Potential Problems Securing a Ghost blog Using SSL and Nginx

This blog is hosted on Digital Ocean using the droplet imageUbuntu Ghost 0.8.0 on 14.04 (*UPDATE 7/22/2018: This is no longer true.) It uses nginx and an SSL certificate issued by Let's Encrypt to encrypt its data. While setting up the blog was easy (I just used Digital Ocean's dashboard to deploy the image mentioned above), installing the SSL certificate took a little more effort.

Thankfully, I found 2 excellent blog posts that explain how to do so:

These posts explain the process better than I can, so I won't repeat how to install a certificate here. However, I will share the solutions to 2 issues that cost me more time than I'm willing to admit.

1. Editing the Wrong Nginx Site File

You'll have to change the nginx configuration file for your site in order to ensure requests for your site are handled using the appropriate protocols.

The nginx config file for your site is in 2 places: /etc/nginx/sites-enabled/yoursiteand /etc/nginx/sites-available/. I recommend editing the file in sites-enabled. The file in sites-available will be automatically updated with any changes you make.

The sites-enabled directory should have at least 2 files: default and ghost. Edit ghost - your droplet treats your ghost installation as a site named ghost. This is why the directory that contains your site files is located at /var/www/ghost.

Editing defualt will not work. Nginx will only use default if the ghost file does not exist.

2. Not Restoring Ghost's Permissions After a Restart

If you stop or restart Ghost during this process, your site may break and return the error code 502 - Bad Gateway.

This is because Ghost's permissions have been reset, and it no longer has permission to access itself. You can resolve this by navigating to /var/www and running this command:

chown -R ghost:ghost *

That's it! I hope this post has helped save you some time.

Written by