/ raspberry pi

Resolve "Network Failed" when exporting Ghost configuration

In the earlier post about securing your Ghost blog, I explained how to implement SSL and various security headers in your NGINX configuration to improve the overall security of your Raspberry Pi hosted Ghost blog.

However, if you want to backup your Ghost blog for disaster recovery reasons you may have noticed that when you try to export your configuration, you receive a "Network Failed" when trying to download the exported JSON file.

Thankfully, there is a simple fix!


Why backup?

Well, why wouldn't you backup your Ghost blog? After all, you have just spent a number of hours setting it up to run on your Raspberry Pi and hopefully started blogging. Surely if something went wrong you would want to be back up and running as quickly as possible?

I regularly export my Ghost configuration from the Ghost Labs section when I have logged in to the admin dashboard. I tend to create a backup before I upgrade Ghost, just in case I mess something up, or if the upgrade process doesn't go smoothly. However, I recently noticed that I could not do this as when I tried, I kept receiving a "Network Failed" message when I tried to export my configuration.

How to fix "Network Failed" error

Back in the post about securing your Ghost blog, I talked about using security headers in your NGINX configuration, specifically the following:

  1. X-XSS-Protection
  2. X-Frame-Options
  3. X-Content-Type-Options

It turns out that one of the above, X-Frame-Options, is responsible for the "Network Failed" error when trying to export your Ghost configuration.

Rather than completely disable the add_header X-Frame-Options "DENY"; in our ghost.conf file that NGINX uses, when you need to export your Ghost configuration, simply disable the option temporarily by commenting it out, so:

add_header X-Frame-Options "DENY";

Becomes:

#add_header X-Frame-Options "DENY";

Notice the # at the beginning - this is what we mean by "commenting it out".

Exit (CTRL+X) and save (Y), then issue this final command to restart the NGINX service:

sudo service nginx restart

Update - 18/05/2017:

Thanks to another helpful comment from Matt Holdsworth, you can actually still provide security for your Ghost blog using the X-Frame-Options, but instead of setting it to DENY, you can simply set it to SAMEORIGIN instead. According to Matt:

This still provides strong clickjacking protection but works fine for Ghost content+settings (Json file) backups. It means your site's content should only be rendered in a frame, iframe or object sourced from your own site origin.

Thanks for the tip Matt!


Final thoughts

Don't forget that this is only a temporary fix to resolve the "Network Failed" issue seen when trying to export your Ghost configuration when the X-Frame-Options security header is in place. Once you have exported your configuration file, be sure to uncomment (i.e. remove the #) from your ghost.conf file and restarted NGINX to re-secure your Ghost blog.

Wesley Archer

Wesley Archer

Digital Account Manager by day, and maker in his spare time. Also, a regular contributor to The MagPi Magazine for the Raspberry Pi Foundation.

Read More