2 Potential Problems Securing a Ghost blog Using SSL and Nginx
This blog is hosted on Digital Ocean using the droplet imageUbuntu Ghost 0.8.0 on 14.04 It uses nginx and an SSL certificate issued by Let's Encrypt to encrypt its data. While setting up the blog was easy (I just used Digital Ocean's dashboard to deploy the image mentioned above), installing the SSL certificate took a little more effort.
Thankfully, I found 2 excellent blog posts that explain how to do so:
-
How To Secure Nginx with Let's Encrypt on Ubuntu 14.04, by Mitchell Anicas
-
SSL support for your ghost blog, by Marcus Kofler
These posts explain the process better than I can, so I won't repeat how to install a certificate here. However, I will share the solutions to 2 issues that cost me more time than I'm willing to admit.
1. Editing the Wrong Nginx Site File
You'll have to change the nginx configuration file for your site in order to ensure requests for your site are handled using the appropriate protocols.
The nginx config file for your site is in 2 places: /etc/nginx/sites-enabled/yoursite
and /etc/nginx/sites-available/
. I recommend editing the file in sites-enabled
. The file in sites-available
will be automatically updated with any changes you make.
The sites-enabled
directory should have at least 2 files: default
and ghost
. Edit ghost
- your droplet treats your ghost installation as a site named ghost. This is why the directory that contains your site files is located at /var/www/ghost
.
Editing defualt
will not work. Nginx will only use default
if the ghost
file does not exist.
2. Not Restoring Ghost's Permissions After a Restart
If you stop or restart Ghost during this process, your site may break and return the error code 502 - Bad Gateway.
This is because Ghost's permissions have been reset, and it no longer has permission to access itself. You can resolve this by navigating to /var/www
and running this command:
chown -R ghost:ghost *
That's it! I hope this post has helped save you some time.