Hello everyone!

So I’m a little new to Ghost and have been attempting to setup manually. The Ghost-CLI installer unfortunately has not ever completely worked for me for Ghost 5+, repeatedly not detecting nginx and other issues that prevent what would hopefully straightforward install. Probably for the best though, since I needed to get familiar with debugging the thing. I have manually configured nginx and ssl. Afterwards I have been able to run the ghost update and THEN it’s able to work with nginx. I’ve checked the config files and it looks like they do refer back to the port where ghost should be running on. Ghost says it installed successfully and both nginx and ghost are running on my systemctl.

The website: compoundingimprovement.com

The homepage does bring up a message that was built in by default in the var/www/html directory by the Ubuntu build. Apache is not listed as running so I’m honestly not sure why that even shows at all.

If you try going to compoundingimprovement.com/ghost, like the ghost installer says to finish the setup, you get a 404 not found error from Nginx. Which makes me think that Nginx is talking to the host but not talking to the Ghost db.

After that I hit a wall. I repeatedly checked the config files and they all looked good. The ports matched, etc. After looking at the error log it said that the permission was denied because the file wasn’t found. So I found the ghost index file in /current/index.js to see if that would work (it is the index file after all). Upon trying compoundingimprovement.com.current/index.js it returned an error message saying require(‘./ghost’);

I tried to find feedback for that online but details for that message are extremely sparse. The best I got was that maybe the Ghost directory isn’t recognizing the js node to run properly…?

And that’s where I’m at. If you need any specific files or error messages please let me know. Tried my best to debug it myself all the way through but this one got me stumped.

Thank you!

What’s the output from the following:

ghost ls
ghost doctor

Also please share your config.production.json, Nginx config files (redacting where necessary.)

ghost ls output:
compoundingimprovement-com │ /var/www/compoundingimprovement │ 5.35.0 │ running (production) │ http://compoundingimprovement.com │ 2369 │ systemd

ghost doctor output:
Checking system Node.js version - found v16.19.1

Checking logged in user

Ensuring user is not logged in as ghost user

Checking if logged in user is directory owner

Checking current folder permissions

Checking system compatibility

Checking for a MySQL installation

• sudo systemctl is-active ghost_compoundingimprovement-com

? Sudo Password [hidden]

☲ Validating configSorry, try again.

? Sudo Password [hidden]

Instance is currently running

Validating config [skipped]

Checking folder permissions

Checking file permissions

Checking content folder ownership

Checking memory availability

Checking binary dependencies

Checking free space

Checking systemd unit file

Checking systemd node version - found v16.19.1

config.production.json output:

{
“url”: “http://compoundingimprovement.com”,
“server”: {
“port”: 2369,
“host”: “127.0.0.1”
},
“database”: {
“client”: “mysql”,
“connection”: {
“host”: “localhost”,
“user”: “root”,
“password”: “root”,
“database”: “g_josh”
}
},
“mail”: {
“transport”: “Direct”
},
“logging”: {
“transports”: [
“file”,
“stdout”
]
},
“process”: “systemd”,
“paths”: {
“contentPath”: “/var/www/compoundingimprovement/content”
}
}

nginx default.conf
server {
server_name compoundingimprovement.com;

#access_log  /var/log/nginx/host.access.log  main;

location / {
   root   /var/www/compoundingimprovement;

}

#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
#    root           html;
#    fastcgi_pass   127.0.0.1:9000;
#    fastcgi_index  index.php;
#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
#    include        fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
#    deny  all;
#}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/compoundingimprovement.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/compoundingimprovement.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = compoundingimprovement.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen       80;
server_name  compoundingimprovement.com;
return 404; # managed by Certbot

}

nginx compounding improvement config output:

server {
listen 80;
listen [::]:80;

server_name compoundingimprovement.com;
#root /var/www/compoundingimprovement/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
root /var/www/compoundingimprovement/current/
index index.js

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2369;
    
}

location ~ /.well-known {
    allow all;
}

client_max_body_size 50m;

}

As a bonus, here is the nginx log file as well

2023/02/20 20:59:25 [error] 4430#4430: *323 directory index of “/var/www/compoundingimprovement/” is forbidden, client: 108.162.245.47, server: compoundingimprovement.com, request: “GET / HTTP/1.1”, host: “compoundingimprovement.com”

It’s late where I am, but your Nginx config has errors. You don’t need the error page directives, and a line directs all non-https traffic to 404.

If you intend to use https, then make sure the URL for the site reflects this in config.production.json, and your Nginx config resembles something like that below. Note, I use Cloudflare for my certificates, so you’ll need to adjust for Let’s Encrypt.

server {
    listen 80;
    listen [::]:80;

    server_name compoundingimprovement.com;
    return 301 https://compoundingimprovement.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name compoundingimprovement.com;

    access_log /var/log/nginx/compoundingimprovement_com.log;
    error_log /var/log/nginx/compoundingimprovement_com.log;

    ssl_certificate /etc/ssl/certs/compoundingimprovement_com-cert.pem;
    ssl_certificate_key /etc/ssl/private/compoundingimprovement_com-key.pem;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2369;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Frame-Options SAMEORIGIN always;
        add_header X-XSS-Protection "1; mode=block" always;
    }

    client_max_body_size 50m;
}

Copy that. Tried making the changes but still getting the same error unfortunately

You’ll have to share your Ghost and Nginx configuration.

I also note that you have a 403 error now and not 404.

Here you go!

Ghost config:
cat config.production.json
{
“url”: “https://compoundingimprovement.com”,
“server”: {
“port”: 2369,
“host”: “127.0.0.1”
},
“database”: {
“client”: “mysql”,
“connection”: {
“host”: “localhost”,
“user”: “root”,
“password”: “root”,
“database”: “g_josh”
}
},
“mail”: {
“transport”: “Direct”
},
“logging”: {
“transports”: [
“file”,
“stdout”
]
},
“process”: “systemd”,
“paths”: {
“contentPath”: “/var/www/compoundingimprovement/content”
}
}

Nginx Config:

cat compoundingimprovement.com.conf
server {
listen 80;
listen [::]:80;

server_name compoundingimprovement.com;
return 301 https://compoundingimprovement.com$request_uri;

root /var/www/compoundingimprovement/system/nginx-root; 

Used for acme.sh SSL verification (https://acme.sh)

}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name compoundingimprovement.com;

access_log /var/log/nginx/compoundingimprovement_com.log;
error_log /var/log/nginx/compoundingimprovement_com.log;

ssl_certificate 

###redacted###

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2369;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options SAMEORIGIN always;
    add_header X-XSS-Protection "1; mode=block" always;        
}


client_max_body_size 50m;

}

It would help other if you took the time to correctly format the config files.

Nonetheless, if the Nginx configuration has no error—use sudo nginx -t—this indicates another problem.

Therefore, check the error logs:

tail -f /var/log/nginx/compoundingimprovement_com.log

Apologies for that. I have the log directory but no log file specifically for compounding improvement_com.log

Would the general error log work in its stead?

From what you posted, you have:

error_log /var/log/nginx/compoundingimprovement_com.log;

Have you gone through these steps after creating the Nginx configuration file? Assuming this is compoundingimprovement_com.conf.

sudo -i
ln -s /etc/nginx/sites-available/compoundingimprovement_com.conf /etc/nginx/sites-enabled/
nginx -f
# If no errors:
systemctl reload nginx
exit