修复 nginx + ghost 无限重定向

I remade my portfolio yesterday from scratch and got inspired…
Photo by Caspar Camille Rubin / Unsplash

由于配置 nginx 疏忽 , 导致网站管理后台提示 无限重定向 .
正确的配置至少要包含以下部分 .

location ^~ /ghost { # /ghost should be accessed securely
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header HOST $host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://127.0.0.1:2368;
}

最关键的是这一句

proxy_set_header X-Forwarded-Proto $scheme;

以下部分是我网站在用的反向代理 https nginx 配置文件 , 仅供参考 .

server
    {
        listen 80;
        #listen [::]:80;
        server_name ghost.qinan.co;
        #强制 301 跳转 , 再见 http
        return    301 https://$server_name$request_uri;
    }

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name ghost.qinan.co;
        charset utf-8;
        ssl_certificate /path/to/cert;
        ssl_certificate_key /path/to/cert.key;
        #自行生成 dhparam
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_session_timeout 1d;
        ssl_session_cache builtin:1000 shared:SSL:50m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";

        client_max_body_size 50m;

        # 拦截请求,直接返回上传的静态图片资源,缓存时间 1 个月
        location ^~ /content/images {
            alias /www/ghost.qinan.co/content/images;
            expires 1M;
            access_log off;
            add_header Cache-Control "public";
        }

        location ~ ^/(image|javascript|js|css|media|static)/ {
            proxy_pass http://127.0.0.1:2368;
           # root /www/ghost.qinan.co/web/static/;
            access_log off;
            expires 30d;
        }

        # 不缓存 ghost 核心文件(反向代理后台管理)
        location ^~ /ghost/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_pass http://127.0.0.1:2368;
        }

        # favicon
        location = /favicon.ico {
            root /www/ghost.qinan.co/core/shared;
            access_log off;
            log_not_found off;
            expires 30d;
        }

        # cache urls
        # 反向代理博客请求到服务端
        location / {
            proxy_cache_valid 200 60m;
            proxy_cache_bypass    $http_cache_control;
            proxy_redirect off;
            add_header X-Proxy-Cache $upstream_cache_status;
            proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
            # 后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
            proxy_set_header Host   $host;
            proxy_set_header X-Real-IP    $remote_addr;
            proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto    https;
            proxy_set_header X-Forwarded-Host    $host;
            proxy_pass http://127.0.0.1:2368;
            proxy_max_temp_file_size 0;
            proxy_connect_timeout 90;
            proxy_send_timeout 90;
            proxy_read_timeout 90;
            proxy_buffering off;
            proxy_temp_file_write_size 64k;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /var/logs/ghost.qinan.co.log;
        error_log  /var/logs/ghost.qinan.co.error.log;
    }

对应的网站目录修改为自己的配置目录即可 .

只是出现一个小问题 , 改完之后 ghost desktop 有两个页面直接 500 了 . 先凑合用这吧 .

comments powered by Disqus