SSL Self Signed Certificate on Nginx with Ghost

In this post, we will learn how to setup self signed SSL certificate for ghost blog on Nginx . In our previous posts, we have written post on “setting ghost on nginx to serve at HTTP / Port 80” .

Recommended reading before starting to setup self signed SSL certificate for ghost blog on Nginx

Description of our ghost server setup

Server Information Detail
Operating System Ubuntu 14.04 LTS server
Arch x86_64
Ghost Installation Directory /opt/ghost
Nginx Configuration File /etc/nginx
IP Address of Ghost server 192.168.122.185

Two scenarios of HTTPS with Nginx to run ghost blog

Scenario 1. Ghost blog running on both – HTTP and HTTPS
Scenario 2. Ghost blog running on HTTPS only.

Generate self signed SSL certificate

First we have to generate the self signed SSL certificate. Follow the given below steps.

Step 1. Install OpenSSL

sudo apt-get install openssl

Step 2. Create directory for keeping SSL certificates

mkdir -p /etc/nginx/sslcerts/

Generate Self Signed SSL Certificate with SHA2

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout /etc/nginx/sslcerts/ghost.key -out /etc/nginx/sslcerts/ghost.crt

You will get series of questions, type answers of each question. See the given below example –
SSL Ghost image

Now as we have discussed above about two scenarios, we will discuss one by one here.
You should select only one scenario which is best suited with your requirement. I hope it is very well addressed and should not have any confusion.

Ghost blog running on both – HTTP and HTTPS

Open your file editor and edit the ghost nginx configuration . In our setup it is /etc/nginx/sites-enabled/sharadchhetri . Kindly look for your ghost nginx configuration file.

server {
    listen 80;
    ### Add this new line for HTTPS
    listen 443 ssl;

    ### Replace sharadchhetri.com with your DOMAIN NAME
    server_name sharadchhetri.com www.sharadchhetri.com;

    ### setup the SSL certificates
    ssl_certificate        /etc/nginx/sslcerts/ghost.crt;
    ssl_certificate_key    /etc/nginx/sslcerts/ghost.key;

     location / {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-Proto $scheme;

### Replace 192.168.122.185 with your ghost server ip address on which it is listening 2368 port ##
      proxy_pass http://192.168.122.185:2368;
        
     }
 }

Restart the nginx service.

sudo service nginx restart

Now you can check your blog URL by opening with HTTP and HTTPS in your web browser. For example-

For HTTP:
http://example.com
or
http://www.example.com

For HTTPS:
https://example.com
or
https://www.example.com

Ghost blog running on HTTPS only

Do the settings in your ghost nginx configuration. You can clearly observe in our configuration, we have separated the HTTP and HTTP block. (This is done because of “HTTPS redirect loop error”)

Whenever request come to port HTTP , it will redirect to HTTPS. Hence, visitors will landed only to HTTPS URL of the blog.

Use the file editor and edit your ghost nginx configuration which you are using in your setup. In our ghost setup it is /etc/nginx/sites-enabled/sharadchhetri .


### START OF BLOCK : HTTP Setup
server {

listen 80;

## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;

## Redirect HTTP to HTTPS  
return 301 https://$host$request_uri;

}

### END OF BLOCK : HTTP Setup

##############################################

### START OF BLOCK : HTTPS Setup

server {

### To listen port on HTTPS/ port 443
listen 443 ssl;

## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;

######### SSL Certificates ##########
ssl_certificate        /etc/nginx/sslcerts/ghost.crt;
ssl_certificate_key    /etc/nginx/sslcerts/ghost.key;

### Start Of Block: Proxy Settings for Ghost Blog
location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $http_host;

    ## Replace 192.168.122.185 with your ghost server ip address # 2368 is default port no.
    proxy_pass         http://192.168.122.185:2368;
     
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
}

### End Of Block: Proxy settings for Ghost Blog

}

### END OF BLOCK : HTTPS Setup

Now at the end Restart the nginx service

sudo service nginx restart

Check your blog URL by opening with HTTP your web browser. It will redirect to HTTPS url of your blog. Obviously, if you open with HTTPS url, it will remain same with https:// .

