TryGhost
OSS
Ghost
Sign in / Sign up
Open main menu
Ghost
GitHub
Overview
Runs
Analytics
Loading workspace stats
Loading workspace insights...
Statistics interval
7 days
30 days
Latest CI Pipeline Executions
Status
Fix filter
Filter
Fuzzy
Filter range
Sort by
Sort by
Start time
Sort ascending
Sort descending
Succeeded
29076
816d68ab Fixed dev gateway forcing X-Forwarded-Proto https on ActivityPub routes no ref - the ActivityPub service derives its URLs — and whether it fetches Ghost's JWKS over http or https — from X-Forwarded-Proto (via x-forwarded-fetch's behindProxy), so hardcoding https broke plain http://localhost:2368 dev: the AP service tried to fetch the JWKS over TLS from a plain-http gateway and Ghost<->AP auth failed - the hardcode existed for the tunnel workflow (tailscale funnel / ngrok), where TLS terminates at the agent and everything reaches Caddy as http; trusted_proxies now covers that case instead — the agents inject X-Forwarded-Proto: https and connect from private ranges, so Caddy passes the header through untouched - this matches the AP repo's own dev nginx config, which maps X-Forwarded-Proto to https-if-claimed, otherwise http; the hardcode on these routes was a copy-paste artifact from the Ghost blocks - the Ghost-backend routes keep forcing https: Ghost builds URLs from config and only uses the header for redirect decisions, so the lie is harmless there and prevents redirect loops when url is configured as https
by Steve Larson
S
Previous page
Previous
Next
Next page