Ghost behind Apache SSL Virtual Host

After getting Ghost set up just the way I wanted it was time to turn on SSL and put it behind my Apache instance.

Reasonable simple process except for one catch, mod_headers is needed to make sure that Ghost is aware the request has been forwarded. Without this Ghost seems to go into an infinite redirection loop and no content is served.

Below is my Apache configuration to serve Ghost from http://ghost.domain.com/. Also, since Ghost doesn't have a great deal of content management type ablities files located underneath http://ghost.domain.com/static/ will be served by Apache.

Of course this means that you can't have a blog post with the slug as static.

<VirtualHost *:80>
	ServerName ghost.domain.com

	ServerAdmin ghost@domain.com
	DocumentRoot /storage/www/vhosts/ghost.domain.com

	<Directory /storage/www/vhosts/ghost.domain.com>
		Options -Indexes
	</Directory>
	# Needed to stop Ghost creating a redirect loop
	RequestHeader set X-Forwarded-Proto "https"
	
    # Send all http requests to https
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

</VirtualHost>

<IfModule mod_ssl.c>
	<VirtualHost *:443>

	ServerName ghost.domain.com

	ServerAdmin ghost@domain.com
	DocumentRoot /storage/www/vhosts/ghost.domain.com

	<Directory /storage/www/vhosts/ghost.domain.com>
		Options -Indexes
	</Directory>

	# Turn SSL on and specify the certificate
	SSLEngine on
	SSLCertificateFile	/etc/ssl/server/ghost.domain.com.crt
	SSLCertificateKeyFile /etc/ssl/private/ghost.domain.com.key

	BrowserMatch "MSIE [2-6]" \
			nokeepalive ssl-unclean-shutdown \
			downgrade-1.0 force-response-1.0
	# MSIE 7 and newer should be able to use keepalive
	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

	# Needed to stop Ghost creating a redirect loop
	RequestHeader set X-Forwarded-Proto "https"

	DirectoryIndex index.html

	# Serve files in <DocumentRoot>/static/ using Apache
    ProxyPass /static/ !

	# Proxy all other requests through to the local Ghost instance
    ProxyPreserveHost On
    ProxyVia off
    ProxyRequests off
    ProxyPass / http://localhost:2368/
    ProxyPassReverse / http://localhost:2368/

	</VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Related Article