At $3.50 per month, running a Ghost blog on the smallest AWS Lightsail machine using a Bitnami image is an attractive alternative to paying $29 per month for Ghost's Basic plan. I prefer Ghost to Wordpress - it's lighter and prettier. 😏
The documentation at https://aws.amazon.com/blogs/compute/building-a-photo-diary-ghost-on-amazon-lightsail/ gets you 90% there in an hour or so, with a custom domain. It does have a few typos and odd quirks - I'll make a note of my hiccups:
"Not Secure": setting up https
Without a TLS or SSL certificate you get that sketchy little "Not Secure" notification in your browser bar - which is not really acceptable nowadays. 😷
The documentation points you to a tutorial for setting up a certificate using Let's Encrypt in relation to NGINX, which is sort of correct, but requires some tweaks. Read on.
/opt/bitnami
SSH into your instance:
Every useful tool can be found at /opt/bitnami.
(Confusingly, there is also a /home/bitnami/stack/ with similar contents. Do not run tools from there.)
Run the bnhelper-tool as a superuser at /opt/bitnami. You'll need sudo privileges for many of the downstream tools that it runs:
cd /opt/bitnami
sudo ./bnhelper-tool
Set up a Let's Encrypt certificate for HTTPS
"Set up Let's Encrypt" runs the bncert-tool, which you can also just run directly.
If you get an error saying ...server.crt' does not exist or is empty, you'll need to generate it using Certbot and symlink the created .pem files. Follow Steps 2-7 in the Amazon documentation, but keep reading as we'll need to adapt the tutorial for Ghost.
To pass the DNS challenges, add your TXT records under Home > Networking > DNS Zones:
After step 6, Certbot will generate two .pem files which need to be symlinked to the location where the bncert-tool will look for them. Note that this differs from the NGINX-specific path given in Step 7 of the Amazon tutorial:
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apps/ghost/conf/certs/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apps/ghost/conf/certs/server.crt
Once your server.crt is in the right place, run the bncert-tool, and you should be on your way.
Start/stop services
In bnhelper-tool you can also start/stop/restart your services (ghost, apache, mysql). This is just a wrapper for ./ctlscript.sh status, ./ctlscript.sh start, ./ctlscript.sh stop:
Remove Bitnami "Manage" banner
You can also remove the little "Manage" banner that appears in the bottom right. This actually runs sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1:
You may get a child process exited abnormally error. Inexplicably, something that I did caused bnconfig to be renamed to bnconfig.disabled. I'm not sure why.
Renaming it back does the trick - I had to do this a couple of times:
sudo mv /opt/bitnami/apps/ghost/bnconfig.disabled bnconfig
Serve it via a CloudFront distribution
The final thing which isn't mentioned in the tutorial is serving the site via a CloudFront distribution. If you've never used a CDN, the quick and dirty idea is that multiple copies of your site are stored around the world for quick access from any browser - and these copies are updated on a regular basis.
Fortunately, AWS' documentation for this is up to date. A CloudFront distribution will add $2.50 per month to your costs, though the entire first year is free - not bad.
To sum up
All in all, this is much easier than setting up from scratch on AWS (trying to tie together Ghost, EC2, Route 53, CloudFront, etc). Lightsail puts all these button clicks in the same place and provides a handy Bitnami image which (almost) works perfectly out of the box. The documentation isn't perfect, but it'll do.
If $29/month for Ghost seems a little pricey for a blog (which it did to me), this is a great way to still have a self-hosted setup on the cheap, with minimal config faff.
Any questions, feel free to ask below!
Top comments (1)
Great example. Thank you.