DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

Problem with SSL and Ghost

Hello!

I’ve installed SSL to my one click install Ghost droplet but I have one problem with Ghost. Whenever I try to write url: https:// to production nginx gives 502 error code. But if i write http:// everything works almost perfectly. Nginx redirect http url to https url.

How can i fix this?

Here is my config.js file:

// # Ghost Configuration
// Setup your Ghost install for various [environments](http://support.ghost.org/config/#about-environments).

// Ghost runs in `development` mode by default. Full documentation can be found at http://support.ghost.org/config/

var path = require('path'),
    config;

config = {
    // ### Production
    // When running Ghost in the wild, use the production environment.
    // Configure your URL and mail settings here
    production: {
        url:    'http://talhaokur.net',
        mail: {
		from: 'no-reply@talhaokur.net',
	},
        database: {
            client: 'mysql',
            connection: {
                host: 'localhost',
                user: 'user',
                password: 'password',
                database: 'database',
                charset: 'utf8'
            },
            debug: false
        },

        server: {
            host: '127.0.0.1',
            port: '2368'
        },
	
    },

    // ### Development **(default)**
    development: {
        // The url to use when providing links to the site, E.g. in RSS and email.
        // Change this to your Ghost blog's published URL.
        url: '',

        // Example mail config
        // Visit http://support.ghost.org/mail for instructions
        // ```
          mail: {
              from: 'no-reply@talhaokur.net',
          },
        // ```

        // #### Database
        // Ghost supports sqlite3 (default), MySQL & PostgreSQL
        database: {
            client: 'mysql',
            connection: {
                host: 'localhost',
                user: 'user',
                password: 'password',
                database: 'database',
                charset: 'utf8'
            },
            debug: false
        },
        // #### Server
        // Can be host & port (default), or socket
        server: {
            // Host to be passed to node's `net.Server#listen()`
            host: '127.0.0.1',
            // Port to be passed to node's `net.Server#listen()`, for iisnode set this to `process.env.PORT`
            port: '2368'
        },
        // #### Paths
        // Specify where your content directory lives
        paths: {
            contentPath: path.join(__dirname, '/content/')
        }

    },

    // **Developers only need to edit below here**

    // ### Testing
    // Used when developing Ghost to run tests and check the health of Ghost
    // Uses a different port number
    testing: {
        url: 'http://127.0.0.1:2369',
        database: {
            client: 'mysql',
            connection: {
                host: 'localhost',
                user: 'user',
                password: 'password',
                database: 'database',
                charset: 'utf8'
            }
        },
        server: {
            host: '127.0.0.1',
            port: '2369'
        },
        logging: false
    },

    // ### Testing MySQL
    // Used by Travis - Automated testing run through GitHub
    'testing-mysql': {
        url: 'http://127.0.0.1:2369',
        database: {
            client: 'mysql',
            connection: {
                host     : '127.0.0.1',
                user     : 'root',
                password : '',
                database : 'ghost_testing',
                charset  : 'utf8'
            }
        },
        server: {
            host: '127.0.0.1',
            port: '2369'
        },
        logging: false
    },

    // ### Testing pg
    // Used by Travis - Automated testing run through GitHub
    'testing-pg': {
        url: 'http://127.0.0.1:2369',
        database: {
            client: 'pg',
            connection: {
                host     : '127.0.0.1',
                user     : 'postgres',
                password : '',
                database : 'ghost_testing',
                charset  : 'utf8'
            }
        },
        server: {
            host: '127.0.0.1',
            port: '2369'
        },
        logging: false
    }
};

module.exports = config;
Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Sign up now

Andrew SBFebruary 2, 2016

Looking at your Nginx configuration, there are some improvements that you can make. I’d remove the proxy pass in the HTTP block as it should be never be executed. You can also just return 301 rather than do a rewrite, as they can be taxing. You’re also missing some headers. Here’s an example that works for me:

#HTTP Server
server {  
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

# HTTPS Server
server {  
    listen 443 ssl default_server;
    server_name example.com;

    client_max_body_size 10M;

    location / {
        proxy_pass http://localhost:2368;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }

    ssl on;
    ssl_certificate /etc/ssl/ghost/ssl-bundle.crt;
    ssl_certificate_key /etc/ssl/ghost/ghost.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_session_timeout 5m;
}

Also remember to restart Nginx after making changes to it’s configuration. This goes for Ghost as well if you edit config.js

For more info, see Ghost’s SSL docs .

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up