Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Ghost blog with SSL on azure - the correct way

$
0
0

My blog is hosted on Azure Web Pages. A few months ago I decided to use SSL on it because I can get a free SSL certificate from "Let's Encrypt" website .

Change URL in config

Simple change URL in config.js generates the following error:

Too many redirects Why? As you probably know, Ghost is a node.js app. Azure IIS, in this case, is a reverse proxy server. It is working on localhost with http . Moreover, Ghost has the build-in check for SSL. But it doesn't know anything about the reverse proxy. And it checks http://127.0.0.1:[process.env.PORT] instead of https://stapp.space in my case. Bad fix

When first time I had above error. I found a simple fix: rewrite all URL in the web.config from http to https . And it was working like a charm. The rule was more or less like below:

<rule name="ForceSSL" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule>

But this ends with bellow problems:

my web page generates all URLs starting with http . So almost every user click was redirected without a reason. on RRS feed I had the same problem. Firefox shows warnings on my page only because of above Searching

On Google search, I found Tom SSL blog with an article about this problem . But he suggests changing a function inside Ghost. This function is function isSSLrequired(isAdmin) .

After applying this solution, on every Ghost upgrade, I will have to remember about above fix. No way.

Then, I found the second solution. But it applies only to NGIX and Apache: https://github.com/TryGhost/Ghost/issues/2796

And this gave me a clue.

Good fix

To add the X-Forwarded-Proto header in IIS configuration, I need one line in iisnode.yml :

enableXFF: true

The iisnode.yml file is side by side with web.config.

Now put correct URL in your config.js . Restart web page and it is working like a charm.

p.s.You can also follow me on Twitter , where I can share a variety of good information on entrepreneurship and technology with you.


Viewing all articles
Browse latest Browse all 12749

Trending Articles