Setting up Ghost on a Homelab: The Trust-Proxy Trap and Other Gotchas, Part 1

Setting up Ghost on a Homelab: The Trust-Proxy Trap and Other Gotchas, Part 1

So, you’ve decided to host Ghost in your homelab. Congratulations! You’re about to embark on a journey filled with thrills, chills, and probably some mild exasperation. But fear not. Like a cat prowling its territory, I’m here to guide you through the maze.

The Ghost in the Machine

First, a quick rundown on why you’d want Ghost running on your own hardware. Ghost is a powerful, open-source platform aimed at professional publishing. It’s sleek, fast, and focuses on content creation. Having it in your homelab means you have full control over your data. Plus, it’s a delightful way to flex your sysadmin muscles.

Setting the Stage: Prerequisites

Before we dive into the pitfalls, let’s cover the basics. You'll need a server with Node.js (v18.x or later), MySQL 8.0 (or MariaDB equivalent), and a taste for adventure. Oh, and did I mention a reliable proxy like Traefik or Nginx? You’ll need that too.

The Trust-Proxy Trap

Now, onto the infamous trust-proxy trap. What is it, you ask? Imagine telling Ghost to trust your reverse proxy to handle SSL and forward all the important headers correctly. Sounds straightforward, right? But without configuring this, you may find yourself locked out of admin routes or stuck in an HTTP-only world.

// In your config.production.json
{
  "url": "https://yourdomain.com",
  "server": {
    "port": 2368,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "mysql",
    "connection": {
      "host": "localhost",
      "user": "ghost",
      "password": "yourpassword",
      "database": "ghost_prod"
    }
  },
  "paths": {
    "contentPath": "content/"
  },
  "mail": {
    // Mail configuration here
  },
  "logging": {
    "transports": ["file", "stdout"]
  },
  "process": "systemd",
  "persistence": {
    "provider": "local"
  },
  "trustProxy": true
}

The trustProxy setting is the magic key. Set it to true if you’re using a proxy, and Ghost will behave like a well-trained feline, trusting the proxy to tell it whether the request is HTTP or HTTPS. Forgetting this is like forgetting to feed your cat—it won’t end well.

Other Common Gotchas

While the trust-proxy is the main headline, don’t overlook these other potential roadblocks:

• Port Conflicts: Ensure nothing else is trying to snatch port 2368 out from under Ghost’s paws.
• Database Connection: Double-check your credentials. Ghost is picky and won’t hesitate to ghost you if it can’t connect to the database.
• File Permissions: Ghost needs permission to access its files. Don’t make it beg.

In Conclusion

Setting up Ghost in your homelab can be as rewarding as catching a laser pointer, but be prepared for a few gotchas along the way. Remember to configure your proxy settings correctly, and you’ll be shining like the top cat you are. Stay tuned for the next installment, where we’ll go deeper into optimizing performance and handling updates.

Until next time, keep those tails in the air and those proxies trusted.