TryGhostOSS
    Ghost
    Fixed dev gateway forcing X-Forwarded-Proto https on ActivityPub routes no ref - the ActivityPub service derives its URLs — and whether it fetches Ghost's JWKS over http or https — from X-Forwarded-Proto (via x-forwarded-fetch's behindProxy), so hardcoding https broke plain http://localhost:2368 dev: the AP service tried to fetch the JWKS over TLS from a plain-http gateway and Ghost<->AP auth failed - the hardcode existed for the tunnel workflow (tailscale funnel / ngrok), where TLS terminates at the agent and everything reaches Caddy as http; trusted_proxies now covers that case instead — the agents inject X-Forwarded-Proto: https and connect from private ranges, so Caddy passes the header through untouched - this matches the AP repo's own dev nginx config, which maps X-Forwarded-Proto to https-if-claimed, otherwise http; the hardcode on these routes was a copy-paste artifact from the Ghost blocks - the Ghost-backend routes keep forcing https: Ghost builds URLs from config and only uses the header for redirect decisions, so the lie is harmless there and prevents redirect loops when url is configured as https
    nx run ghost:build:assets
Succeeded
CI Pipeline Execution

nx run ghost:build:assets

Click to copy
Linux
4 CPU cores
read-write access token used
31a02a9b29076

© 2026 - Nx Cloud

Terms of ServicePrivacy PolicyChangelogStatusDocsContact Nx CloudPricingCompany@NxDevTools