Documentation: Admin redirects config and API access warning

[hazzuk]

trafficstars

Issue Summary

Having recently gone through self-hosting Ghost, I relied heavily on the docs 'Configuration' page. However I did encounter two issues in regards to the admin URL config, which could have been prevented with the following docs changes:

https://ghost.org/docs/config/#admin-url

1. Document admin redirects configuration

It is possible to disable admin URL redirects (/ghost). Preventing users being redirected to the admin URL with the following configuration:

"admin": {
  "url": "http://example.com",
  "redirects": "false"
}

This is not currently documented.

Source

2. Warn that the admin URL must remain publicly accessible (for API access)

Under configuration, you can change the admin URL. I used this to make the admin URL privately accessible for security. But I later realised this breaks Ghost's front-end.

You should also be aware that because Ghost’s APIs run from the admin URL it will always be publicly known because many of Ghosts functions (search, memberships, etc) work by using the API. That will also cause problems if you restrict access to it entirely.

Adding a warning like this would have prevented my confusion.

Source

Steps to Reproduce

N/A

Ghost Version

N/A

Node.js Version

N/A

How did you install Ghost?

N/A

Database type

Other

Browser & OS version

No response

Relevant log / error output

No response

Code of Conduct

• [X] I agree to be friendly and polite to people in this repository

[techbabe23]

I'd like to work on this issue!

[ErisDS]

Thanks for the report - tracking this internally and will get it updated.