I found a few other pages with similar stuff, but what I saw was a bit outdated and some things I didn't agree with, so hopefully this is of help to someone.
For some reason, the Ghost team only officially recommend and support Ubuntu. Many people before me have compared Debian and Ubuntu before, so I won't debate about it here.
I prefer to use Debian.
Starting from a new clean install of Debian 9, here we go:
- We are root, so create a new user (don't call it ghost!)
- Add this new user to sudoers, to give the user the ability to run privileged commands
usermod -aG sudo coolguy
- Log in as the new user (su = switch/substitute user)
su - coolguy
- Update package lists
sudo apt-get update
- Update installed packages
sudo apt-get upgrade
- Install nginx
sudo apt-get install nginx
- Add node to your sources - the list of programs that Debian knows about
curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
The dash at the end of the command basically indicates the file we want to run is the result of the curl command
The -sL simply tells curl to not print anything, and to follow any links if they exist
(Command is from https://github.com/nodesource/distributions/blob/master/README.md#debinstall)
- Now that Debian knows about node, you can install it
sudo apt-get install nodejs
- Install MariaDB to use as our database system
sudo apt-get install mariadb-server
- Secure MariaDB with a simple command
- The current root password should be blank.
- You can choose to create a root password but that is optional - you can read why at the end of this article
- Answer yes to all questions.
Now let's set up a database for Ghost to use
(We are not letting Ghost set up the database for us, you can read why at the bottom.)
- Enter the SQL shell
- Create a database for our Ghost site
CREATE DATABASE ghost_coolsite_db;
- Create a user for that database, giving a password
CREATE USER 'ghost_coolsite_usr'@'localhost' IDENTIFIED BY 'my_password';
- Give that user full control of the database
GRANT ALL PRIVILEGES ON ghost_coolsite_db. * TO 'ghost_coolsite_usr'@'localhost';
- Exit the SQL shell
- Install the Ghost command line tool
sudo npm install ghost-cli@latest -g
- Make a directory for the Ghost install for our website
sudo mkdir -p /var/www/coolsite
- Change the ownership of this directory to your user
sudo chown coolguy:coolguy /var/www/coolsite
- Set the correct permissions
sudo chmod 775 /var/www/coolsite
- Navigate into our directory
Finally we can install Ghost!
- Install using the Ghost tool we installed
- Ignore it gently complaining about the OS not being Ubuntu
- Enter your domain when it wants
- For the MySQL hostname, leave it blank for the default of 'localhost'
- Give the database username we created
- And the password
- And the database name
- Say no to setting up a Ghost database user, you won't be able to since the database user is not root
- Say yes to setting up nginx
- If you gave a URL with https, say yes to setting up SSL - you will be asked for an email address
- Say yes to setting up systemd
- Say yes to starting up Ghost, you are finished!
Explaination about the database:
For security reasons, by default the MariaDB/MySQL root user doesn't log in using a password, the authentication happens via 'unix sockets'.
It means that authentication behind the scenes and you are simply logged in if you have superuser privileges - and even if a password is set for the root user, you won't be asked to enter it. This is not because we are using Debian, this also happens if we are using Ubuntu. It is just what newer versions of MariaDB/MySQL are doing.
When we install Ghost, it offers to setup its database automatically for us which is nice and easy - to do this it needs our root MariaDB/MySQL password.
But remember, our root database user cannot be authenticated via a password, so it will fail.
Our options are to:
- Change the root database user's authentication method to 'password'
This is what Ghost recommend doing, but changing the authentication method to password might not be as slick as some think because it looks like some things rely on the root password being blank(?):
- Run Ghost installer with root privilege
This might work but Ghost say not to run ghost-cli commands with sudo (I'm not sure exactly why though)
- Set up the Ghost database ourselves
This is easy to do, so I think it's a no-brainer (lowest common denominator) so that's why I chose it. I'm not entirely sure of the reasons MariaDB/MySQL don't use password authentication for the root user, but I guess it's for a good reason, so I feel it's a good idea to leave it how it is.
Also, as a rule, it's best not to give anything our root database credentials if it doesn't truly need them. Even though Ghost is open source and we can see what it is doing, bugs exist, people make mistakes and it's just good practice to try to be safe.