Post Install - all good no ghost

Hey all,
I’m able to do the install without any issues (no SSL). I did try it with SSL and had the same non-error error. However, when I go to the site the page simply times out. I just need some troubleshooting tips.

I thought it was DNS resolution at first, but it’s been days and I can ping the site/host and get the correct IP back. A record is set up correctly.

Thanks for anything!

CLI 1.24.0
V - 5.51.2
Hosting on an Intersever VPS

Welcome to the Ghost community, @Fritz_Ferrante.

It would be helpful if you provided the correct URL, and details of the VPS, e.g., host OS version etc. plus output from ghost doctor.

Edit: As a moderator, I can see your original post text. As a consequence, I see that your web server is redirecting non-HTTPS to HTTPS, but there is no valid certificate.

HTTP request sent, awaiting response... 301 Moved Permanently
Unable to establish SSL connection.

Hey MJW, thanks for the quick response. I wasn’t sure how much I should advertise my domain, but thanks for the detective work.

I had uninstalled and rerun setup to remove SSL thinking that might be the issue, so I’m not sure why it’s pointing to SSL again.

The domain is fourankles.com/ghost.
It’s running on Ubuntu 22.04 TLS (Jammy)
Output:
:heavy_check_mark: Checking system Node.js version - found v16.20.0
:heavy_check_mark: Checking logged in user
:heavy_check_mark: Ensuring user is not logged in as ghost user
:heavy_check_mark: Checking if logged in user is directory owner
:heavy_check_mark: Checking current folder permissions
:heavy_check_mark: Checking system compatibility
:heavy_check_mark: Checking for a MySQL installation

  • sudo systemctl is-active ghost_fourankles-com
    ? Sudo Password [hidden]
    Instance is currently running
    :information_source: Validating config [skipped]
    :heavy_check_mark: Checking folder permissions
    :heavy_check_mark: Checking file permissions
    :heavy_check_mark: Checking content folder ownership
    :heavy_check_mark: Checking memory availability
    :heavy_check_mark: Checking binary dependencies
    :heavy_check_mark: Checking free space
    :heavy_check_mark: Checking systemd unit file
    :heavy_check_mark: Checking systemd node version - found v16.20.0

I can uninstall and go back SSL, but I can’t figure out my disconnect. The only time the server resolves correctly is when I used the IP and I get the NGINX holding page. I’m pretty sure it’s user error, but I’m not sure where to go to next.

Please share your Nginx configuration. This can be found in /etc/nginx/sites-available.

Hey MJW,
Here are two confs. There is also a default.

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name fourankles.com;
root /var/www/fourankles/system/nginx-root; # Used for acme.sh SSL verifica>

ssl_certificate /etc/letsencrypt/fourankles.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/fourankles.com/fourankles.com.key;
include /etc/nginx/snippets/ssl-params.conf;

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2368;

}

and for non-SSL natch:
server {
listen 80;
listen [::]:80;

server_name fourankles.com;
root /var/www/fourankles/system/nginx-root; # Used for acme.sh SSL verifica>

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2368;

}

location ~ /.well-known {
    allow all;
}

My best guess looking at this is that it’s pointed at local host?

What I suggest is this:

  1. Remove the symbolic link in /etc/nginx/sites-enabled

  2. Edit config.production.config to change the site to HTTPS

Ideally, you should only run HTTPS, so it’s best to resolve this setup. Moreover, if the Let’s Encrypt certificates were generated, you don’t need to try this again.

Make the changes and restart Ghost and Nginx.

Incidentally, I don’t use Let’s Encrypt; I generate certificates in Cloudflare.

Hey MJW,
Should I just clear out all entries in the sites-enabled folder? Sorry about my lack of knowledge here. I understand they are symbolics, but just don’t know what I’m doing.

F

Since you haven’t named the files, I can’t be precise. However, you need to delete the symbolic link for the HTTP config in /etc/nginx/sites-enabled. The file can still be found in /etc/nginx/sites-available if needed later.

