Ghost cannot start

Hi @michiel! After digging more into it and a hundred Google searches, everything is sorted. There is an explanation about some https redirection after another redirection being the issue, but, can’t put that into words right now. In case this helps anyone, here are the changes to get the SSL working after moving Ghost to /blog. I’ve changed our domain to example.com. Change accordingly.

Setting apache

  1. Enable SSL and generate certificates following the instructions (Definitive domain ip must point to this new instance before ssl certs can be issued):sudo /opt/bitnami/bncert-tool
  2. Remove ghost proxing from web root folderrm /opt/bitnami/apache/conf/vhosts/ghost-*.conf
  3. Edit file /opt/bitnami/apache/conf/bitnami/bitnami.conf and check that it matches this one (some stuff added by bncert-tool must be removed):
    <VirtualHost _default_:80>
      DocumentRoot "/opt/bitnami/apache/htdocs"

      Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteCond %{REQUEST_URI} !^\/\.well-known\/.*$
      RewriteRule (.*) https://example.com/$1 [R,L]

      <Directory "/opt/bitnami/apache/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
      </Directory>

    </VirtualHost>

    Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

    RequestHeader set X-Forwarded-Proto "https"
    ProxyPreserveHost On
    ProxyPass /blog http://127.0.0.1:2369/blog
    ProxyPassReverse /blog http://127.0.0.1:2369/blog
  1. Edit file /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf and check that it matches this one (some stuff added by bncert-tool must be removed and/or changed):
    LoadModule ssl_module modules/mod_ssl.so

    Listen 443

    SSLProtocol All -SSLv2 -SSLv3 -TLSv1

    SSLCipherSuite "-ALL \
    EECDH+ECDSA+AESGCM \
    EECDH+ECDSA+SHA384 \
    EECDH+ECDSA+SHA256 \
    !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !CAMELLIA"

    SSLHonorCipherOrder on
    SSLPassPhraseDialog  builtin
    SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
    SSLSessionCacheTimeout  300

    <VirtualHost _default_:443>
      DocumentRoot "/opt/bitnami/apache/htdocs"

      SSLEngine on
      SSLCertificateFile "/opt/bitnami/apache/conf/example.com.crt"
      SSLCertificateKeyFile "/opt/bitnami/apache/conf/example.com.key"

      Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"

      RewriteEngine On
      RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
      RewriteRule ^(.*)$ https://example.com$1 [L,R=301]

      Header always set Strict-Transport-Security "max-age=15768000; includeSubdomains;"

      <Directory "/opt/bitnami/apache/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
      </Directory>
    </VirtualHost>
  1. Retart apache using
sudo /opt/bitnami/ctlscript.sh restart apache
  1. Check SSL setup at https://www.ssllabs.com/ssltest/analyze.html?d=kinship.io&latest
1 Like

Hi @jose.fandos,

I’m glad to hear the issue has been solved. :smile: Thanks for sharing the solution.

Regards,
Michiel

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.