Self Host Ghost Behind Cloudflare Tunnel
Introduction: Self Host Ghost Behind Cloudflare Argo Tunnel 🛡️
If you've followed our previous guide on self-hosting Ghost with Docker, you may now want to expose it to the world on a specific URL! Let's take your Ghost blog a notch higher by setting it up behind a Cloudflare tunnel, enhancing security and performance. Let's jump in!
Step 1: Setting up Cloudflare
First things first, we need to prepare the environment for Cloudflare. Here's what you do:bash
cloudflared login
mkdir cloudflared
mv ~/.cloudflared/cert.pem ./cloudflared/
These commands will log you in, create a directory, and move the essential certificate file.
Step 2: Create the Cloudflare Tunnel 🚇
Execute this command to create a tunnel specifically for codetalks.net
:
cloudflared tunnel --origincert cloudflared/cert.pem create codetalks.net
rm cloudflared/cert.pem
Caution! ⚠️
Handle certificates with care! Mistakes can lead to security vulnerabilities. Make sure you understand these commands fully.
Step 3: Docker-Compose Integration
Add the cloudflared section below to your existing Docker Compose file:
version: '3.1'
services:
ghost:
image: ghost:5-alpine
user: node
restart: always
ports:
- "2368:2368"
environment:
database__client: mysql
database__connection__host: db
database__connection__user: root
database__connection__password: MYNEWPASSWORD
database__connection__database: ghost
url: https://codetalks.net
volumes:
- ghost-content:/var/lib/ghost/content
- ./wait-for-it.sh:/bin/wait-for-it.sh
command: ["/bin/sh", "-c", "/bin/wait-for-it.sh db:3306 -- /usr/local/bin/docker-entrypoint.sh node current/index.js"]
depends_on:
- db
db:
image: mysql:8.0
restart: always
environment:
MYSQL_ROOT_PASSWORD: MYNEWPASSWORD
volumes:
- ghost-db:/var/lib/mysql
cloudflared:
image: cloudflare/cloudflared:latest
restart: always
command: tunnel run --credentials-file /etc/cloudflared/9a9a9a9abf-ff61-4b50-bd0d-a9b67a5b18df.json --url http://ghost:2368 9a9a9a9abf-ff61-4b50-bd0d-a9b67a5b18df
environment:
TUNNEL_HOSTNAME: codetalks.net
TUNNEL_ORIGIN_CERT: /etc/cloudflared/cert.pem
volumes:
- ./cloudflared:/etc/cloudflared
volumes:
ghost-content:
ghost-db:
Make sure to update the cloudflare tunnel UUID!
ls -lath cloudflared
In the above the cloudflared tunnel UUID is "9a9a9a9abf-ff61-4b50-bd0d-a9b67a5b18df" - note you need to change it twice (in one spot it will end in .json
, the other time it won't!
What's Happening Here?
You're adding a Cloudflare container that will establish a secure tunnel between your Ghost blog and Cloudflare's network. Voila! Your self-hosted Ghost blog in a few lines of code!
Note - make sure the DNS records point to the cloudflare argo tunnel!
Step 4: Verification and Deployment
Ensure everything looks good, and run your Docker Compose:
docker-compose down && docker-compose up -d
Conclusion: Your Ghost, Now More Secure! 🎉
By setting up Ghost behind a Cloudflare tunnel, you've just securely exposed your blog to thhe world on your OWN domain.
Still have questions? Struggling with something? Reach out, and let's find the solutions together!
Happy blogging! 🚀