What version of Ghost are you using? Ghost-CLI version: 1.13.1 // Ghost version: 3.9.0
What configuration? DigitalOcean 1-Click Droplet with Cloudflare
What browser? N/A
What errors or information do you see in the console? 502 Bad Gateway
This is with a fresh DO Droplet and the 1-Click install of Ghost from the DO Marketplace. ghost doctor reports nothing wrong, and the startup for ghost start looks fine in the output and provides the default URL for the admin interface. When directly navigating to https://DO-Droplet-IP I see the vanilla 502 Bad Gateway nginx page.
I did find this issue on github that began as a support request and evolved into a bug in Ghost-CLI where the default config.production.json points at the incorrect port but after updating hasn’t solved the issue.
On the Cloudflare end, I have SSL/TLS encryption mode set to “Full” which is “Encrypts end-to-end, using a self signed certificate on the server” (applies to me as the Droplet uses a Let’s Encrypt certificate). I verified that jmk.sh-ssl.conf is pointing at the created Lets Encrypt certificate. I have the following settings for my Edge Certificates:
Always use HTTPS - enabled
HTTP Strict Transport Security (HSTS) - disabled
Minimum TLS Version - TLS 1.3
TLS 1.3 - On (this is a separate setting from above)
Automatic HTTPS Rewrites - on
Universal SSL - enabled
I found some other topics related to 502 on image upload but none of the troubleshooting there seemed to help, or I wasn’t quite sure if it applied.
I changed mode to Full (Strict), TLS to 1.0 and toggled the separate TLS 1.3 setting to off, still resulting in 502. Put domain into “Development Mode” and no changes. Browsing to the Droplet’s direct IP displays a 502 as well so it’s no surprise Development Mode didn’t change anything.
Verified that ghost has been running the whole time with ghost ls, listing in the default /var/www/ghost location and running on port 2368. ghost doctor has never thrown an issue for me and still isn’t after updating the above settings, sadly. I verified that /etc/nginx/sites-enabled/jmk.sh.conf is listening on the correct port:
Thanks for sharing! Unfortunately it didn’t work for me, but I appreciate you adding your troubleshooting.
Performed the following: ghost config url https://jmk.sh followed by ghost stop and ghost start then verifying the instance with ghost ls. 502 error persisted, ran ghost doctor and see no errors.
So when I followed the instructions on the previously-mentioned GitHub issue related to the port Ghost listens on, I updated jmk.sh.conf to 2368 but not jmk.sh-ssl.conf. I pasted my non-SSL configuration above as that’s what I had open when writing the reply, but realized I may not have updated the port in both config files.
Lo and behold, there was the issue: jmk.sh-ssl.conf hadn’t been updated to listen on the correct port. Changed it, and now everything is right as rain.
The issue needs to be fixed on the 1-Click Droplet I believe, which is why the issue isn’t manifesting at large.
Thanks again for your help, it’s truly appreciated.