• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
sharadchhetri

sharadchhetri

Tutorials On Linux, Unix & Open Source

  • Home
  • Linux Commands
  • Resources
    • Learn Linux
  • My WordPress plugins

Setup self signed SSL certificate for ghost blog on Nginx

June 9, 2015 by Sharad Chhetri

In this post, we will learn how to setup self signed SSL certificate for ghost blog on Nginx . In our previous posts, we have written post on “setting ghost on nginx to serve at HTTP / Port 80” .

Recommended reading before starting to setup self signed SSL certificate for ghost blog on Nginx

  • How to install and run ghost on Ubuntu
  • Create upstart event system for ghost blog on Ubuntu
  • Setup Nginx as proxy to serve ghost blog on port 80

Description of our ghost server setup

Server Information Detail
Operating System Ubuntu 14.04 LTS server
Arch x86_64
Ghost Installation Directory /opt/ghost
Nginx Configuration File /etc/nginx
IP Address of Ghost server 192.168.122.185

Two scenarios of HTTPS with Nginx to run ghost blog

Scenario 1. Ghost blog running on both – HTTP and HTTPS
Scenario 2. Ghost blog running on HTTPS only.

Generate self signed SSL certificate

First we have to generate the self signed SSL certificate. Follow the given below steps.

Step 1. Install OpenSSL

sudo apt-get install openssl

Step 2. Create directory for keeping SSL certificates

mkdir -p /etc/nginx/sslcerts/

Generate Self Signed SSL Certificate with SHA2

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout /etc/nginx/sslcerts/ghost.key -out /etc/nginx/sslcerts/ghost.crt

You will get series of questions, type answers of each question. See the given below example –
SSL Ghost image

Now as we have discussed above about two scenarios, we will discuss one by one here.
You should select only one scenario which is best suited with your requirement. I hope it is very well addressed and should not have any confusion.

Ghost blog running on both – HTTP and HTTPS

Open your file editor and edit the ghost nginx configuration . In our setup it is /etc/nginx/sites-enabled/sharadchhetri . Kindly look for your ghost nginx configuration file.

server {
    listen 80;
    ### Add this new line for HTTPS
    listen 443 ssl;

    ### Replace sharadchhetri.com with your DOMAIN NAME
    server_name sharadchhetri.com www.sharadchhetri.com;

    ### setup the SSL certificates
    ssl_certificate        /etc/nginx/sslcerts/ghost.crt;
    ssl_certificate_key    /etc/nginx/sslcerts/ghost.key;

     location / {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-Proto $scheme;

### Replace 192.168.122.185 with your ghost server ip address on which it is listening 2368 port ##
      proxy_pass http://192.168.122.185:2368;
        
     }
 }

Restart the nginx service.

sudo service nginx restart

Now you can check your blog URL by opening with HTTP and HTTPS in your web browser. For example-

For HTTP:
http://example.com
or
http://www.example.com

For HTTPS:
https://example.com
or
https://www.example.com

Ghost blog running on HTTPS only

Do the settings in your ghost nginx configuration. You can clearly observe in our configuration, we have separated the HTTP and HTTP block. (This is done because of “HTTPS redirect loop error”)

Whenever request come to port HTTP , it will redirect to HTTPS. Hence, visitors will landed only to HTTPS URL of the blog.

Use the file editor and edit your ghost nginx configuration which you are using in your setup. In our ghost setup it is /etc/nginx/sites-enabled/sharadchhetri .


### START OF BLOCK : HTTP Setup
server {

listen 80;

## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;

## Redirect HTTP to HTTPS  
return 301 https://$host$request_uri;

}

### END OF BLOCK : HTTP Setup

##############################################

### START OF BLOCK : HTTPS Setup

server {

### To listen port on HTTPS/ port 443
listen 443 ssl;

## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;

######### SSL Certificates ##########
ssl_certificate        /etc/nginx/sslcerts/ghost.crt;
ssl_certificate_key    /etc/nginx/sslcerts/ghost.key;

### Start Of Block: Proxy Settings for Ghost Blog
location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $http_host;

    ## Replace 192.168.122.185 with your ghost server ip address # 2368 is default port no.
    proxy_pass         http://192.168.122.185:2368;
     
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
}

### End Of Block: Proxy settings for Ghost Blog

}

### END OF BLOCK : HTTPS Setup

Now at the end Restart the nginx service

sudo service nginx restart

Check your blog URL by opening with HTTP your web browser. It will redirect to HTTPS url of your blog. Obviously, if you open with HTTPS url, it will remain same with https:// .

You can use same nginx configuration setup with your DV/EV/UCC kind of SSL certificates which you obtained from your domain registrar.

Know about more, how to create DV SSL Certificate and approve from CA authority . This tutorial will help you to understand how to get DV SSL certificate from domain registrar like namecheap.

ghost https ssl image

Share this:

  • Twitter
  • Facebook
  • More
  • Print
  • Email
  • LinkedIn
  • Reddit
  • Tumblr
  • Pinterest
  • Pocket
  • Telegram
  • WhatsApp
  • Mastodon

Related posts:

  1. Setup Owncloud 6 with self signed SSL certificate on Ubuntu 13.10
  2. Setup self signed ssl certificate on Owncloud 6 in Ubuntu 14.04 LTS Server
  3. How to configure self signed SSL certificate in owncloud Ubuntu
  4. Setup Nginx as proxy to serve ghost blog on port 80
  5. ghost blog reset password and activate user from sqlite
  6. Create upstart event system for ghost blog on Ubuntu
  7. Find date of expiry and issue of SSL certificate with command
  8. Create DV SSL Certificate and approve from CA authority
  9. Nagios Plugin : check ssl certificate expiry date
  10. Protect from SSL Drown Attack in AWS ELB, Apache and Nginx

Filed Under: Linux Tagged With: ghost

Primary Sidebar

Our Social Media Presence

  • Facebook
  • GitHub
  • Twitter

Linux Command

What is Linux Internal And External Command

Linux Basic Commands With Examples For Every Beginner

tr command to convert lines to space , tab and vertical tab

smbpasswd command not found on CentOS 7 and RHEL 7

Solution : semanage command not found

Unix / Linux : How to print duplicate lines from file

More Posts from this Category

You Might Like These Articles!

simplecodesyntax wordpress plugin

SimpleCodeSyntax : My Another WordPress Plugin

Install Nginx

How To Install Nginx On Ubuntu 22.04 LTS

Install Latest Git package in Ubuntu Operating System

How To Always Install Latest Git Package In Ubuntu Operating System

Bash script for installing VirtualBox on Ubuntu 22.04 LTS Desktop

Install VirtualBox On Ubuntu 22.04 LTS Desktop (Bash Script)

libfuse

dlopen(): error loading libfuse.so.2 – Got Error On Ubuntu

Failed to open/create the internal network

VirtualBox Error: Failed to open/create the internal network

Always Useful Tips And Tricks

How to install korn shell ksh in Linux

rsync all files,hidden files,symlinks,hardlinks to remotes Linux Server

df command not showing correct free space in linux

How to download package using apt-get command in ubuntu

How to find when Operating system was installed in linux CentOS and Red Hat

Allow only members of Wheel group to use su command on RHEL/CentOS

WordPress host IP changed not able to open wp-admin and site page looks scattered

Explore 90+ Article On "Linux Tips And Tricks"

Copyright © 2023 ยท
The material in this site cannot be republished either online or offline, without our permission.
Proudly Blogging From Bharat.

  • Contact
  • About Me
  • My WordPress plugins
  • Privacy Policy