You can use same nginx configuration setup with your DV/EV/UCC kind of SSL certificates which you obtained from your domain registrar.

Know about more, how to create DV SSL Certificate and approve from CA authority . This tutorial will help you to understand how to get DV SSL certificate from domain registrar like namecheap.

ghost https ssl image

Articles

Install Nginx from source code on Ubuntu 14.04 LTS
ghost blog reset password and activate user from sqlite
How to install nginx from source on CentOS 7
Fixing Kazam crash on Ubuntu 20.04 LTS Desktop
How to install and run ghost on Ubuntu
Setup Nginx as proxy to serve ghost blog on port 80
Setup self signed ssl certificate on Owncloud 6 in Ubuntu 14.04 LTS Server
Setup Owncloud 6 with self signed SSL certificate on Ubuntu 13.10
Install and compile Nginx on Ubuntu 18.04 LTS server
Create upstart event system for ghost blog on Ubuntu
Nginx : could not build the server_names_hash, you should increase server_names_hash_bucket_size
Essential Linux Commands Every Beginner Should Know | With Examples
How to install nginx webserver from source on CentOS and RHEL
How To Install Nginx On Ubuntu 22.04 LTS
Create DV SSL Certificate and approve from CA authority

Sharad Chhetri is an experienced Linux, DevOps, Cloud Engineer & Freelancer. Working on various technologies since RHEL 4 era. He loves sharing the knowledge which he has earned from his experience.
You can contact him on email for freelance projects at admin@sharadchhetri.com.

Read Some More Articles

How to configure FTP server in CentOS 6.3 – vsftpd server
| |

How to configure FTP server in CentOS 6.3 – vsftpd server

BySharad Chhetri

How to configure FTP server in CentOS 6.3 – vsftpd server vsftpd, which stands for “Very Secure FTP Daemon”,vsftp is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL. vsftpd supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS. vsftpd is the…

blockquote in style.css applicable to wordpress and blogger sites

blockquote in style.css applicable to wordpress and blogger sites

BySharad Chhetri

blockquote for style.css applicable to wordpress and blogger sites Blockquotes are useful in blogging or any website because with the help of blockquote you can highlight the text in box with border or borderless as per your choice. Many readers of my blog have asked the question about how to have a common blockquote which…

ghost blog reset password and activate user from sqlite

ghost blog reset password and activate user from sqlite

BySharad Chhetri

Ghost blog by default uses the sqlite database. After installing the Ghost blog on Ubuntu , I forgot the password of user. Because of unsuccessful trial more than a limit, my user also get deactivated. We have setup the self hosted ghost blog , hence it is quite easy to reset the password and activate…

Installing Nagios-3.4.4 in CentOS 6.3
| |

Installing Nagios-3.4.4 in CentOS 6.3

BySharad Chhetri

Installing Nagios-3.4.4 in CentOS 6.3 This post is updated version of post “Installing Nagios-3.4 in CentOS 6.3”. The only difference here is , we will use the new EPEL repo rpm i.e epel-release-6-8.noarch.rpm. Rest of the steps are same Download the EPEL repo in your system yum install wget (use this command if you do…

how to upgrade ubuntu 16.04 LTS to 18.04 LTS
|

How To Upgrade Ubuntu 16.04 To 18.04 LTS Desktop

BySharad Chhetri

After release of Ubuntu 18.04 LTS (Bionic Beaver) on April 26, 2018 , I have been waiting to upgrade my Desktop from Ubuntu 16.04 LTS to 18.04 LTS Desktop Edition. I always prefer to go with LTS version because of Long Term Support and that’s it stands for too. Since the 12.04 LTS time, I…

rsync all files,hidden files,symlinks,hardlinks to remotes Linux Server
|

rsync all files,hidden files,symlinks,hardlinks to remotes Linux Server

BySharad Chhetri

rsync all files,hidden files,symlinks,hardlinks to remotes Linux Server I have used these flags -ravpzHogt along with rsync command many times in server migration. And I always get good results. Key features** (1) Date Time stamp of files and folder remain same as you find in source server. (2) Hidden files or directory recursively transfer to…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.