Ghost Buster

A memory of Howto Install Ghost on Debian Buster...

Working through https://ghost.org/docs/install/ubuntu/ - the docs are fab - :namaste: Ghost Team.

Getting nodejs installed

sudo apt install -y npm
# wow - that's a whole lot of dependency :(
npm --version
# 5.8.0
node --version
# v10.21.0

Hmmm - but I see that Ghost prefer nodejs v12 - https://ghost.org/faq/node-versions/ - which is ok as npm can pull us up to latest stable :)

sudo npm install -g npm@latest
# + npm@6.14.8
sudo npm i -g n
sudo n stable
# node-v12.18.3

Ummm - was that too easy? Debian rocks!

NGINX

sudo apt install nginx
# Reading package lists... Done
# Building dependency tree
# Reading state information... Done
# nginx is already the newest version (1.14.2-2+deb10u3).
# 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

so that was already fine...

MariaDB

sudo apt install -y mariadb-server
# Reading package lists... Done
# Building dependency tree
# Reading state information... Done
# mariadb-server is already the newest version (1:10.3.23-0+deb10u1).
# 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

So that was ok too :) we're on a roll - let's set up the database manually, using my preferred naming standard - ghost_(blog-corename) with matching user.

sudo mariadb
create user ghost_jaguart@localhost identified by '************';
create database ghost_jaguart;
grant all on ghost_jaguart.* to ghost_jaguart@localhost;

Ghost-cli and Ghost

# install the cli
sudo npm i -g ghost-cli@latest
sudo mkdir /var/www/www.jaguart.tech
sudo chown jeff:jeff !$
cd !$
# check permissions - non-root, 0755
ls -al

So we are ready to install Ghost itself - note the following:

  • The Database and DB user are already set-up.
  • Don't let Ghost dicker with SSL/Certificates - I use the Debian installation of LetsEncrypt (aka certbot) to manage ALL sites on this web-server, including non-Ghost ones.
  • Don't get Ghost to setup NGINX - the Ghost-Way is different from all the other sites on the server.
  • Do get Ghost to setup systemd - that part works nicely.
ghost install
ghost ls

So that is all hunky-dorey... but I want to share the Ghost software with other blog installations on this web-server, and I don't want to back the Ghost software up as that's always reconstructable from the NPM repository.... so let's Debianise the Ghost installation by moving the software out of document root.

ghost stop
sudo mkdir -p /usr/share/ghost
sudo chown jeff:jeff /usr/share/ghost
mv versions/ /usr/share/ghost
ln -s /usr/share/ghost/versions/
ll
ghost start
ghost ls

Noice! (as they say here in Melbourne).

So far, so good - but the blog is not yet exposed via NGINX... and that needs a wee twiddle...

NGINX activation

So using this initial config, note that there is no-ghost - we just want to get certbot to request the server certificate...

# /etc/nginx/sites-available/www.jaguart.tech
server {
  server_name jaguart.tech;
  listen 80;
  listen [::]:80;

  # GHOST likes this doc-root
  root /var/www/www.jaguart.tech/system/nginx-root;

  # LetsEncrypt support
  location ~ /.well-known {
    allow all;
    try_files $uri =404;
  }

  location / {
    allow all;
  }

}
sudo systemctl restart nginx

Website is available - and empty...

# get HTTPS working...
certbot

Cool - so that worked... we can now plug ghost in and quickly initialise the Owner account.

Switch the NGINX configuration to:

# /etc/nginx/sites-available/www.jaguart.tech
server {

  server_name jaguart.tech;

  listen 80;
  listen [::]:80;

  # Jeff 10-Sep-19: GHOST likes this doc-root
  root /var/www/www.jaguart.tech/system/nginx-root;

  # certbot
  location ~ /.well-known {
    allow all;
    try_files $uri =404;
  }

  # certbot via HTTP 
  # otherwise, external redirect to HTTPS
  return 301 https://$host$request_uri;

}

server {

  server_name jaguart.tech;
  # Jeff 10-Sep-19: GHOST likes this doc-root
  root /var/www/www.jaguart.tech/system/nginx-root;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  ssl_certificate /etc/letsencrypt/live/jaguart.tech/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/jaguart.tech/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  client_max_body_size 50m;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2368;
  }

  # certbot
  location ~ /.well-known {
    allow all;
    try_files $uri =404;
  }

  # addons
  location ~ /media {
    allow all;
    try_files $uri =404;
  }

}

Activate the new site - sudo systemctl restart nginx - woohoo! access the admin URL and set up the owner account...

  • done-and-dusted
  • sponsored-by...
  • blows imaginary pistol smoke

Time for a cuppa! :tea: