Ghost cannot start

jose.fandos · September 1, 2021, 6:22am

Hi @michiel! After digging more into it and a hundred Google searches, everything is sorted. There is an explanation about some https redirection after another redirection being the issue, but, can’t put that into words right now. In case this helps anyone, here are the changes to get the SSL working after moving Ghost to /blog. I’ve changed our domain to example.com. Change accordingly.

Setting apache

Enable SSL and generate certificates following the instructions (Definitive domain ip must point to this new instance before ssl certs can be issued):sudo /opt/bitnami/bncert-tool
Remove ghost proxing from web root folderrm /opt/bitnami/apache/conf/vhosts/ghost-*.conf
Edit file /opt/bitnami/apache/conf/bitnami/bitnami.conf and check that it matches this one (some stuff added by bncert-tool must be removed):

    <VirtualHost _default_:80>
      DocumentRoot "/opt/bitnami/apache/htdocs"

      Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteCond %{REQUEST_URI} !^\/\.well-known\/.*$
      RewriteRule (.*) https://example.com/$1 [R,L]

      <Directory "/opt/bitnami/apache/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
      </Directory>

    </VirtualHost>

    Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

    RequestHeader set X-Forwarded-Proto "https"
    ProxyPreserveHost On
    ProxyPass /blog http://127.0.0.1:2369/blog
    ProxyPassReverse /blog http://127.0.0.1:2369/blog

Edit file /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf and check that it matches this one (some stuff added by bncert-tool must be removed and/or changed):

    LoadModule ssl_module modules/mod_ssl.so

    Listen 443

    SSLProtocol All -SSLv2 -SSLv3 -TLSv1

    SSLCipherSuite "-ALL \
    EECDH+ECDSA+AESGCM \
    EECDH+ECDSA+SHA384 \
    EECDH+ECDSA+SHA256 \
    !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !CAMELLIA"

    SSLHonorCipherOrder on
    SSLPassPhraseDialog  builtin
    SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
    SSLSessionCacheTimeout  300

    <VirtualHost _default_:443>
      DocumentRoot "/opt/bitnami/apache/htdocs"

      SSLEngine on
      SSLCertificateFile "/opt/bitnami/apache/conf/example.com.crt"
      SSLCertificateKeyFile "/opt/bitnami/apache/conf/example.com.key"

      Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"

      RewriteEngine On
      RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
      RewriteRule ^(.*)$ https://example.com$1 [L,R=301]

      Header always set Strict-Transport-Security "max-age=15768000; includeSubdomains;"

      <Directory "/opt/bitnami/apache/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
      </Directory>
    </VirtualHost>

Retart apache using

sudo /opt/bitnami/ctlscript.sh restart apache

Check SSL setup at https://www.ssllabs.com/ssltest/analyze.html?d=kinship.io&latest

michiel · September 2, 2021, 8:34am

Hi @jose.fandos,

I’m glad to hear the issue has been solved. Thanks for sharing the solution.

Regards,
Michiel

system · September 16, 2021, 8:34am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.