This guide is almost the same as the official one provided by Ghost (https://ghost.org/docs/install/ubuntu/). I may or may not rephrase certain things to ease the understanding.
I decided to install several Ghost instances in one machine because Digital Ocean is a bit too expensive. Besides Hawk Host has excellent customer service and I've been with them for several years now. It's worth mentioning that Digital Ocean has excellent documentation and that's what convinced me to try their services.
A full guide for installing, configuring and running Ghost on your Ubuntu 16.04, 18.04, 20.04 or 22.04 server, for use in production
This the official guide for self-hosting Ghost using our recommended stack of Ubuntu 16.04, 18.04, 20.04 or 22.04. If you’re comfortable installing, maintaining and updating your own software, this is the place for you. By the end of this guide you’ll have a fully configured Ghost install running in production using MySQL.
The officially recommended production installation requires the following stack:
- Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04 or Ubuntu 22.04
- NGINX (minimum of 1.9.5 for SSL)
- A supported version of Node.js
- MySQL 8
- A server with at least 1GB memory (RAM)
- A registered domain name
Before getting started you should set up a working DNS A-Record from your domain, pointing to the server’s IP address. This must be done in advance so that SSL can be configured during setup.
Create a DNS A-Record on namecheap.com
I have a domain name purchased from namecheap.com and therefore the process described to create a DNS A-Record is specific to this registrar.
Here is the official documentation on how to do that:
This part of the guide will ensure all prerequisites are met for installing the Ghost-CLI.
Create a new user
Open up your terminal and login to your new server as the root user:
# Login via SSH ssh root@your_server_ip # Create a new user and follow prompts adduser <user>
Note: Using the user name
ghostcauses conflicts with the Ghost-CLI, so it’s important to use an alternative name.
# Add user to superuser group to unlock admin privileges usermod -aG sudo <user> # Then log in as the new user su - <user>
Ensure package lists and installed packages are up to date.
# Update package lists sudo apt-get update # Update installed packages sudo apt-get upgrade
Follow any prompts to enter the password you just created in the previous step.
Secure the server
The following steps will improve your server's security and will keep you safer against certain types of security breaches.
Change root password
The default root password provided by Hawk Host will change, so take note of that.
# Change root's password sudo passwd root
Disable root SSH login
You need edit the
sshd_config file to look for the variable
PermitRootLogin and change it from
no then save the file and exit.
# Edit sshd_config file sudo nano /etc/ssh/sshd_config # Restart SSHD for changes to take effect sudo systemctl restart sshd
Configure SSH key access for your user
To enable yourself to authenticate via SSH key you need to generate an SSH key pair.
On your personal computer: Assuming that you are running Linux rather than Windows, run the following commands:
# Go home cd ~ # Create .ssh folder mkdir .ssh # Change its ownership chown <your_pc_username>:<your_pc_username> .ssh # Change its mode chmod 700 .ssh # Navigate into it cd .ssh # Generate an ED25519 key pair in your personal computer ssh-keygen -t ed25519 -C "ED25519 SSH key pair to connect to my server" # Print your public key cat id_ed25519.pub
Note: The above commands are the only ones that have to be executed on your personal computer. From now on everything will be done on your server (VPS).
On your server: Run the following commands.
# Go home cd ~ # Create .ssh folder mkdir .ssh # Change its ownership chown <user>:<user> .ssh # Change its mode chmod 700 .ssh # Navigate into it cd .ssh # Create a file called authorized_keys and add the public key you printed before (the one you generated in your personal computer) nano authorized_keys # Change its mode chmod 600 authorized_keys # Change its ownership chown <user>:<user> authorized_keys
Disable password authentication via SSH for any user
Now you need edit the
sshd_config file again to look for the variable
PasswordAuthentication and change it from
no then save the file and exit.
# Edit sshd_config file again sudo nano /etc/ssh/sshd_config # Restart SSHD for changes to take effect sudo systemctl restart sshd
Note: At this point you are no longer able to login via SSH as root or authenticate with a password as any other user. You will need to use your private key to authenticate with the user you created at the beginning like so
ssh -i <path_to_private_key> <user>@<server_ip>and provide the passphrase you set for such private key when prompted.
Ghost uses an NGINX server and the SSL configuration requires NGINX 1.9.5 or higher.
# Install NGINX sudo apt-get install nginx
ufw was activated, the firewall allows HTTP and HTTPS connections. Open Firewall:
sudo ufw allow 'Nginx Full'
Next, you’ll need to install MySQL to be used as the production database.
# Install MySQL sudo apt-get install mysql-server
Note: by default root user has no password in MySQL (according to the Internet).
I strongly advice you to keep Debian's credentials handy:
# See Debian's credentials sudo cat /etc/mysql/debian.cnf
You will need to have a supported version of Node installed system-wide.
