Ghost in subdirectory on different server IP is giving 502 bad gateway

Hi there,

I’ve seen this question asked before and tried all the solutions but can’t seem to get this issue resolved.

Here’s my setup. I’m using digital ocean and have 2 droplets setup.

Droplet 1 has my main website. (https://placenote.com)
Droplet 2 has my ghost blog

I want to proxy pass a subdirectory ( / blog ) to the ghost server ip.

So here’s my nginx config from my main website that shows the proxy pass. Ofcourse, I restarted nginx after the config was made.

server {

        root /var/www/placenote.com/html;
        index index.html index.htm index.nginx-debian.html;

        server_name placenote.com www.placenote.com;

        location / {

                if ($request_uri ~ ^/(.*)\.html$) {
                     return 301 /$1;
                }

                try_files $uri $uri.html $uri.php $uri/ =404;
        }

        location /blog {
                proxy_pass https://167.99.151.66:2368;
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }


	error_page 404 /404.html;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/placenote.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/placenote.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
    if ($host = www.placenote.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = placenote.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name placenote.com www.placenote.com;
    return 404; # managed by Certbot

}

Now on the ghost droplet i have run the following:
ghost config url https://placenote.com/blog
ghost restart

also restarted nginx for good measure. Here’s a small section of my ghost config that shows the new url:

  "url": "https://placenote.com/blog",
  "server": {
    "port": 2368,
    "host": "127.0.0.1"

I also checked my sites-available and saw that there’s a sites-available file listening for port 80, which I assume is doing nothing because i’m proxying straight to the 2368 port. But anyway, I’ll post it here.

file from my /etc/nginx/sites-available on the ghost droplet

server {
    listen 80;
    listen [::]:80;

    server_name placenote.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location ^~ /blog {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;
        proxy_redirect off;
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

Could you help me figure out why I’m still getting a bad gateway error with this proxy pass configuration ? I really appreciate the help.

Hey @nmathew :wave:

You’re running into the bad gateway error because your Ghost instance doesn’t listen for external connections. I’d suggest running both Ghost and your website on the same instance for security, but if you absolutely can’t, you need to configure ghost to listen on 0.0.0.0 and configure your firewall to only allow connections from your LAN. If you don’t have a LAN set up, here’s an overview from DO:

Hmm, ok interesting. Good to know.

I was having an issue installing a new instance of ghost on the same instance as my website because during the MySQL installation process whenever I switch the root user from auth token to password based auth, it would keep saying access denied. I’ll try that again.

Also quick question - when installing ghost on an instance where another website is already running and SSL is already installed - can I skip the SSL certificate part of ghost installation since it will be in a subfolder ? I kept getting a process error when trying to choose the subfolder based URL during the ssl installation

Yep, you can skip SSL installation if it’s managed by something else. You will probably also want to skip nginx setup since you already have a configuration for your website