When self-hosting there are a few additional steps to consider for security and performance.
After setting up a fresh Ubuntu install in production, it's worth considering the following steps to make your new environment extra secure and resilient:
We strongly recommend running
mysql_secure_installation after successful setup to significantly improve the security of your database.
Ubuntu 18.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We recommend setting up UFW rules for
https. If you do use UFW, make sure you don't use any other firewalls.
It's a very good idea to disable SSH password based login and only connect to your server via proper SSH keys. It's also a good idea to disable the root user.
The correct way to scale Ghost is by adding a CDN and/or caching layer in front of your Ghost instance. Clustering or sharding is not supported in any way.
Every day 2-5 of the top stories on Hacker News are published with Ghost, and to the best of our knowledge no Ghost site has ever fallen over as a result of a traffic spike. Minimal, sensible caching is more than enough.
Whenever running a public-facing production web server it's critically important to keep all software up to date. If you don't keep everything up to date, you place your site and your server at risk of numerous potential exploits and hacks.
If you can't manage these things yourself, ensure that a systems administrator on your team is able to keep everything updated on your behalf.
If you don't have someone to manage your server and don't want to deal with any of the things on this page, consider using Ghost(Pro), where all of this is handled on your behalf. It will save a significant amount of time.