SSL for additional domains on Ghost

In this tutorial, we'll be going over how to add the "www." (or any other) subdomain to a Ghost install.

SSL for additional domains on Ghost

The Ghost blog platform, by default, configures one domain. This can confuse some people who might add or omit the "www." subdomain in front of your domain expecting it to work.

In this tutorial, we'll be going over how to add the "www." (or any other) subdomain to a Ghost install. While official documentation on this already exists it assumes knowledge of Nginx configuration files and doesn't cover DNS records.

This tutorial assumes you already have a working Ghost install (with SSL), that your domain is set up, and that you have access to both the Ghost server's command line and the domain records.

Let's call the domain you're currently using domain1 and the domain you want to redirect to your current domaindomain2. For the purposes of this tutorial domain1 and domain2 include your TLD (e.g. your .com or .net ending). You should already have a A Record going from domain1 to your Ghost server's IP.

Step 1 - DNS Configuration

Our first step is to create the new subdomain record. In this case, we plan on redirecting the client to domain1. CNAME records are aliases that map a hostname to another hostname. In this case, we want to map domain2 to domain1. Here you can see the A record for this site as the last entry and the CNAME as the first.

Step 2 - Server Configuration

Next, we need to configure our server. If you're cloud hosting or using a VPS you'll probably be signed in as root. Use the su command to sign in as Ghost's managing user. By default, this might be either ghost or ghost-mgr.

su ghost-mgr

After signing in navigate to your ghost install.

cd /var/www/ghost

Next, we need to generate the Nginx configuration files for the new domain. Replace domain2 in the following example with your second domain (e.g. www.example.com).

ghost config url domain2

Now we need to generate the SSL certificate for that new domain.

ghost setup nginx ssl

Now that we've generated and configured Nginx and SSL for our new domain we can change our URL back to our original domain.  Replace domain1 with your original domain (e.g. example.com).

ghost config url domain1

Now we need to edit our Nginx configuration files for the new domain. Before we do this let's back up our Nginx configuration files.

$ mkdir ~/site-enabled.bak

$ cp /etc/nginx/sites-enabled/* ~/site-enabled.bak

Now that we've backed up our configuration files we can edit them. The two files we want to edit will start with our new domain. The files should be named domain2.conf and domain2-ssl.conf. Using your favourite text editor and sudo open the files. We're looking at replacing the contents of the first location block with return 301 https://domain1$request_uri;

For me, unmodified domain2.conf looks like this:

server {
    listen 80;
    listen [::]:80;

    server_name www.hunterchasens.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

and my unmodified domain2-ssl.conf looks like this:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.hunterchasens.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/www.hunterchasens.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/www.hunterchasens.com/www.hunterchasens.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

The location blocks are marked by location * {. By the end of my modification my domain2.conflooked like this:

server {
    listen 80;
    listen [::]:80;

    server_name www.hunterchasens.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    return 301 https://hunterchasens.com$request_uri;

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

and my domain2-ssl.conf looked like this:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.hunterchasens.com;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/www.hunterchasens.com/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/www.hunterchasens.com/www.hunterchasens.com.key;
    include /etc/nginx/snippets/ssl-params.conf;

    return 301 https://hunterchasens.com$request_uri;

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

Step 3 - Verify Configuration and Restart Nginx

Before we reload Nginx we want to make sure our configuration doesn't have any large errors and that it's readable to Nginx. To do this we type:

sudo nginx -t

If you were successful you should see:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, we need to reload Nginx

sudo nginx -s reload

With this, we're done. Now both www.example.com and example.com should both work and point to the same site!