We wanted to be a fancy kid, so we tried to have a blog with Ghost which is build on top of nodejs.


Get a VPS

Tuj got one with Digital Ocean and followed a guide to set up some basic security measures. Details are omitted.

Set up nginx and mysql

As above, Details are omitted. Before moving on to the next section, we would like to point out that we have set up nginx to redirect all http traffic to https except for letsencrypt's webroot challenge. Here's our real conf file.

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name *;
    root /var/www/http-redirect-trap;
    location / {
        return 301 https://$host$request_uri;

    location /.well-known/acme-challenge/ {
        try_files $uri $uri/ =404;

We don't think Ghost can handle the webroot method when setting up SSL, so we didn't make an attempt. We are essentially bound to the webroot method because of Cloudflare. [Edit: When Ghost reached v1.0.0, the nginx site conf file includes an extra line for /.well-known, so the webroot method can be used!]

Get a Letsencrypt SSL certificate

Point DNS to your VPS.

sudo letsencrypt certonly --webroot -w /var/www/http-redirect-trap -d --renew-by-default --email [email protected] --text --agree-tos

Now let's wait patiently for the wildcard certificate from Letsencrypt to come out in 2018.

Install nvm, nodejs and ghost

Digital Ocean's Ubuntu repository is too outdated when it comes to nodejs, so we install via nvm.

#nvm version may change
curl -o- | bash
source ~/.bashrc
#currently ghost supports up to nodejs 6.5.0
nvm install 6.5.0 
nvm use 6.5.0

As we sudo often, we soft linked the node and npm binaries. This made the installation of ghost significantly easier, or you can struggle with node not found forever.

sudo ln -s $HOME/.nvm/versions/node/v6.5.0/bin/node /usr/local/bin/node
sudo ln -s $HOME/.nvm/versions/node/v6.5.0/bin/npm /usr/local/bin/npm
sudo npm i -g ghost-cli

... and follow the instructions at
Here's the concise version where tuj is our user name (and group name).

mkdir /var/www/ghost
chown tuj:tuj /var/www/ghost
cd /var/www/ghost
ghost install

We answered all the questions popped up candidly, even revealing the root password for the mysql server! This is used by ghost to add a ghost user to mysql. Later ghost will use only the ghost user. We skipped the SSL part. Thus we needed to manually edit the file to change port 80 to 443 and linking in the fresh Letsencrypt SSL certificate.

listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

Start Ghost and Have fun!

ghost start #and have fun!

Please reload nginx first. Then launch a browser and visit! Well to really finish setup, one should visit to add yourself as owner/user and write a Hello World post.