/ linux

How to configure https:// (SSL) -> www redirect on Ghost (Digital Ocean)

Those of you who follow my blog may have noticed a completely new look on the site. In a recent blog update I mentioned that I switched from WordPress to Ghost hosted on DigitalOcean as my blogging platform of choice. While Ghost has been an awesome blogging experience so far, there are a few little technical quirks that had me scratching my head for awhile - most notably adding a secondary domain to an SSL certificate using Let's Encrypt.

One of the cool things about Ghost is that it has its own CLI, which makes installing free SSL certificates from Let's Encrypt even more of a breeze than using a tool like certbot. This is amazingly easy to use if you just plan on using a single domain:
ghost config url https://example.com
ghost setup nginx ssl

Now let's say you want to redirect http://example.com to https://www.example.com - if you have the knowledge to host your own Apache / Nginx web server, then doing that is pretty straightforward (using a rewrite rule). However, trying to redirect https://example.com to the www equivalent results in a big red certificate error. Why? Because your web browser tries to validate the certifcate before processing the redirect. Therefore, you need to have a valid SSL certificate for both your non-www and your www domains.

Normally this task is easily handled by fetching a certificate with multiple domain names (also sometimes referred to as a UCC certificate). However, because of the way Ghost handles SEO requests (the proper way), it technically only supports one domain.

Therefore, in order to redirect all non-www versions of your site to the SSL side, you first need to "trick" ghost by temporarily changing the site url (via Ghost knowledgebase).

Since this article assumes you're running Ghost on Digital Ocean, you should change to the ghost-mgr user:
sudo -i -u ghost-mgr

Now change over to your ghost directory:
cd /path/to/your/ghost/install

Temporarily tell ghost to use your non-www url
ghost config url https://example.com

Now tell Ghost to generate an SSL config for the non-www url
ghost setup nginx ssl

Now change ghost back to the 'primary url' for your site
ghost config url https://www.example.com

But you're not done yet! Now you have to tell Nginx to redirect your sites. Navigate to /etc/sites/nginx/sites-enabled (these are symbolic links so you shouldn't have to hunt for your config files). Locate the non-www, non-SSL config file e.g. example.com.conf and open it using your editor of choice.

Next, add the following line at the bottom of the location section:
location / {
a bunch of stuff you should ignore
return 301 https://www.your-primary-domain.com$request_uri;

Save and close the file, and repeat this task for example.com-ssl.conf and www.example.com.conf, but do not do this for www.example.com-ssl.conf. Whew! That's a lot of config files! Note: if you want to trim it down, nginx supports combining site multiple site configs into one file.

To summarize, what we just did was set up a 301 redirect for each domain that doesn't match the https version of your primary one. Now, whenever a visitor browses to http://example.com, http://www.example.com or https://example.com, they'll be redirected to https://www.example.com instead.

Happy blogging!

Joel DeTeves

Joel DeTeves

Technology Pro, Investor, Founder @ Perfect Leap™. Opinions expressed are my own.

Read More
How to configure https:// (SSL) -> www redirect on Ghost (Digital Ocean)
Share this

Subscribe to Joel DeTeves