Sign in Subscribe

Self Host Ghost Behind Cloudflare Tunnel

Patrick

2 min read

Introduction: Self Host Ghost Behind Cloudflare Argo Tunnel 🛡️

If you've followed our previous guide on self-hosting Ghost with Docker, you may now want to expose it to the world on a specific URL! Let's take your Ghost blog a notch higher by setting it up behind a Cloudflare tunnel, enhancing security and performance. Let's jump in!

Step 1: Setting up Cloudflare

First things first, we need to prepare the environment for Cloudflare. Here's what you do:bash

cloudflared login 
mkdir cloudflared 
mv ~/.cloudflared/cert.pem ./cloudflared/
login to cloudflare

These commands will log you in, create a directory, and move the essential certificate file.

Step 2: Create the Cloudflare Tunnel 🚇

Execute this command to create a tunnel specifically for codetalks.net:

cloudflared tunnel --origincert cloudflared/cert.pem create codetalks.net
rm cloudflared/cert.pem
create cloudflare tunnel

Caution! ⚠️

Handle certificates with care! Mistakes can lead to security vulnerabilities. Make sure you understand these commands fully.

Step 3: Docker-Compose Integration

Add the cloudflared section below to your existing Docker Compose file:

version: '3.1'

services:

  ghost:
    image: ghost:5-alpine
    user: node
    restart: always
    ports:
      - "2368:2368"
    environment:
      database__client: mysql
      database__connection__host: db
      database__connection__user: root
      database__connection__password: MYNEWPASSWORD
      database__connection__database: ghost
      url: https://codetalks.net
    volumes:
      - ghost-content:/var/lib/ghost/content
      - ./wait-for-it.sh:/bin/wait-for-it.sh
    command: ["/bin/sh", "-c", "/bin/wait-for-it.sh db:3306 -- /usr/local/bin/docker-entrypoint.sh node current/index.js"]
    depends_on:
      - db

  db:
    image: mysql:8.0
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: MYNEWPASSWORD
    volumes:
      - ghost-db:/var/lib/mysql


  cloudflared:
    image: cloudflare/cloudflared:latest
    restart: always
    command: tunnel run --credentials-file /etc/cloudflared/9a9a9a9abf-ff61-4b50-bd0d-a9b67a5b18df.json --url http://ghost:2368 9a9a9a9abf-ff61-4b50-bd0d-a9b67a5b18df
    environment:
      TUNNEL_HOSTNAME: codetalks.net
      TUNNEL_ORIGIN_CERT: /etc/cloudflared/cert.pem
    volumes:
      - ./cloudflared:/etc/cloudflared



volumes:
  ghost-content:
  ghost-db:
docker-compose.yml

Make sure to update the cloudflare tunnel UUID!

ls -lath cloudflared
get the cloudflare tunnel name, it's the name of the json file

In the above the cloudflared tunnel UUID is "9a9a9a9abf-ff61-4b50-bd0d-a9b67a5b18df" - note you need to change it twice (in one spot it will end in .json, the other time it won't!

What's Happening Here?

You're adding a Cloudflare container that will establish a secure tunnel between your Ghost blog and Cloudflare's network. Voila! Your self-hosted Ghost blog in a few lines of code!

Note - make sure the DNS records point to the cloudflare argo tunnel!

Step 4: Verification and Deployment

Ensure everything looks good, and run your Docker Compose:

docker-compose down && docker-compose up -d

Conclusion: Your Ghost, Now More Secure! 🎉

By setting up Ghost behind a Cloudflare tunnel, you've just securely exposed your blog to thhe world on your OWN domain.

Still have questions? Struggling with something? Reach out, and let's find the solutions together!

Happy blogging! 🚀

Sign up for more like this.

Enter your email
Subscribe