Setting Up SSL on Ngninx - Missing Config

If you’re looking for some help, it’s important to provide as much context as possible so that people are able to assist you. Try to always mention:

• What’s your URL? This is the easiest way for others to debug your issue
  www.santoroski.com

• What version of Ghost are you using?
  3.37.1

• What configuration?
  Ubuntu 18.04

• What browser?
  Firefox

• What errors or information do you see in the console?
  Nginx config file does not exist, skipping SSL setup

• What steps could someone else take to reproduce the issue you’re having?
  Ghost setup ssl

I set up initially without SSL, now going back and trying to add it, but it says that the config file does not exist. Is there something I am missing?

Hi Michael!

I am new to Ghost myself, but I will try to help you if I can.

I see you have installed Ghost on a Ubuntu server. For reference, you can find the setup guide for Ubuntu here: How to install & setup Ghost on Ubuntu 20.04 or 22.04

By going back you mean re-running the Ghost setup script? In other words you have used the command ghost setup ssl?

In the guide, it says…

If you used an https Blog URL and have already pointed your domain to the right place, Ghost-CLI can automatically set up SSL for you using Let’s Encrypt.

By what I can tell your site is already using SSL, but it’s issued by Cloudflare, not Let’s Encrypt. There might be a conflict here.

As for config file, I think it’s referring to this directory on your server:
/etc/nginx/sites-enabled

The full path to config file should be something like this:
/etc/nginx/sites-enabled/www.santoroski.com-ssl.conf

See if this file exists.

@santoroski what version of Ghost-CLI are you using? We made some changes in Ghost-CLI v1.15.1 that could affect this, but I’m not sure

Also, can you run ls -al /etc/nginx/sites-available and see if you see your site’s domain listed in the output?

To see what version of Ghost-CLI you have installed, you can run this command:
ghost --version

Or the shorter version of it:
ghost -v

Ghost-CLI version: 1.15.2

blog.santoroski.com.conf → /var/www/ghost/system/files/blog.santoroski.com.conf

I had set it up as blog.santoroski.com – but used ghost config url http://www.santoroski.com

Here is my ngnix conf file:

server {
listen 80;
listen [::]:80;

server_name blog.santoroski.com santoroski.com www.santoroski.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification $

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2368;

}

location ~ /.well-known {
    allow all;
}

That configuration block looks OK. As a reference, I’m looking at my own configuration file for a Ghost installation I did yesterday. So that looks like the default configuration. The only difference I see here is that you have multiple domains listed like server_name blog.santoroski.com santoroski.com www.santoroski.com; whereas I only have one domain, I don’t have subdomains.

If I understand correctly…

File:

/var/www/ghost/system/files/blog.santoroski.com.conf

Content:

server {
listen 80;
listen [::]:80;

server_name blog.santoroski.com santoroski.com www.santoroski.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification $

location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2368;

}

location ~ /.well-known {
    allow all;
}

During initial installation using ghost install command, you typed in this as your URL:
http://blog.santoroski.com

But then you changed your mind about the URL, so you used this command to change it:
ghost config url http://www.santoroski.com

For reference on the ghost config url command, I will add this link:
https://ghost.org/faq/change-configured-site-url/

As I understand it, when you type in a URL (during install or afterwards) that you intend to install an SSL certificate on, you have to type in https instead of http.

So the command to change the URL should be:
ghost config url https://www.santoroski.com

Instead of:
ghost config url http://www.santoroski.com

Before you run the ghost setup ssl command to install an SSL certificate.

@acburdine can this command be used to install an SSL certificate from another issuer like Cloudflare, or is it only used for installing a free SSL certificate from Let’s Encrypt?

Also, I’m not entirely sure if this is a valid location for a configuration file:
/var/www/ghost/system/files/blog.example.com.conf

By default, it should be located in:
/etc/nginx/sites-available/blog.example.com.conf

As a reference I’m looking at the way it’s set up on a new VPS I installed Ghost on yesterday, using Ubuntu 20.04 LTS.

The file is in /etc/nginc/sites-available.

Good and bad news. I was able to get “ghost setup ssl” to install the SSL after changing the URL to https://blog.santoroski.com – however, this got me into a redirect loop.

Probably, this is some misconfiguration with my DNS on Cloudflare.

But I feel like I am making progress.

It does sound to me like there might be two places or two ways to configure SSL and Cloudflare might be interfering. I suspect that the Ghost-CLI can only help you in installing a free SSL certificate from Let’s Encrypt.

