Separating Ghost Admin Panel and Front-End

Quoting Ghost,

" Security & trust
If running the front-end of your site and the Ghost admin client on the same domain, there are certain permissions escalation vectors which are unavoidable.

Ghost considers staff users to be “trusted” by default - so if you’re running in an environment where users are untrusted, you should ensure that Ghost-Admin and your site’s front-end run on separate domains."

I have many writers that will be writing on my publication on Ghost, I would not consider them “trusted”. What is the best way to go about this, so I am as safe as possible?

This section of the docs is suggesting that you run the Admin and Frontend on 2 separate domains. This is automatically how Ghost works if you’re using Ghost(Pro).

If you’re self-hosting, you’d need to decide on your 2 domains, point both of them at your Ghost install, and ensure SSL is setup for both as per the docs on SSL for additional domains:

Then you would update your configuration so that the main URL and admin URL are set as desired:

Ghost always requires a restart after config changes.

Would this require 2 hosting accounts? Or could this all be configured on 1 hosting account?

It’s a single Ghost install, configured to serve different parts of the application from different domains.

e.g. mysite.com and admin.mysite.com

As it doesn’t require 2 installs it also doesn’t require 2 hosting accounts.

Okay I am going to try to set this up, do you publish posts from the front-end or the admin?

I have everything set up on my 1 domain https://industryexperts.co including sending emails to members, will I have to switch any of that to the other domain?

All post editing and publishing is managed in Ghost Admin.

Members is part of the frontend.

As long as you configure Ghost correctly to know what the 2 URLs you want to use are, it’ll handle everything for you. Again, this is the default setup on Ghost(Pro) - you might want to consider hosting with us so we handle all this for you :slight_smile:

I would switch to Ghost(PRO) if they didn’t charge so high for having more staff users. I work with many writers and cannot afford the pricing system for Ghost(PRO) with all my writers.

Issue here is that it only seems to work for a root domain and a subdomain as all content is served from the admin url and wont show in a second subdomain.

eg. demo.website.com and admin.website.com - Content is in the CMS on admin however the content is served through demo

@tomMission if you’re trying to report a genuine problem, please be more specific. It sounds like one of your domains is misconfigured as there are no restrictions for what the two domains can be in Ghost itself.

Seems the confusion is (at least with me), is that there seems to be a need of 3 separate trust levels and not just 2 in certain situations as…

When you have “staff” users who are untrusted (example someone with the Author role) and who you do not want accessing the “backend” admin area, and only accessing the minimum required to create/edit their own content.

Yes, splitting the admin area to a seperate domain keeps the public out… but “staff” users as above will still have to access the content creation tools (ie admin area) from the admin domain. I may be wrong here, but the public domain can only be used for content reading correct?

The goal I believe is to have segmentation as follows:
Trusted Staff (truly trusted) → Trusted “Staff” (create/edit users) → Public (read only consumers)

Onlyfans would be a great example of this type of separation of privileges. One where “staff” aren’t really staff, but rather users (content creators) but in now way should be allowed access to backend stuffs.

Hopefully someone can help shed some light on recommended hosting methods in this case. How closely Ghost fits (or doesn’t) this capability and how much shoehorning would be required to do so…