Ghost blog with Apache - how to force SSL?

When I first started this blog, I promised to myself not to post anything about Ghost Blogs - mainly because when I was looking for installing Ghost blog on my server, all the searches I did on the Internet led me to blogs made from Ghost Blog and talking about Ghost Blogs and only Ghost Blogs ...

but, never say never ! ;-)

I recently faced an issue with Ghost and Apache configurations when forcing HTTPS, and when I searched on the Internet for solutions, I found a lot of tips for Nginx, but not so many for Apache ...

Basically, if you're using Ghost Blog with Apache, you probably did something like this (using Forever, PM2, Supervisor or a custom systemd script ... or anything else ... depending on your configuration) :

# in your Ghost root folder
npm start  

and then your Apache configuration looks probably like that :

<VirtualHost *:443>

    #...

    <Location />
        ProxyPass http://localhost:2368/
        ProxyPassReverse http://localhost:2368/
        ProxyPreserveHost   On      
    </Location>

    #...

</VirtualHost>  

After having enabled the apache module proxy_http :

a2enmod proxy_http  

But then when you want to force HTTPS in your Ghost config.js file, by adding https:// to the url (or by adding the option forceAdminSSL: true) :

config = {

    // ...

    production: {
        url: "https://blog.basilediougoant.com",
        mail: {
            // ...
        },
        database: {
            client: "sqlite3",
            connection: {
                filename: path.join(__dirname, "/content/data/ghost.db")
            },
            debug: false
        },
        server: {
            host: "127.0.0.1",
            port: "2368"
        }
    },

    // ...
}

You've probably faced a Redirect loop :
Redirect Loop on Firefox

Because we are using the module http proxy to access the blog from apache, Ghost doesn't know if your blog is served via HTTPS or HTTP, and by default it will assume it's HTTP... which means it will try to redirect to HTTPS... hence the Redirect Loop...

We need to tell ghost : "this is HTTPS !" when using <VirtualHost *:443> :

step 1 : enable headers apache module

a2enmod headers  

step 2 : add the following line to your VirtualHost configuration

<VirtualHost *:443>

    #...

    RequestHeader set X-Forwarded-Proto "https"

    #...

</VirtualHost>  

step 3 : restart apache

apachectl graceful  

The redirect loop should now be fixed !!!