.access.log;
error_log /var/log/nginx/www.example.com.error.log;
ssl_certificate /etc/nginx/ssl/www.example.com.chain.pem;
ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
location / {
proxy_pass http://localhost:2368;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
This will make sure all requests are 100% SSL 100% of the time :)