Setup self signed SSL certificate for ghost blog on Nginx

by

In this post, we will learn how to setup self signed SSL certificate for ghost blog on Nginx . In our previous posts, we have written post on “setting ghost on nginx to serve at HTTP / Port 80” .

Recommended reading before starting to setup self signed SSL certificate for ghost blog on Nginx

Description of our ghost server setup

Server Information Detail
Operating System Ubuntu 14.04 LTS server
Arch x86_64
Ghost Installation Directory /opt/ghost
Nginx Configuration File /etc/nginx
IP Address of Ghost server 192.168.122.185

Two scenarios of HTTPS with Nginx to run ghost blog

Scenario 1. Ghost blog running on both – HTTP and HTTPS
Scenario 2. Ghost blog running on HTTPS only.

Generate self signed SSL certificate

First we have to generate the self signed SSL certificate. Follow the given below steps.

Step 1. Install OpenSSL

sudo apt-get install openssl

Step 2. Create directory for keeping SSL certificates

mkdir -p /etc/nginx/sslcerts/

Generate Self Signed SSL Certificate with SHA2

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout /etc/nginx/sslcerts/ghost.key -out /etc/nginx/sslcerts/ghost.crt

You will get series of questions, type answers of each question. See the given below example –
SSL Ghost image

Now as we have discussed above about two scenarios, we will discuss one by one here.
You should select only one scenario which is best suited with your requirement. I hope it is very well addressed and should not have any confusion.

Ghost blog running on both – HTTP and HTTPS

Open your file editor and edit the ghost nginx configuration . In our setup it is /etc/nginx/sites-enabled/sharadchhetri . Kindly look for your ghost nginx configuration file.

server {
    listen 80;
    ### Add this new line for HTTPS
    listen 443 ssl;

    ### Replace sharadchhetri.com with your DOMAIN NAME
    server_name sharadchhetri.com www.sharadchhetri.com;

    ### setup the SSL certificates
    ssl_certificate        /etc/nginx/sslcerts/ghost.crt;
    ssl_certificate_key    /etc/nginx/sslcerts/ghost.key;

     location / {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-Proto $scheme;

### Replace 192.168.122.185 with your ghost server ip address on which it is listening 2368 port ##
      proxy_pass http://192.168.122.185:2368;
        
     }
 }

Restart the nginx service.

sudo service nginx restart

Now you can check your blog URL by opening with HTTP and HTTPS in your web browser. For example-

For HTTP:
http://example.com
or
http://www.example.com

For HTTPS:
https://example.com
or
https://www.example.com

Ghost blog running on HTTPS only

Do the settings in your ghost nginx configuration. You can clearly observe in our configuration, we have separated the HTTP and HTTP block. (This is done because of “HTTPS redirect loop error”)

Whenever request come to port HTTP , it will redirect to HTTPS. Hence, visitors will landed only to HTTPS URL of the blog.

Use the file editor and edit your ghost nginx configuration which you are using in your setup. In our ghost setup it is /etc/nginx/sites-enabled/sharadchhetri .


### START OF BLOCK : HTTP Setup
server {

listen 80;

## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;

## Redirect HTTP to HTTPS  
return 301 https://$host$request_uri;

}

### END OF BLOCK : HTTP Setup

##############################################

### START OF BLOCK : HTTPS Setup

server {

### To listen port on HTTPS/ port 443
listen 443 ssl;

## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;

######### SSL Certificates ##########
ssl_certificate        /etc/nginx/sslcerts/ghost.crt;
ssl_certificate_key    /etc/nginx/sslcerts/ghost.key;

### Start Of Block: Proxy Settings for Ghost Blog
location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $http_host;

    ## Replace 192.168.122.185 with your ghost server ip address # 2368 is default port no.
    proxy_pass         http://192.168.122.185:2368;
     
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
}

### End Of Block: Proxy settings for Ghost Blog

}

### END OF BLOCK : HTTPS Setup

Now at the end Restart the nginx service

sudo service nginx restart

Check your blog URL by opening with HTTP your web browser. It will redirect to HTTPS url of your blog. Obviously, if you open with HTTPS url, it will remain same with https:// .

You can use same nginx configuration setup with your DV/EV/UCC kind of SSL certificates which you obtained from your domain registrar.

Know about more, how to create DV SSL Certificate and approve from CA authority . This tutorial will help you to understand how to get DV SSL certificate from domain registrar like namecheap.

ghost https ssl image

Related posts:

  1. Setup Owncloud 6 with self signed SSL certificate on Ubuntu 13.10
  2. Setup self signed ssl certificate on Owncloud 6 in Ubuntu 14.04 LTS Server
  3. How to configure self signed SSL certificate in owncloud Ubuntu
  4. Setup Nginx as proxy to serve ghost blog on port 80
  5. ghost blog reset password and activate user from sqlite
  6. Create upstart event system for ghost blog on Ubuntu
  7. Find date of expiry and issue of SSL certificate with command
  8. Create DV SSL Certificate and approve from CA authority
  9. Nagios Plugin : check ssl certificate expiry date
  10. Protect from SSL Drown Attack in AWS ELB, Apache and Nginx