3 min read ghost

Ghost on AWS Lightsail

Getting up and running should be easier than it is. Here are my steps.

Setting up the Ghost blogging platform on AWS Lightsail uses the Bitnami image and should be easier to setup and get going than it is. Here are my steps.

Deploy an instance

Wander over to Lightsail and deploy a Linux instance with the Ghost image.

Wait for the instance to start up and the services to come up. Grab the IP address from the overview and point your browser at that address.

Are you getting this? If not move on to the next bit

My database and Apache started, but not Ghost. Great start. SSH to the instance and run...

cd /opt/bitnami
sudo ./ctlscript start ghost

It takes a moment to start but you'll then get the Ghost welcome screen.

DNS / TLS Certs with Let's Encrypt

Edit your zone records to point your hostname at the IP record. At the time of writing Lightsail are only going to give you an IPv4 address so let's party like it's 1999.

Run this to setup Let's Encrypt and pick your options. What used to be the hard part is now the easiest. These days, you want to enable HTTP → HTTPS redirection.

sudo /opt/bitnami/bncert-tool

Tell Ghost its name

Edit the file /opt/bitnami/apps/ghost/htdocs/config.production.json and set the URL value to your host name. The Bitnami docs give an example without a protocol scheme, that's wrong, miss it off and it won't start. Omit the port though.

"url": "https://billy-ruffian.co.uk",

The Bitnami docs then tell you to run these steps – I did, and it worked but the docs aren't explicit about what's actually happening here and the executable is a binary so I can't look and see. Helpful (sarcasm). Also note, I ditch the www. prefix from my URL so ditto the machine name.

sudo /opt/bitnami/apps/ghost/bnconfig --machine_hostname billy-ruffian.co.uk
sudo mv /opt/bitnami/apps/ghost/bnconfig /opt/bitnami/apps/ghost/bnconfig.back

Tweak Apache

If you don't do this bit, you're going to get into an endless redirect loop.

Edit the file /opt/bitnami/apache2/conf/bitnami/bitnami.conf and set the X-Forwarded-Proto header in the TLS enabled virtual host. Let's also switch on HTTP/2

<VirtualHost _default_:443>
  RequestHeader set X-Forwarded-Proto "https"
  Protocols h2 h2c http/1.1
  ...
</VirtualHost>

The Bitnami Apache ships with the HTTP/2 module but it's not enabled, again a little bonkers. Edit /opt/bitnami/apache2/conf/http.conf and disable mpm_event_module and enable mpm_event_module (around lines 66–67) and http2_module (around line 140).

LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
# ...
LoadModule http2_module modules/mod_http2.so

While we're there, let's disable the Bitnami banner that'll start popping up on the bottom right of the screen. It's interesting that the config tool here won't tell you about the option in its help section.

sudo /opt/bitnami/apache2/bnconfig --disable_banner 1

Grab your Ghost credentials and restart

You can find the default username and password for the Ghost admin user in /home/bitnami/bitnami_credentials. Grab a copy, delete the file.

Now restart the whole stack.

sudo /opt/bitnami/ctlscript.sh restart

Assuming DNS propagation has completed, you should be able to connect to your site using your host name and be served over TLS. You can then go on to configure the Ghost instance itself at https://your-host-name/ghost taking care to make sure menu links in the design section really do point at the correct domain name.

Member discussion