A short guide to running Ghost in a production environment and setting it up to serve traffic at scale.
Ghost(Pro)
The most efficient way to deploy a production-ready instance of Ghost is on our official fully-managed PaaS. Ghost(Pro) runs the exact same open source codebase and has no limitations compared to self hosting. It’s the easiest way to save a lot of time installing and managing your environment.
| Ghost(Pro) | Self-Hosting | |
|---|---|---|
| 🎛 Product features | Identical | Identical |
| 🖥 Managed install & setup | ✅ | ❌ |
| 🔄 Automatic weekly updates | ✅ | ❌ |
| 🚧 Server maintenance & backups | ✅ | ❌ |
| ⚠️ Threat & uptime management | ✅ | ❌ |
| 🔒 SSL Certificate | Automatic | Manual |
| 🌍 Worldwide CDN included | ✅ | ❌ |
| 🥊 Enterprise-grade security | ✅ | ❌ |
| 🚑 Customer Support | Priority Email Support | Community Support |
| ❤️ Helps to fund all future development of Ghost software | ✅ | ❌ |
Self-hosting
For self-hosting Ghost in production our officially recommended stack is:
- Ubuntu 16.04, 18.04 or 20.04
- MySQL 5.7 or 8.0
- NGINX
- Systemd
- Recommended Node version installed via NodeSource
- A server with at least 1GB memory
- A non-root user for running
ghostcommands
Ubuntu 16.04, Ubuntu 18.04 and Ubuntu 20.04 are the only officially supported operating systems. Our Ubuntu install guide walks you through how to get a server setup this way.
Other operating systems may work fine and you’re welcome to use them, but we are unable to assist with debugging or optimising for them at present - so you’re on your own there. Our recommendation: Use Ubuntu, because that’s where you’ll have the fewest headaches.
Selecting a webhost
You can use just about any hosting provider which provides a reasonable VPS to work with. Ghost officially partners with Digital Ocean, who also offer a pre-made Ghost image. We recommend them very highly.
Server hardening
After setting up a fresh Ubuntu install in production, it’s worth considering the following steps to make your new environment extra secure and resilient:
Use SSL
Ghost should be configured to run over HTTPS. You can also, optionally, increase security by configuring Ghost admin to load on a separate domain.
Securing MySQL
We strongly recommend running mysql_secure_installation after successful setup to significantly improve the security of your database.
Setting up a firewall
Ubuntu 18.04 and 20.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We recommend setting up UFW rules for ssh, nginx, http, and https. If you do use UFW, make sure you don’t use any other firewalls.
Disable SSH Root & password logins
It’s a very good idea to disable SSH password based login and only connect to your server via proper SSH keys. It’s also a good idea to disable the root user.
Optimising for scale
The correct way to scale Ghost is by adding a CDN and/or caching layer in front of your Ghost instance. Clustering or sharding is not supported in any way.
Every day 2-5 of the top stories on Hacker News are published with Ghost, and to the best of our knowledge no Ghost site has ever fallen over as a result of a traffic spike. Minimal, sensible caching is more than enough.
Interested in operating web applications at scale? Ghost is currently hiring Infrastructure Engineers - check out what it’s like to be part of the team and see our open roles at careers.ghost.org
Staying up to date
Whenever running a public-facing production web server it’s critically important to keep all software up to date. If you don’t keep everything up to date, you place your site and your server at risk of numerous potential exploits and hacks.
If you can’t manage these things yourself, ensure that a systems administrator on your team is able to keep everything updated on your behalf.
If you don’t have someone to manage your server and don’t want to deal with any of the things on this page, consider using Ghost(Pro), where all of this is handled on your behalf. It will save a significant amount of time.
