I have consulted Doctor Google to no avail. I am looking for the documentation on self-hosting.
I have a multi-blog VPS configured, up and running… so far so good, but there seems to be a dearth of information on:
backups - what, how - looks like a MySQL + Filesystem combo, JSON export?
security / hardening - hmmm - looks like lots of odd traffic - what should I expect
monitoring / testing - argh - embedded colour codes in syslog - how to manage the log contamination?
distro-specific hints - e.g. on Debian stable (aka Stretch):
DONT use acme.sh - use upstream updated certbot from back-ports.
DONT use the ghost-cli mysql-user creation - it doesn’t work for MariaDB with socket-auth-thingy
sharing versions - 5 blog sites - each with 300MB of versions = 1.5G - links to the rescue!
So my question is - where are good documentation resources for VPS hosting of Ghost?
Backups - This is WIP, but stalled in the speccing stage right now. You’re right that it’s a MySQL / FS combination for your core data - as long as you backup your database and the /path/to/ghost/content folder, you should be good.
Security / hardening - the documentation links to DO’s basic hardening guide, which, imho, should protect you pretty well (limiting open ports to ssh / http(s), preventing password-based auth, etc.). I think the biggest thing I personally would add to it is unattended-upgrades. I think the Ghost team doesn’t provide too much guidance on this since server hardening is a pretty complex topic that lot’s of people have opinions about
Monitoring / testing - Systemd is responsible for restarting failed [ghost] processes. The only issue you might run into is auto-updates to ghost. There’s something in the CLI planned for this, although it hasn’t been worked on. If you don’t want color, add the --no-color option to your command (I’m not exactly sure if this can be configured for the background process though )
Distro-specific hints: This doesn’t exist in the documentation because it deviates from the recommended stack - Here’s a quote from the CLI repo:
The team behind Ghost CLI only supports this stack. This restriction is very deliberate, as every additional option for configuration or divergent piece of code required to support an additional environment creates exponential complexity and maintenance overhead.
Our primary focus for the project is ensuring that everyone that uses the recommended system stack is able to install, configure, start, stop, restart, update & list their Ghost sites. This includes developing better testing to ensure we are able to
Sharing versions - This might be something to drop in Ideas! - I’m not sure if there’s a negative reason as to why this wasn’t done, but it doesn’t hurt to ask for it!
I know I haven’t fully answered your question, rather gave a little bit more information in each aspect. The biggest reason for this is because other than Ghost for Beginners (@DavidB) I don’t really know of any trustworthy site with how-to’s / documentation that would be helpful. With the new forum, I think the best place to get answers would be here, by asking questions!
Backups - is only half of the equation, a usable backup needs a restore. Doing MySQL+file-system isn’t ideal - ties you to a specific storage engine. Best option would be CLI access to the JSON export-api - and get it to create the backup-json in the content (or other specified) folder. Then a single file-system backup would suffice, and the backup could be manually reinstalled/merged via the /ghost/ app Importer - i.e. that could be enhanced to allow selective / filtered import of Posts, and to not overwrite updated Posts with the same IDs (maybe Importer already has this conflict-resolution built in?)
Hardening - I was looking for more about GHOST specifically - not hardening the server - for example, I’ve discovered that there are privacy questions - Ghost/PRIVACY.md at main · TryGhost/Ghost · GitHub where the default install is not private. Also, I wonder about the blog-ghost user - should this user be zapped asap? Does it have a well-known password? What rights does it have by default etc. I’ve already deleted mine - I guess I could do another install to see - but it’s the kind of thing that should be documented. Maybe there are other things I have yet to discover where Ghost makes public the default rather than private? etc.
Distro-specific - I understand the Ghost-Guys’n’gals not wanting to support every odd OS in the world - they would drown in the noise! They could facilitate / curate a list of links to users that have discovered Distro specifics - e.g. the Letsencrypt packaging is less than ideal on a Debian host that has non-Ghost websites, esp. when Debian provides a well supported back-ports for up-to-date certbot usage. The MySQL setup doesn’t work on a MySQL(MariaDB) system with socket-authentication plugin enabled etc. They are all only minor things - but you need the knowledge, and everyone has their own fav-distro.
)
hoorah!