samwu@SAMWU ~$ curl -v https://naizhao.com/                                                                                                                                                                               
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to naizhao.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=CN; ST=GuangDong; L=GuangZhou; O=Super, Inc.; OU=IT; CN=*.naizhao.com
*  start date: Jan  5 00:00:00 2020 GMT
*  expire date: Jan 12 12:00:00 2022 GMT
*  subjectAltName: host "naizhao.com" matched cert's "naizhao.com"
*  issuer: C=CN; O=TrustAsia Technologies, Inc.; CN=TrustAsia ECC OV TLS Pro CA G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fb6c2001400)
> GET / HTTP/2
> Host: naizhao.com
> User-Agent: curl/7.64.1
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 301 
< cache-control: public, max-age=31536000
< content-type: text/plain; charset=utf-8
< date: Fri, 31 Jan 2020 15:54:22 GMT
< location: https://naizhao.com/
< server: Caddy
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< vary: Accept, Accept-Encoding
< x-content-type-options: nosniff
< x-download-options: noopen
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-powered-by: Express
< x-robots-tag: none
< x-xss-protection: 1; mode=block
< content-length: 51
< 
* Connection #0 to host naizhao.com left intact
Moved Permanently. Redirecting to https://naizhao.com/* Closing connection 0
Ghost一直301重定向

这是因为Ghost的config.json配置了URL是https://xxx.xxx,但浏览器的header并没有正确传给后端。解决方法是在nginx或者caddy里面,加上X-Forwarded-Proto

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
Nginx.conf
        proxy / 127.0.0.1:2368 {
                transparent
        }
Caddyfile v1
        reverse_proxy {
                to 127.0.0.1:2368
                header_up Host {http.request.host}
                header_up X-Real-IP {http.request.remote}
                header_up X-Forwarded-For {http.request.remote}
                header_up X-Forwarded-Port {http.request.port}
                header_up X-Forwarded-Proto {http.request.scheme}
        }
Caddyfile v2