TryGhost
OSS
Ghost
Fixed dev gateway forcing X-Forwarded-Proto https on ActivityPub routes no ref - the ActivityPub service derives its URLs — and whether it fetches Ghost's JWKS over http or https — from X-Forwarded-Proto (via x-forwarded-fetch's behindProxy), so hardcoding https broke plain http://localhost:2368 dev: the AP service tried to fetch the JWKS over TLS from a plain-http gateway and Ghost<->AP auth failed - the hardcode existed for the tunnel workflow (tailscale funnel / ngrok), where TLS terminates at the agent and everything reaches Caddy as http; trusted_proxies now covers that case instead — the agents inject X-Forwarded-Proto: https and connect from private ranges, so Caddy passes the header through untouched - this matches the AP repo's own dev nginx config, which maps X-Forwarded-Proto to https-if-claimed, otherwise http; the hardcode on these routes was a copy-paste artifact from the Ghost blocks - the Ghost-backend routes keep forcing https: Ghost builds URLs from config and only uses the header for redirect decisions, so the lie is harmless there and prevents redirect loops when url is configured as https
nx run ghost:build:assets
Sign in / Sign up
Open main menu
Succeeded
CI Pipeline Execution
nx run ghost:build:assets
Click to copy
Linux
4 CPU cores
read-write
access token used
31a02a9b
29076