After getting Ghost set up just the way I wanted it was time to turn on SSL and put it behind my Apache instance.
Reasonable simple process except for one catch, mod_headers is needed to make sure that Ghost is aware the request has been forwarded. Without this Ghost seems to go into an infinite redirection loop and no content is served.
Below is my Apache configuration to serve Ghost from http://ghost.domain.com/. Also, since Ghost doesn't have a great deal of content management type ablities files located underneath http://ghost.domain.com/static/ will be served by Apache.
Of course this means that you can't have a blog post with the slug as static.
<VirtualHost *:80>
ServerName ghost.domain.com
ServerAdmin [email protected]
DocumentRoot /storage/www/vhosts/ghost.domain.com
<Directory /storage/www/vhosts/ghost.domain.com>
Options -Indexes
</Directory>
# Needed to stop Ghost creating a redirect loop
RequestHeader set X-Forwarded-Proto "https"
# Send all http requests to https
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ghost.domain.com
ServerAdmin [email protected]
DocumentRoot /storage/www/vhosts/ghost.domain.com
<Directory /storage/www/vhosts/ghost.domain.com>
Options -Indexes
</Directory>
# Turn SSL on and specify the certificate
SSLEngine on
SSLCertificateFile /etc/ssl/server/ghost.domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/ghost.domain.com.key
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# Needed to stop Ghost creating a redirect loop
RequestHeader set X-Forwarded-Proto "https"
DirectoryIndex index.html
# Serve files in <DocumentRoot>/static/ using Apache
ProxyPass /static/ !
# Proxy all other requests through to the local Ghost instance
ProxyPreserveHost On
ProxyVia off
ProxyRequests off
ProxyPass / http://localhost:2368/
ProxyPassReverse / http://localhost:2368/
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet