Ghost on Ubuntu 17.04, SSL and Apache
This guide is for setting up a poduction version of Ghost on a VPS, it is not a guide for running Ghost locally or within a development environment.
Assumptions
This guide is for setting up a poduction version of Ghost on a VPS, it is not a guide for running Ghost locally or within a development environment.
Pre reqs:
- assuming a DO droplet running Ubuntu 17.04, min of 1GB
- assuming that https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04 & https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04 have been followed
Virtual hosts:
https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04
SSL:
Install Node/Ghost
It is assumed that NVM is not managing the node install on this server
Add the node 6 repository (current LTS version)
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash
Install node
sudo apt-get install -y nodejs
Install ghost-cli, -g for global (important)
sudo npm i -g ghost-cli
Change directory to the virtual host set up for the blog
(e.g. /var/www/blog.domain.co.uk/)
sudo mkdir ghost
sudo chown [user]:[user] ghost/
cd ghost/
ghost install
During install a number of prompts will ask for input, most are straightforward and don't require any further explanation:
When asked for the blog domain, enter the domain you configured the virtual host for with the https protocol specified. This will tell ghost to always manage connections to the blog over https.
When asked to set up nginx, select no as we're using Apache instead.
You might see an error saying that the install couldn't complete because the MySQL server is complaining that the password generated for the ghost sql user is not adequate, you'll need to
ghost uninstall
and disable the password validation module in order to complete the install (see https://stackoverflow.com/questions/36301100/how-do-i-turn-off-the-mysql-password-validation for help on how to do this)
You won't be able to access your ghost install yet, see next section
Configuring Apache to correctly deal with ghost
You should already have Apache configured to use SSL correctly but you'll need a few more mods enabled in order to get Apache working with ghost
a2enmod proxy_http
This will install the proxy and proxyhttp mods.
a2enmod rewrite
a2enmod headers
rewrite is required for rewrite engine rules that need to be added to the virtual hosts .conf file for the domain being worked with.
headers is required to prevent an infinite loop of redirects over https connections.
Restart apache
systemctl restart apache2.service
If you've configured ssl certs for the blog domain previous to starting this guide then you'll have two .conf files for the domain you're using, one for http and one for https.
http:
Make sure that the uncommented lines are included in the .conf file and substitue domain for the FQD.
<VirtualHost *:80>
ServerAdmin name@email.com
ServerName blog.domain.co.uk
#ServerAlias blog.domain.co.uk
#DocumentRoot /var/www/blog.domain.co.uk/public_html
#<Directory "/var/www/blog.domain.co.uk">
# Options FollowSymLinks
# AllowOverride All
# Order allow,deny
# Allow from all
#</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http://127.0.0.1:2368/
ProxyPreserveHost On
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
https:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin name@email.com
ServerName blog.domain.co.uk
#ServerAlias blog.domain.co.uk
#DocumentRoot /var/www/blog.domain.co.uk/public_html
#<Directory "/var/www/blog.domain.co.uk">
# Options FollowSymLinks
# AllowOverride All
# Order allow,deny
# Allow from all
#</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http://127.0.0.1:2368/
ProxyPreserveHost On
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/blog.domain.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/blog.domain.co.uk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
</IfModule>
Restart apache again and try browsing to domain ghost was installed under, you should see the blog load with some dummy content.
Go to blog.domain.co.uk/ghost to set up a user immediately before doing anything else.
You now have a working install of ghost running on an apache webserver!
If you wanted to install another instance of ghost on the same server, you can repeat the above steps but make sure to change the port number that ghost listens on to something else.