# Create a folder for Node.JS sudo mkdir -p /usr/local/lib/nodejs # Navigate into it cd /usr/local/lib/nodejs # Download the latest Node.JS 18 (18.16.0 is supported by Ghost) sudo wget https://nodejs.org/dist/latest-v18.x/node-v18.16.0-linux-x64.tar.gz # Extract the contents of the *.tar.gz sudo tar -xzvf node-v18.16.0-linux-x64.tar.gz # Delete the *.tar.gz sudo rm -f node-v18.16.0-linux-x64.tar.gz # Create a symbolic link that represents the current Node.JS version ln -s /usr/local/lib/nodejs/node-v18.16.0-linux-x64/ current-nodejs # Add this line at the end of your user's .profile file: # export PATH="/usr/local/lib/nodejs/current-nodejs/bin:$PATH" nano ~/.profile # Reload it source ~/.profile # Test it node -v # Add this line at the end of your root's .profile file: # export PATH="/usr/local/lib/nodejs/current-nodejs/bin:$PATH" sudo nano /root/.profile # Modify the following line as shown on your sudo's file: # Defaults secure_path="/usr/local/lib/nodejs/current-nodejs/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" sudo visudo
This method of installing Node.JS will allow you to have control on which is the current one. When updating it, you just need to follow the same process and can even keep old versions to switch between one another to test, believe me, this is easier than installing directly with in Ubuntu.
Alternatively you could use
# Update NPM to version 9.6.5 as adviced by itself sudo npm install -g firstname.lastname@example.org
Ghost-CLI is a commandline tool to help you get Ghost installed and configured for use, quickly and easily. The npm module can be installed with
sudo npm install ghost-cli@latest -g
Once installed, you can always run
ghost help to see a list of available commands.
Once your server is correctly setup and
ghost-cli is installed, you can install Ghost itself. The following steps are the recommended setup. If you need more fine-grained control, the CLI has flags and options that allow you to break down and customise the install steps.
Create a directory
Ghost must be installed in its own directory, with a proper owner and permissions.
# Create directory: Change `sitename` to whatever you like sudo mkdir -p /var/www/<sitename> # Set directory owner: Replace <user> with the name of your user sudo chown <user>:<user> /var/www/<sitename> # Set the correct permissions sudo chmod 775 /var/www/<sitename> # Then navigate into it cd /var/www/<sitename>
Run the install process
Now we install Ghost with one final command.
During install, the CLI will ask a number of questions to configure your site.
Enter the exact URL your publication will be available at and include the protocol for HTTP or HTTPS. For example,
https://example.com. If you use HTTPS, Ghost-CLI will offer to set up SSL for you. Using IP addresses will cause errors.
This determines where your MySQL database can be accessed from. When MySQL is installed on the same server, use
localhost (press Enter to use the default value). If MySQL is installed on another server, enter the name manually.
MySQL username / password
If you already have an existing MySQL database, enter the username and password. Otherwise, enter
root and when prompted for a password just hit
Enter if you haven't changed the default password (remember that by default user
root has no password). My advice is that you use the credentials generated for Debian, otherwise you risk running into issues.
Ghost database name
Enter the name of your database. It will be automatically set up for you, unless you’re using a non-root MySQL user/pass. In that case the database must already exist and have the correct permissions.
Set up a ghost MySQL user? (Recommended)
If you provided your root MySQL user, Ghost-CLI can create a custom MySQL user that can only access/edit your new Ghost database and nothing else.
Set up NGINX? (Recommended)
Sets NGINX up automatically enabling your site to be viewed by the outside world. Setting up NGINX manually is possible, but why would you choose a hard life?
Set up SSL? (Recommended)
If you used an
https Blog URL and have already pointed your domain to the right place, Ghost-CLI can automatically set up SSL for you using Let’s Encrypt. Alternatively you do this later by running
ghost setup ssl at any time.
SSL certification setup requires an email address so that you can be kept informed if there is any issue with your certificate, including during renewal.
Set up systemd? (Recommended)
systemd is the recommended process manager tool to keep Ghost running smoothly. We recommend choosing
yes but it’s possible to set up your own process management.
yes runs Ghost, and makes your site work.
Install more than one Ghost instances
On the side of namecheap.com you'll need o add a another DNS A-Record for your new address pointing to the same IP address of your server (like you did the first time).
On your server's side it's as simple as following the same process to install Ghost once again but in another folder inside
The process will automatically configure everything needed on your server for it to work properly.
Once Ghost is properly set up it’s important to keep it properly maintained and up to date. Fortunately, this is relatively easy to do using Ghost-CLI. Run
ghost help for a list of available commands, or explore the full Ghost-CLI documentation.
What to do if the install fails
If an install goes horribly wrong, use
ghost uninstall to remove it and try again. This is preferable to deleting the folder to ensure no artifacts are left behind.
If an install is interrupted or the connection lost, use
ghost setup to restart the configuration process.
For troubleshooting and errors, use the site search and FAQ section to find information about common error messages.
You’re all set! Now you can start customizing your site. Check out our range of tutorials or the Ghost API documentation depending on which page of this choose-your-own-adventure experience you’d like to subject yourself to next.