Ghost logo

Ghost on IIS with HTTPS, how to resolve a “Too many redirects” error

When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.

IIS acts as a reverse proxy for Node.js

The most important thing I forgot is that IIS acts as a reverse proxy for Node.js web applications when you install iisnode. I had my SSL certificate set up in IIS, put my HTTP to HTTP redirect in place and updated my Ghost url: and server: production environment config in config.js, I changed http to https.

Assuming all was correct and in place, I recycled my application pool, which is necessary for Ghost config changes, and refreshed my browser. Only to find an error HTTP 310 Too many redirects… Darn!

Here is how to resolve the “too many redirects” error in Ghost on IIS

TL;DR, read this blog post to find the answer.

Undoing my config.js changes, the problem went away. Googling on the “HTTP 310 Too many redirects” error, I found the above mentioned blog post, and all pieces came together falling into place:

IIS acts as a reverse proxy through iisnode for the Node.js web applications. Node.js runs its own HTTP web server on localhost. Doh! How could I forget… Anyway, create an iisnode.yml file in your web root (or edit the file if it exists), and add (or change):

enableXFF: trueCode language: YAML (yaml)


The enableXFF setting controls whether iisnode adds or modifies the X-Forwarded-For request HTTP header with the IP address of the remote host. After recycling your application pool, Ghost runs on HTTPS / port 443 in Node.js without problems. You can find more iisnode configuration settings in iisnode’s web.config

This means you don’t have to create an iisnode.yml file if it doesn’t exist. Make your change in the web.config file:

/>Code language: HTML, XML (xml)

Jan Reilink

Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely an application manager / systems administrator, doing my daily thing at Embrace - The Human Cloud. In the past I worked for clidn and Vevida. With over 20 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization. I blog at