Hi t1-tracey,
I have kind of the opposite use case running (forwarding from www.whatever.xyz to ghost hosted on whatever.xyz). Maybe I can help with the configuration. There probably is a simpler way, but for now it works for me.
Three things upfront:
- As initally said, I am using the opposite redirect. I have written the examples with your use case i.e. forwarding to www. in mind
- I am using certbot to obtain the SSL-certificates from Let’s Encrypt for the non-ghost administrated parts, while ghost uses the acme.sh script for certificate management. Up to now it looks like the two processes come along quite well, but I only have it running for a few days and I have not tried to renew anything.
- Make a backup before testing (especially of /etc/nginx/sites-available as certbot will edit those files and things can get broken)
OS: Ubuntu 22.04
Let’s get started:
Part 1 - configuring nginx:
Make a new configuration file in /etc/nginx/sites-available.
Obviously do not use a name that was used by the ghost installation routine.
sudo nano /etc/nginx/sites-available/mylittletestingsite.net.conf
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mylittletestingsite.net;
return 301 https://www.mylittletestingsite.net$request_uri;
}
In case you do not have ipv6 running, you can leave out the two listen [::]: statements
The idea of this file is to collect everything (http and https) that comes in from mylittletestingsite.net and permanently (301) redirect it to https://www.mylittletestingsite.net
However, to allow secure connections to https://mylittletestingsite.net without warning, we need a certificate for that domain. We will obtain this certificate with certbot, but before that we have to create a link to the file we just have created in /etc/nginx/sites-enabled to make it active:
sudo ln -s /etc/nginx/sites-available/mylittletestingsite.net.conf /etc/nginx/sites-enabled/
after testing for syntax problems with nginx -t we can restart nginx (reload probably would also work).
sudo systemctl restart nginx
Part 2 - certbot & getting certificate:
This is largely based on the following post (for reference):
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04
Update snap:
sudo snap install core; sudo snap refresh core
Install certbot with snap (alternative to apt)
sudo snap install --classic certbot
Link certbot from install dir to /usr/bin (sometimes necessary to use it from the CLI)
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Now it is time to fetch the required certificates.
It is important to specify the domain that has NOT been used in the ghost installation routine! Certbort will look in the files in /etc/sites-available for the server block with the given name and edit that block.
sudo certbot --nginx -d mylittletestingsite.net
The interactive script will ask for an email address and then obtain and install the certificates. It will also edit the file in /etc/nginx/sites-available that we created in Step 1 and set up a system.d timer for regular renewal (alternative to crontab)
After restarting nginx, the redirects from https://mylittletestingsite.net to https://www.mylittletestingsite.net should work.
sudo systemctl restart nginx
Hope that helps.
Alex