Resolve "Network Failed" when exporting Ghost configuration

In the earlier post about securing your Ghost blog, I explained how to implement SSL and various security headers in your NGINX configuration to improve the overall security of your Raspberry Pi hosted Ghost blog.

However, if you want to backup your Ghost blog for disaster recovery reasons you may have noticed that when you try to export your configuration, you receive a "Network Failed" when trying to download the exported JSON file.

Thankfully, there is a simple fix!


Why backup?

Well, why wouldn't you backup your Ghost blog? After all, you have just spent a number of hours setting it up to run on your Raspberry Pi and hopefully started blogging. Surely if something went wrong you would want to be back up and running as quickly as possible?

I regularly export my Ghost configuration from the Ghost Labs section when I have logged in to the admin dashboard. I tend to create a backup before I upgrade Ghost, just in case I mess something up, or if the upgrade process doesn't go smoothly. However, I recently noticed that I could not do this as when I tried, I kept receiving a "Network Failed" message when I tried to export my configuration.

How to fix "Network Failed" error

Back in the post about securing your Ghost blog, I talked about using security headers in your NGINX configuration, specifically the following:

  1. X-XSS-Protection
  2. X-Frame-Options
  3. X-Content-Type-Options

It turns out that one of the above, X-Frame-Options, is responsible for the "Network Failed" error when trying to export your Ghost configuration.

Rather than completely disable the add_header X-Frame-Options "DENY"; in our ghost.conf file that NGINX uses, when you need to export your Ghost configuration, simply disable the option temporarily by commenting it out, so:

add_header X-Frame-Options "DENY";

Becomes:

#add_header X-Frame-Options "DENY";

Notice the # at the beginning - this is what we mean by "commenting it out".

Exit (CTRL+X) and save (Y), then issue this final command to restart the NGINX service:

boo@ghostpi ~ $ sudo service nginx restart

Update - 18/05/2017:

Thanks to another helpful comment from Matt Holdsworth, you can actually still provide security for your Ghost blog using the X-Frame-Options, but instead of setting it to DENY, you can simply set it to SAMEORIGIN instead. According to Matt:

This still provides strong clickjacking protection but works fine for Ghost content+settings (Json file) backups. It means your site's content should only be rendered in a frame, iframe or object sourced from your own site origin.

So, the headers in the NGINX configuration file becomes:

add_header X-Frame-Options "SAMEORIGIN";

Thanks for the tip Matt!


Final thoughts

Don't forget that this is only a temporary fix to resolve the "Network Failed" issue seen when trying to export your Ghost configuration when the X-Frame-Options security header is in place. Once you have exported your configuration file, be sure to uncomment (i.e. remove the #) from your ghost.conf file and restarted NGINX to re-secure your Ghost blog.


If you found this guide, as well as any other guides on Ghost Pi helpful, then if you wanted to buy Ghost Pi a coffee to show your support, then that would be greatly appreciated! As this site does not use any form of adverts, all the costs for running and maintaining the blog are done voluntarily so any extra would be fantastic!