Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation: Admin redirects config and API access warning #20501

Open
1 task done
hazzuk opened this issue Jul 1, 2024 · 1 comment
Open
1 task done

Documentation: Admin redirects config and API access warning #20501

hazzuk opened this issue Jul 1, 2024 · 1 comment
Labels
Documentation P4 - Low

Comments

@hazzuk
Copy link

hazzuk commented Jul 1, 2024

Issue Summary

Having recently gone through self-hosting Ghost, I relied heavily on the docs 'Configuration' page. However I did encounter two issues in regards to the admin URL config, which could have been prevented with the following docs changes:

https://ghost.org/docs/config/#admin-url

  1. Document admin redirects configuration

It is possible to disable admin URL redirects (/ghost). Preventing users being redirected to the admin URL with the following configuration:

"admin": {
  "url": "http://example.com",
  "redirects": "false"
}

This is not currently documented.

Source

  1. Warn that the admin URL must remain publicly accessible (for API access)

Under configuration, you can change the admin URL. I used this to make the admin URL privately accessible for security. But I later realised this breaks Ghost's front-end.

You should also be aware that because Ghost’s APIs run from the admin URL it will always be publicly known because many of Ghosts functions (search, memberships, etc) work by using the API. That will also cause problems if you restrict access to it entirely.

Adding a warning like this would have prevented my confusion.

Source

Steps to Reproduce

N/A

Ghost Version

N/A

Node.js Version

N/A

How did you install Ghost?

N/A

Database type

Other

Browser & OS version

No response

Relevant log / error output

No response

Code of Conduct

  • I agree to be friendly and polite to people in this repository
@github-actions github-actions bot added the needs:triage [triage] this needs to be triaged by the Ghost team label Jul 1, 2024
@cmraible cmraible removed the needs:triage [triage] this needs to be triaged by the Ghost team label Jul 4, 2024
@techbabe23
Copy link

I'd like to work on this issue!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation P4 - Low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cmraible @hazzuk @techbabe23