SSL for additional domains (www)

Hey,

Yesterday, I installed the latest version of Ghost using the Digital Ocean one click installation. It worked perfectly. My domain is https://noncodeur.com

Now I want to redirect https://www.noncodeur.com to https://noncodeur.com using this:

I am still a beginner and learning so it may be a simple issue :sweat_smile:

# Switch to the ghost-mgr user to manage Ghost via the CLI
sudo -i -u ghost-mgr

# Go the Ghost file
cd /var/www/ghost

# Determine your secondary URL
ghost config url https://www.noncodeur.com

# Get Ghost-CLI to generate an SSL setup for you:
ghost setup nginx ssl

# Change your config back to your canonical domain
ghost config url https://noncodeur.com

# Edit the nginx config files for your second domain to redirect to your canonical domain. In both files replace the content of the first location block with:
return 301 https://noncodeur.com$request_uri;

And then I get this error:

-bash: return: too many arguments

I see I need to go to the nginx config files, but how do I get access to these files?

Thanks!

I don’t use nginx to redirect www. I use cloudflare for this :-p

Running nginx -t (you may need to run this with sudo) will output the path of the default configuration file, from there you should be able to locate the file you need to modify by looking for the config that is for your secondary url

Thanks fabien.

I thought the documentation was a simple step by step, but it appears I have to do more things.

Sorry, after running nginx -t, I’m not sure I understand the commands I should enter…

I tried to modify like it says here.

When I run nano /etc/nginx/sites-available/noncodeur.com.conf

server {
    listen 80;
    listen [::]:80;

    server_name noncodeur.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

It is now:

server {
    listen 80;
    listen [::]:80;

    server_name noncodeur.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
    return 301 https://noncodeur.com$request_uri;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

And with nano /etc/nginx/sites-available/noncodeur.com-ssl.conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name noncodeur.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/noncodeur.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/noncodeur.com/noncodeur.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

It is now:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name noncodeur.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/noncodeur.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/noncodeur.com/noncodeur.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
    return 301 https://noncodeur.com$request_uri;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

I then do the last commands (explained here) :

# Get nginx to verify your config
sudo nginx -t

I see:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

And finally:

# Reload nginx with your new config
sudo nginx -s reload

But nothing happens with the last command… No reload or anything…

The below nginx server conf may fix your issue… Its working for me perfectly

server {
    listen 80;
    listen [::]:80;
    server_name noncodeur.com www.noncodeur.com;
    return 301 https:/noncodeur.com$request_uri;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
}

server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name noncodeur.com www.noncodeur.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
    ssl on;
    ssl_certificate /etc/letsencrypt/noncodeur.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/noncodeur.com/noncodeur.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }
  
   # Allow uploads up to 100MB in size
   client_max_body_size 100m;
if ($host = www.noncodeur.com) {
      rewrite ^(.*) https://noncodeur.com$request_uri? permanent;
    }
}

Thanks, I will try.

I suppose I put that :point_down: here :point_right: /etc/nginx/sites-available/noncodeur.com.conf ?

server {
    listen 80;
    listen [::]:80;
    server_name noncodeur.com www.noncodeur.com;
    return 301 https:/noncodeur.com$request_uri;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
}

And the rest in the other file /etc/nginx/sites-available/noncodeur.com-ssl.conf ?


But, anyway, it seems my issue is that the command sudo nginx -s reload do nothing.

Any idea?

Its better to restart nginx server after making any changes

to restart

sudo systemctl restart nginx

& to reload the config without Restarting

sudo systemctl reload nginx

I must do something wrong, both commands do nothing :thinking:

Another thing I would like to mention its always better to install ghost manually instead of using the DO image…

Installing manually may take bit time but its better to install in manually as DO Image setups your server on their own way not the generic way…

There is an official installation doc which cool How to install & setup Ghost on Ubuntu 16.04, 18.04, 20.04 or 22.04

Can you give me access to your server via Teamviewer or any desk… Its better if I see

Thanks @inoryum Now it is working with certbot :slight_smile:

Happy to help. cheers!

Hey guys I have exactly the same issue :) Can anyone help?
ok found solution here https://blog.maskys.com/enabling-https-and-redirecting-www/

You need to also edit secondary-domain-ssl.conf