From 81ba2a024772274a59d5d9a312fd49bd53887971 Mon Sep 17 00:00:00 2001 From: Robbie Davis Date: Wed, 17 Sep 2025 22:42:56 -0400 Subject: [PATCH 1/4] Adding necessary configs for activitypub --- ghost.subdomain.conf.sample | 22 +++++++++++++++++++++- ghost.subfolder.conf.sample | 3 ++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/ghost.subdomain.conf.sample b/ghost.subdomain.conf.sample index 20d718b16..bd69cfc5c 100644 --- a/ghost.subdomain.conf.sample +++ b/ghost.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/07/18 +## Version 2025/09/17 # make sure that your ghost container is named ghost # make sure that your dns has a cname set for ghost @@ -51,4 +51,24 @@ server { proxy_pass $upstream_proto://$upstream_app:$upstream_port; } + + location ~ /.ghost/activitypub/* { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + add_header X-Content-Type-Options "nosniff"; + proxy_ssl_server_name on; + proxy_pass https://ap.ghost.org; + } + + location ~ /.well-known/(webfinger|nodeinfo) { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + add_header X-Content-Type-Options "nosniff"; + proxy_ssl_server_name on; + proxy_pass https://ap.ghost.org; + } } diff --git a/ghost.subfolder.conf.sample b/ghost.subfolder.conf.sample index 5673ccc82..4e0883991 100644 --- a/ghost.subfolder.conf.sample +++ b/ghost.subfolder.conf.sample @@ -1,8 +1,9 @@ -## Version 2023/02/05 +## Version 2025/09/17 # make sure that your ghost container is named ghost # make sure that ghost is set to work with the base url /ghost/ # Make sure you are using a subfolder in your ghost config file. https://ghost.org/docs/concepts/config/#url # Note: /ghost/ is by default used for the admin page. See https://ghost.org/docs/concepts/config/#admin-url +# Note: Subfolder configuration does not support ActivityPub. See https://docs.ghost.org/update-major-version#get-activitypub-ready location /blog { # enable the next two lines for http auth From 99e66c664f9e469de155103ddc08ea71e33e8e72 Mon Sep 17 00:00:00 2001 From: Robbie Davis Date: Wed, 17 Sep 2025 22:47:44 -0400 Subject: [PATCH 2/4] Added note about usage limits --- ghost.subdomain.conf.sample | 1 + 1 file changed, 1 insertion(+) diff --git a/ghost.subdomain.conf.sample b/ghost.subdomain.conf.sample index bd69cfc5c..07695317f 100644 --- a/ghost.subdomain.conf.sample +++ b/ghost.subdomain.conf.sample @@ -1,6 +1,7 @@ ## Version 2025/09/17 # make sure that your ghost container is named ghost # make sure that your dns has a cname set for ghost +# Note: The Ghost(Pro) hosted ActivityPub Service (https://ap.ghost.org) has usage limits. See https://docs.ghost.org/install/docker#hosted-activitypub-usage-limits server { listen 443 ssl; From 600f86b2fe558f12b5cfd0746a3524c636aea5dc Mon Sep 17 00:00:00 2001 From: paroxy777 <65880457+paroxy777@users.noreply.github.com> Date: Mon, 1 Dec 2025 22:34:49 -0500 Subject: [PATCH 3/4] Create snippet-box.subdomain.conf.sample Sample config for snippet-box. https://github.com/pawelmalak/snippet-box --- snippet-box.subdomain.conf.sample | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 snippet-box.subdomain.conf.sample diff --git a/snippet-box.subdomain.conf.sample b/snippet-box.subdomain.conf.sample new file mode 100644 index 000000000..96af0a19d --- /dev/null +++ b/snippet-box.subdomain.conf.sample @@ -0,0 +1,55 @@ +## Version 2025/07/18 +# make sure that your snippet-box container is named snippet-box +# make sure that your dns has a cname set for snippet-box + +server { + listen 443 ssl; +# listen 443 quic; + listen [::]:443 ssl; +# listen [::]:443 quic; + + server_name paste.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth (requires ldap-location.conf in the location block) + #include /config/nginx/ldap-server.conf; + + # enable for Authelia (requires authelia-location.conf in the location block) + #include /config/nginx/authelia-server.conf; + + # enable for Authentik (requires authentik-location.conf in the location block) + #include /config/nginx/authentik-server.conf; + + # enable for Tinyauth (requires tinyauth-location.conf in the location block) + #include /config/nginx/tinyauth-server.conf; + + location / { + + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable for ldap auth (requires ldap-server.conf in the server block) + #include /config/nginx/ldap-location.conf; + + # enable for Authelia (requires authelia-server.conf in the server block) + #include /config/nginx/authelia-location.conf; + + # enable for Authentik (requires authentik-server.conf in the server block) + #include /config/nginx/authentik-location.conf; + + # enable for Tinyauth (requires tinyauth-server.conf in the server block) + #include /config/nginx/tinyauth-location.conf; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app snippet-box; + set $upstream_port 5000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} From 53e45886a9c865105ff0951333b875f8d94c87d8 Mon Sep 17 00:00:00 2001 From: paroxy777 <65880457+paroxy777@users.noreply.github.com> Date: Mon, 1 Dec 2025 22:53:51 -0500 Subject: [PATCH 4/4] Updated date --- snippet-box.subdomain.conf.sample | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snippet-box.subdomain.conf.sample b/snippet-box.subdomain.conf.sample index 96af0a19d..ebfc456f6 100644 --- a/snippet-box.subdomain.conf.sample +++ b/snippet-box.subdomain.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/07/18 +## Version 2025/12/01 # make sure that your snippet-box container is named snippet-box # make sure that your dns has a cname set for snippet-box @@ -8,7 +8,7 @@ server { listen [::]:443 ssl; # listen [::]:443 quic; - server_name paste.*; + server_name snippetbox.*; include /config/nginx/ssl.conf;