Once you’ve done this, do sudo systemctl reload nginx, edit the site URL in you production.config.json to HTTPS, and restart ghost.

Hey Martin,

Thanks for your continuing help. I went a little farther and did a reinstall with https on. I can delete the items in the sites-available folder and they come back just fine.
The new issue appears to be a database error.

Ghost was able to start, but errored during boot with: Access denied for user ‘ghost-793’@‘localhost’ (using password: YES)

I’m thinking maybe a uninstall and then reinstall?

Fritz

I ended up uninstalling and reinstalling to get rid of the MySQL error. Everything looks great (meaning that there are no obvious errors), but the site still doesn’t work. I took a look at the config and I’m not sure specifically what I’m looking for, but again it looks in order. Let me know if you have any other hints.

F

Do you use ufw and enabled it for HTTPS?

How about this one?

Hey Shiny,

I do use UFW and I did add https to the rules, but there was no change.
As of this morning the Nginx status is listed as failed. So that happened during my evening. I can’t get it running manually (start, restart, reload, etc). My normal steps here would be restart and then reinstall. I might be muddying the water quite a bit at this point.

This morning I started reading the errors. Apparently, a path to a certificate isn’t correct. If I’m reading this correctly it’s looking in the /etc/letsencrypt/fourankles.com folder for a fullchain.cer. There is a fourankles.com_ecc file. Could this be the issue? Or am I reading this incorrectly?

F

I believe having fourankles.com_ecc file is fine.

As Johnny in the link said, I did adding _ecc after the domains in /etc/nginx/sites-available/fourankles.com-ssl.conf

In my case, it worked.

If you use CloudFlare, you might need to change SSL mode to Full(strict) from Flexible.

1 Like

This is your immediate issue. What is the error? Use journalctl. Also, how did uninstall Ghost etc.?

Hey Martin,

I used ghost uninstall and reinstalled and ran setup again. It couldn’t find the nginx installation. I assumed there must be remnants of previous installations and errors, so I thought instead of chasing problems I’d reset the server (thumbs up to a vps box).

I just finished the reinstall a few minutes ago. My new error is:

GhostError

Message: Ghost was able to start, but errored during boot with: Access denied for user ‘root’@‘localhost’
Help: Unknown database error
Suggestion: journalctl -u ghost_fourankles-com -n 50

So I checked the journal and there are no entries.
During the install I picked root as the mysql user per the instructions.

I want to apologize for jumping ahead, but the game of “whack-a-mole” was frustrating to chase down, so I thought this was the best approach.

F

I’d have done the same - one of the features of VPS, for sure! Are you sure you gave the install prompt the password for the root user IN MYSQL (not the actual root password)?

Hey Cathy,

I would like to think I did, but at this point I’m second guessing myself at every step.
I ran setup again and get the same DB error. I’ll dig in the forum to see if I can find something along the lines about that error.

F

There’s no no native password set for the root MySQL account.

Try this …

sudo mysql

# Set root password 
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
QUIT;
# This is good practice 
sudo mysql_secure_installation
# Test that you can login
sudo mysql -u root -p

Ideally, you should create another database user for Ghost that only has privileges for the one Ghost database.

Thank for the additional info Martin. I think I’m going to restart the VPS for fresh and use your alter user command during the setup. I do notice that everytime I run setup that I see there is another user created. The format is ghost-1234. It’s a different number each time.

Does that sound like the correct process?
Fritz

Okay. Clean VPS and fresh install. The only difference was that I added Martin’s extra work of putting in a password for the mysql root account and making it a secure installation.

At the end of the install the note is that it couldn’t restart Nginx. However, I checked systemctl and it running and doctor shows no errors.

So I then restarted ghost, but no luck.
Next I stop nginx (systemctl stop nginx) and then try to restart (systemctl start nginx) and it fails.
I check the journalctl and it looks like it can’t load the certificate!

Not sure what’s happening this time, but it felt closer. Let me know if you have any ideas.

Fritz