My blog is hosted on Azure Web Pages. A few months ago I decided to use SSL on it because I can get a free SSL certificate from "Let's Encrypt" website.
Change URL in config
Simple change URL in config.js generates the following error:
Too many redirects
Why?
As you probably know, Ghost is a node.js app. Azure IIS, in this case, is a reverse proxy server. It is working on localhost with http. Moreover, Ghost has the build-in check for SSL. But it doesn't know anything about the reverse proxy. And it checks http://127.0.0.1:[process.env.PORT] instead of https://stapp.space in my case.
Bad fix
When first time I had above error. I found a simple fix: rewrite all URL in the web.config from http to https. And it was working like a charm. The rule was more or less like below:
<rule name="ForceSSL" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
But this ends with bellow problems:
- my web page generates all URLs starting with
http. So almost every user click was redirected without a reason. - on RRS feed I had the same problem.
- Firefox shows warnings on my page only because of above
Searching
On Google search, I found Tom SSL blog with an article about this problem. But he suggests changing a function inside Ghost. This function is function isSSLrequired(isAdmin).
After applying this solution, on every Ghost upgrade, I will have to remember about above fix. No way.
Then, I found the second solution. But it applies only to NGIX and Apache: https://github.com/TryGhost/Ghost/issues/2796
And this gave me a clue.
Good fix
To add the X-Forwarded-Proto header in IIS configuration, I need one line in iisnode.yml:
enableXFF: true
The iisnode.yml file is side by side with web.config.
Now put correct URL in your config.js. Restart web page and it is working like a charm.