For sure, I can see now that blog.santoroski.com is verified by “Cloudflare” and it’s now using https. I’m not familiar with Cloudflare or very experienced with SSL but this might be a paid SSL you have via Cloudflare, and it might be valid for subdomains.

I’m speculating now, but https might have been the only thing missing to secure your site (santoroski.com) including any subdomain you might add to it (blog.santoroski.com).

there is no folder like this and I cant get assets etc.

my main folder at /home/user/web/domain/public_html/ not at the var folder.

I installed with ghost install local without using mysql

last logs:

188.XXX.XXX.XX - - [21/Oct/2022:13:44:18 +0300] "GET /members/api/member/ HTTP/2.0" 204 0 "https://domain.com/blog/ways-to-remember-something/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:44:18 +0300] "GET /ghost/api/content/settings/?key=ed0346a1851d34600f626b4cc5&limit=all HTTP/2.0" 304 0 "https://domain.com/blog/ways-to-remember-something/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:44:18 +0300] "GET /ghost/api/content/tiers/?key=ed0346a1851d34600f626b4cc5&limit=all&include=monthly_price,yearly_price,benefits HTTP/2.0" 304 0 "https://domain.com/blog/ways-to-remember-something/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX- - [21/Oct/2022:13:44:18 +0300] "GET /ghost/api/content/newsletters/?key=ed0346a1851d34600f626b4cc5&limit=all HTTP/2.0" 304 0 "https://domain.com/blog/ways-to-remember-something/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX- - [21/Oct/2022:13:48:05 +0300] "GET / HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:05 +0300] "GET /assets/built/screen.css?v=06e13de5c0 HTTP/2.0" 404 1422 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:05 +0300] "GET /public/cards.min.css?v=06e13de5c0 HTTP/2.0" 404 1422 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /assets/built/casper.js?v=06e13de5c0 HTTP/2.0" 404 1422 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /public/cards.min.js?v=06e13de5c0 HTTP/2.0" 404 1422 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /public/member-attribution.min.js?v=06e13de5c0 HTTP/2.0" 404 1422 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /members/api/member/ HTTP/2.0" 204 0 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /ghost/api/content/settings/?key=ed0346a1851d34600f626b4cc5&limit=all HTTP/2.0" 304 0 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /ghost/api/content/tiers/?key=ed0346a1851d34600f626b4cc5&limit=all&include=monthly_price,yearly_price,benefits HTTP/2.0" 304 0 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /ghost/api/content/newsletters/?key=ed0346a1851d34600f626b4cc5&limit=all HTTP/2.0" 304 0 "https://domain.com/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /assets/built/casper.js?v=06e13de5c0 HTTP/2.0" 404 1422 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
188.XXX.XXX.XX - - [21/Oct/2022:13:48:06 +0300] "GET /public/cards.min.js?v=06e13de5c0 HTTP/2.0" 404 1422 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"

Current Nginx config:

server {
    listen      XXX.XXX.XXX.XXX:443 ssl http2;
    server_name domain.com www.domain.com;
    root        /home/user/web/domain.com/public_html;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/domain.com.log combined;
    access_log  /var/log/nginx/domains/domain.com.bytes bytes;
    error_log   /var/log/nginx/domains/domain.com.error.log error;

    ssl_certificate      /home/user/conf/web/domain.com/ssl/domain.com.pem;
    ssl_certificate_key  /home/user/conf/web/domain.com/ssl/domain.com.key;
    ssl_stapling on;
    ssl_stapling_verify on;

    include /home/user/conf/web/domain.com/nginx.hsts.conf*;


    location / {

        root        /home/user/web/domain.com/public_html/system/nginx-root;

        proxy_ignore_headers Cache-Control;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://127.0.0.1:2368;
        proxy_redirect off;


        location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
            expires     max;
            fastcgi_hide_header "Set-Cookie";
        }
    }

    client_max_body_size 50m;

config.development.json

{
  "url": "https://domain.com/",
  "server": {
    "port": 2368,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "sqlite3",
    "connection": {
      "filename": "/home/user/web/domain.com/public_html/content/data/ghost-local.db"
    }
  },
  "mail": {
    "transport": "Direct"
  },
  "logging": {
    "transports": [
      "file",
      "stdout"
    ]
  },
  "process": "local",
  "paths": {
    "contentPath": "/home/user/web/domain.com/public_html/content"
  }
}

Appearence of website and errors:

image1878×908 91.6 KB