In the earlier post about securing your Ghost blog, I explained how to implement SSL and various security headers in your NGINX configuration to improve the overall security of your Raspberry Pi hosted Ghost blog.
However, if you want to backup your Ghost blog for disaster recovery reasons you may have noticed that when you try to export your configuration, you receive a "Network Failed" when trying to download the exported JSON file.
Thankfully, there is a simple fix!
Well, why wouldn't you backup your Ghost blog? After all, you have just spent a number of hours setting it up to run on your Raspberry Pi and hopefully started blogging. Surely if something went wrong you would want to be back up and running as quickly as possible?
I regularly export my Ghost configuration from the Ghost Labs section when I have logged in to the admin dashboard. I tend to create a backup before I upgrade Ghost, just in case I mess something up, or if the upgrade process doesn't go smoothly. However, I recently noticed that I could not do this as when I tried, I kept receiving a "Network Failed" message when I tried to export my configuration.
How to fix "Network Failed" error
Back in the post about securing your Ghost blog, I talked about using security headers in your NGINX configuration, specifically the following:
It turns out that one of the above,
X-Frame-Options, is responsible for the "Network Failed" error when trying to export your Ghost configuration.
Rather than completely disable the
add_header X-Frame-Options "DENY"; in our
ghost.conf file that NGINX uses, when you need to export your Ghost configuration, simply disable the option temporarily by commenting it out, so:
add_header X-Frame-Options "DENY";
#add_header X-Frame-Options "DENY";
Notice the # at the beginning - this is what we mean by "commenting it out".
CTRL+X) and save (
Y), then issue this final command to restart the NGINX service:
[email protected] ~ $ sudo service nginx restart
Update - 18/05/2017:
Thanks to another helpful comment from Matt Holdsworth, you can actually still provide security for your Ghost blog using the
X-Frame-Options, but instead of setting it to
DENY, you can simply set it to
SAMEORIGIN instead. According to Matt:
This still provides strong clickjacking protection but works fine for Ghost content+settings (Json file) backups. It means your site's content should only be rendered in a frame, iframe or object sourced from your own site origin.
So, the headers in the NGINX configuration file becomes:
add_header X-Frame-Options "SAMEORIGIN";
Thanks for the tip Matt!
Don't forget that this is only a temporary fix to resolve the "Network Failed" issue seen when trying to export your Ghost configuration when the
X-Frame-Options security header is in place. Once you have exported your configuration file, be sure to uncomment (i.e. remove the #) from your
ghost.conf file and restarted NGINX to re-secure your Ghost blog.
Subscribe to Ghost Pi
Get the latest posts delivered right to your inbox