Skip to content

Instantly share code, notes, and snippets.

@robotnealan
Last active March 20, 2019 09:33
Show Gist options
  • Save robotnealan/891fe8cf3b7541e922e3b39e9ae9fd96 to your computer and use it in GitHub Desktop.
Save robotnealan/891fe8cf3b7541e922e3b39e9ae9fd96 to your computer and use it in GitHub Desktop.
DigitalOcean LetsEncrypt Nginx Config
server {
listen 80;
listen [::]:80;
server_name robertnealan.com;
root /var/www/ghost/system/nginx-root;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/robertnealan.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/robertnealan.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = robertnealan.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name robertnealan.com;
return 404; # managed by Certbot
}
@NetOpWibby
Copy link

Oh man, THANK YOU for this!

@grantwinney
Copy link

grantwinney commented Mar 26, 2017

@robertnealan Ghost serves up sitemap.xml and robots.txt files when requested, which are both good to have.

Lines 59-61, when uncommented, break that functionality and prevent those pages from being accessible. I'd leave those lines commented out or just remove them entirely, unless there's a clear reason for wanting to block access to those files.

BTW, awesome guide - thanks so much for writing that up. I followed the DO tutorial once when I was setting up WordPress with Let's Encrypt, and although I got it to work it was more complicated.

@robotnealan
Copy link
Author

@grantwinney Thanks for the heads up - I actually had someone email me about that issue recently and just got around to digging into it. If I recall they were required for earlier versions of Ghost (circle 0.3.x) when it didn't automatically generate a sitemap.xml or robots.txt. Updating the guide accordingly!

And thanks for the compliments! For how much documentation there is around Ghost nowadays it still seems to be problematic to piece it all together.

@tim-phillips
Copy link

Right on! Thanks, this was a breeze to set up.

Copy link

ghost commented Jun 3, 2017

@robertnealan Just wanted to say awesome article. I wanted to throw something in and didn't know of another way to reach out. If you test the strength of the ssl cert issued by this tutorial on ssllabs you get a B. For an easy upgrade to an A just run sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 and drop this into the nginx configssl_dhparam /etc/ssl/certs/dhparam.pem;

That will make for a stronger SSL.

@CGavrila
Copy link

CGavrila commented Jul 1, 2017

Thanks, Robert. This is awesome. For anyone wondering, this gist is linked in https://robertnealan.com/setting-up-ssl-for-ghost-on-digitalocean-with-lets-encrypt/

@regalstreak
Copy link

Best guide and the one that works for the purpose. Thanks a lot @robertnealan for this!

@robotnealan
Copy link
Author

Heads up all that I've just updated this Gist and the post to reflect the latest updates in DigitalOcean's Ghost droplet, the new Ghost CLI, and LetsEncrypt's newest CertBot CLI. The archived version of this Gist can be found here: https://gist.github.com/robertnealan/84c8fbe1956244bd2f57c7f0ac7715ab

@Mobidi
Copy link

Mobidi commented Mar 20, 2019

I hate you, struggled so much with it and now it works. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment