-
-
Save robotnealan/891fe8cf3b7541e922e3b39e9ae9fd96 to your computer and use it in GitHub Desktop.
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name robertnealan.com; | |
| root /var/www/ghost/system/nginx-root; | |
| location / { | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://127.0.0.1:2368; | |
| } | |
| location ~ /.well-known { | |
| allow all; | |
| } | |
| client_max_body_size 50m; | |
| listen [::]:443 ssl ipv6only=on; # managed by Certbot | |
| listen 443 ssl; # managed by Certbot | |
| ssl_certificate /etc/letsencrypt/live/robertnealan.com/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/robertnealan.com/privkey.pem; # managed by Certbot | |
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| } | |
| server { | |
| if ($host = robertnealan.com) { | |
| return 301 https://$host$request_uri; | |
| } # managed by Certbot | |
| listen 80 ; | |
| listen [::]:80 ; | |
| server_name robertnealan.com; | |
| return 404; # managed by Certbot | |
| } |
Worked perfectly, thanks.
Oh man, THANK YOU for this!
@robertnealan Ghost serves up sitemap.xml and robots.txt files when requested, which are both good to have.
Lines 59-61, when uncommented, break that functionality and prevent those pages from being accessible. I'd leave those lines commented out or just remove them entirely, unless there's a clear reason for wanting to block access to those files.
BTW, awesome guide - thanks so much for writing that up. I followed the DO tutorial once when I was setting up WordPress with Let's Encrypt, and although I got it to work it was more complicated.
@grantwinney Thanks for the heads up - I actually had someone email me about that issue recently and just got around to digging into it. If I recall they were required for earlier versions of Ghost (circle 0.3.x) when it didn't automatically generate a sitemap.xml or robots.txt. Updating the guide accordingly!
And thanks for the compliments! For how much documentation there is around Ghost nowadays it still seems to be problematic to piece it all together.
Right on! Thanks, this was a breeze to set up.
@robertnealan Just wanted to say awesome article. I wanted to throw something in and didn't know of another way to reach out. If you test the strength of the ssl cert issued by this tutorial on ssllabs you get a B. For an easy upgrade to an A just run sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 and drop this into the nginx configssl_dhparam /etc/ssl/certs/dhparam.pem;
That will make for a stronger SSL.
Thanks, Robert. This is awesome. For anyone wondering, this gist is linked in https://robertnealan.com/setting-up-ssl-for-ghost-on-digitalocean-with-lets-encrypt/
Best guide and the one that works for the purpose. Thanks a lot @robertnealan for this!
Heads up all that I've just updated this Gist and the post to reflect the latest updates in DigitalOcean's Ghost droplet, the new Ghost CLI, and LetsEncrypt's newest CertBot CLI. The archived version of this Gist can be found here: https://gist.github.com/robertnealan/84c8fbe1956244bd2f57c7f0ac7715ab
I hate you, struggled so much with it and now it works. Thanks
@jonopens @dvdme — Good catch and sorry for the delayed response (looks like Github doesn't send me emails for Gist comments). Updated the gist and post
<code>block.