In this post, we will learn how to setup self signed SSL certificate for ghost blog on Nginx . In our previous posts, we have written post on “setting ghost on nginx to serve at HTTP / Port 80” .
Recommended reading before starting to setup self signed SSL certificate for ghost blog on Nginx
- How to install and run ghost on Ubuntu
- Create upstart event system for ghost blog on Ubuntu
- Setup Nginx as proxy to serve ghost blog on port 80
Description of our ghost server setup
| Server Information | Detail |
|---|---|
| Operating System | Ubuntu 14.04 LTS server |
| Arch | x86_64 |
| Ghost Installation Directory | /opt/ghost |
| Nginx Configuration File | /etc/nginx |
| IP Address of Ghost server | 192.168.122.185 |
Two scenarios of HTTPS with Nginx to run ghost blog
Scenario 1. Ghost blog running on both – HTTP and HTTPS
Scenario 2. Ghost blog running on HTTPS only.
Generate self signed SSL certificate
First we have to generate the self signed SSL certificate. Follow the given below steps.
Step 1. Install OpenSSL
sudo apt-get install openssl
Step 2. Create directory for keeping SSL certificates
mkdir -p /etc/nginx/sslcerts/
Generate Self Signed SSL Certificate with SHA2
openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout /etc/nginx/sslcerts/ghost.key -out /etc/nginx/sslcerts/ghost.crt
You will get series of questions, type answers of each question. See the given below example –
Now as we have discussed above about two scenarios, we will discuss one by one here.
You should select only one scenario which is best suited with your requirement. I hope it is very well addressed and should not have any confusion.
Ghost blog running on both – HTTP and HTTPS
Open your file editor and edit the ghost nginx configuration . In our setup it is /etc/nginx/sites-enabled/sharadchhetri . Kindly look for your ghost nginx configuration file.
server {
listen 80;
### Add this new line for HTTPS
listen 443 ssl;
### Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;
### setup the SSL certificates
ssl_certificate /etc/nginx/sslcerts/ghost.crt;
ssl_certificate_key /etc/nginx/sslcerts/ghost.key;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
### Replace 192.168.122.185 with your ghost server ip address on which it is listening 2368 port ##
proxy_pass http://192.168.122.185:2368;
}
}
Restart the nginx service.
sudo service nginx restart
Now you can check your blog URL by opening with HTTP and HTTPS in your web browser. For example-
For HTTP:
http://example.com
or
http://www.example.com
For HTTPS:
https://example.com
or
https://www.example.com
Ghost blog running on HTTPS only
Do the settings in your ghost nginx configuration. You can clearly observe in our configuration, we have separated the HTTP and HTTP block. (This is done because of “HTTPS redirect loop error”)
Whenever request come to port HTTP , it will redirect to HTTPS. Hence, visitors will landed only to HTTPS URL of the blog.
Use the file editor and edit your ghost nginx configuration which you are using in your setup. In our ghost setup it is /etc/nginx/sites-enabled/sharadchhetri .
### START OF BLOCK : HTTP Setup
server {
listen 80;
## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;
## Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
### END OF BLOCK : HTTP Setup
##############################################
### START OF BLOCK : HTTPS Setup
server {
### To listen port on HTTPS/ port 443
listen 443 ssl;
## Replace sharadchhetri.com with your DOMAIN NAME
server_name sharadchhetri.com www.sharadchhetri.com;
######### SSL Certificates ##########
ssl_certificate /etc/nginx/sslcerts/ghost.crt;
ssl_certificate_key /etc/nginx/sslcerts/ghost.key;
### Start Of Block: Proxy Settings for Ghost Blog
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
## Replace 192.168.122.185 with your ghost server ip address # 2368 is default port no.
proxy_pass http://192.168.122.185:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
### End Of Block: Proxy settings for Ghost Blog
}
### END OF BLOCK : HTTPS Setup
Now at the end Restart the nginx service
sudo service nginx restart
Check your blog URL by opening with HTTP your web browser. It will redirect to HTTPS url of your blog. Obviously, if you open with HTTPS url, it will remain same with https:// .
You can use same nginx configuration setup with your DV/EV/UCC kind of SSL certificates which you obtained from your domain registrar.
Know about more, how to create DV SSL Certificate and approve from CA authority . This tutorial will help you to understand how to get DV SSL certificate from domain registrar like namecheap.
