If you have an existing site — for example a shop, or a static site hosted elsewhere — Ghost can be run from a separate location e.g.
yourdomain.com/blog otherwise known as a subdirectory.
Subdirectory and proxy setups are a paid add-on for our Business plan and require a specific custom Nginx or Apache configuration. In addition to a proxy, you must also contact us to indicate the path to be used with your publication.
The following configurations show how to setup a reverse proxy for a subdirectory.
Reverse proxy rules
Follow these rules to create a valid reverse proxy to Ghost(Pro). You can use the same setup to proxy if you don't need a subdirectory as well.
1. Provide a certificate & serve HTTPS traffic.
Only HTTPS traffic is supported.
2. Redirect non-HTTPS traffic to HTTPS.
It's more performant for this to be configured at the proxy level.
3. Proxy to your ghost.io subdomain, leaving it set as the HOST header.
Required to get through our security layer.
4. Have an X-Forwarded-Host header that matches the custom domain in Ghost(Pro) > Domains.
Without this, your blog will redirect to your ghost.io subdomain, causing a loop.
5. Include the X-Forwarded-Proto header set to https not http.
Without this your blog will redirect to https, causing a loop.
6. Include the X-Forwarded-For header, populated with the remote IP of the original request.
Without this, we aren't able to detect spam traffic patterns and your site risks being rate limited or incorrectly restricted. Ensure that only the client IP is passed through here rather than appending to the header that the client has sent, otherwise clients will be able to spoof their IP address.
7. Pass through all requests with the correct methods and headers
Your proxy must forward all HEAD, GET, POST, PUT and DELETE requests to your host with the request method, headers, and response intact, and must also pass through all standard HTTP headers and any
x-ghost headers, including Authorization and set-cookie.
8. Ensure your DNS is dynamic
The underlying IPs of our infrastructure change regularly. If your proxy caches these values and is not able to refresh this dynamically your proxy will go offline without warning. Your proxy should therefore be configured with dynamic DNS resolution.
These configurations are only guaranteed to work in isolation. If you have any pre-existing top-level domain config, this could override the subdirectory. To troubleshoot any issues, review your top-level domain config for conflicts.
Validating your configuration
To verify your proxy is correctly configured, run this command to validate the correct headers are being sent:
curl -IL -H 'x-ghost-proxy:true' https://<your domain here>/<subdirectory>
If correct you’ll see a response header of
x-ghost-proxy set to
VALID. Otherwise you'll see
INVALID next to it, and you should start by checking:
x-forwarded-hostmust match your base custom domain set within Ghost Admin - if you're configuring
example.com/blog/then this would be
x-ghost-forwarded-protomust always be
x-ghost-hostmust always be their publication’s ghost.io URL - eg.
Once headers have been validated, you should complete the following actions to verify that traffic is being correctly routed and the site is behaving as expected:
- Login to
https://<your domain here>/<subdirectory>/ghost/
- Upload an image
- Create and schedule a post
- Delete a post
- Verify changes reflected in the sitemap at
https://<your domain here>/<subdirectory>/sitemap.xml
If everything looks good, you're all set!