How to REALLY setup Ghost in AWS

Last weekend, I got the itch to tinker in AWS, track some efforts that I was working on, and do some creative writing and blogging. I started to investigate what blogging software was out there. I considered Squarespace, having used them in the past, but frankly the cost for webhosting and setup is actually not insignificant. To be fair, Squarespace is absolutely an awesome product, in fact we use this for my wife's business where she doesn't have to mess around with domain renewals, DNS, and all the things that go into hosting websites. Since I will be writing blogs on a number of DevSecOps topics, why not build in AWS with something they have.

After a bit of digging around, I landed on Ghost with LightSail. Here are a few articles where I started. AWS Blog and Ghost Blog

Truthfully, the setup is incredibly easy on LightSail, and you can likely get away with their latest deployment guide. But the Ghost image that LightSail leverages are a few (dot) releases behind, missing some key enhancements, and there are some scorpions that you will need to watch out for. I will document later in this blog as I likely wasted 6 - 7 hours farting around, trying to figure them out.

For my initial deployment, I spun up their $7 offering, which should likely do the trick for most blogs, unless you have incredibly high traffic.

I followed the AWS deployment guide that was previously mentioned to a "T". The setup process works flawlessly, with a few exceptions, at least that I experienced. After you setup DNS, add TLS certificates through Let's Encrypt, it appears that everything is working correctly.

However, when I started to add content, specifically pictures for a blog post about a recent vacation, I noticed that my images were not visible. When I inspected the element, the URL was still pointing to an HTTP endpoint. This is where the wheels fell off. I searched countless blog posts and tech articles for hours. Many people have had this problem, but I was unable to find a single article which actually documents all of the steps necessary to fix the problem.

Here we go

1. Fix config files (ghost-https-vhost.conf and ghost-vhost.conf)
2. Modify config.production.json
3. Make sure configure_app_domain is pointed to the correct domain
4. Re-run ctlscript.sh to restart services

Regardless of how you install, with LightSail, container, or EC2 you should make sure to check the ghost-https-vhost.conf and ghost-vhost.conf which get created on setup.

1. Fix config files

In each of these configuration files, make sure you edit the ServerName, ServerAlias, and RequestHeader files. These configuration files were unchanged in my setup, and needed to be updated.

ServerName domain.name
ServerAlias www.server.name
RequestHeader set X-Forwarded-Proto "https"

2. Validate that you have updated the configure_app_domain parameter to the correct domain

sudo /opt/bitnami/configure_app_domain --domain

3. Modify config.production.json

This one is pretty simple, browse to: /opt/bitnami/ghost/config.production.json and modify the "url" parameter to the desired name of your site.

4. Restart the services to ensure that all of the latest changes take effect

sudo /opt/bitnami/ctlscript.sh restart

That is it. At least in my case, this solved all of my problems. Once I had all of these problems sorted out, I decided I wanted to save a bit of money over leveraging AWS LightSail. I ended up reserving an AWS EC2 instance and elastic IP to run my own setup. More to come, if the wheels end up falling off during an upgrade.