Starting a Ghost blog on DigitalOcean - Part One
It only took me around ten years, but I finally decided to do something with my domain name. At some point I'll make another post about imposter syndrome, but for now I'll write a synopsis on setting up a small Ghost-based blog on a $5/mo DigitalOcean droplet. There are many other websites out there with literal step-by-step walkthroughs, and this is not intended to be one of those.
Why Ghost and why DigitalOcean?
I didn't want to use WordPress. No real reason other than I wanted a newer platform that hopefully had fewer security issues. I also felt like doing something different than the usual Hugo static site. As for DigitalOcean, I don't expect to have much traffic at all so the $5/month droplet is most likely more than enough to handle anything I need now and you can resize a droplet fairly easily, with a small amount of downtime.
Since this is a personal blog, I don't mind a small amount of downtime in the event that I ever feel the need to scale up. Additionally, for a 20% fee (so $1/month in this case), you can have it all backed up. In the event that you expect to have a lot of traffic and don't want to mess around with Linux, there is always the Ghost Pro option, direct from the source, for more money.
Let's get started
Make sure you've sorted out your DigitalOcean account, setup a project before continuing. In the marketplace, you'll want to use the 1-Click Droplet for Ghost, but make sure you check the $5/month cheapest plan. Create the droplet and choose a region close to you. There will also be an option for SSH keys, and I suggest you set this up now.
SSH Keys
You'll need to create a public and private keypair, and have the public key ready to use. As I spend most of my time in Windows but am also a command line interface fan, I use Windows Terminal and command line SSH, but feel free to use Putty or whatever you wish. Provide the key in the interface for setting up your droplet.
We're almost ready
Give your droplet a name and finish the process - you'll end up with a screen that shows the IP address of your new droplet. You can go to the IP straight away if you want, but I recommend you sort out DNS first, and then restrict access to your droplet.
It's always DNS
The first thing you need to do, is not make the same mistake that I did; sort out your DNS before you do anything else. The one-click installer we'll be following is finicky and we want it all to work right away (unlike my 1st attempt). Luckily, DigitalOcean have a very easy guide you can follow, so do that now before we get started. You'll need to create an account with DigitalOcean and then make a project at this stage. Don't forget to make sure the login is tied to DigitalOcean is protected by multi-factor authentication (MFA).
Cloudflare
If you want to go even further, use Cloudflare for your DNS. The free tier should be enough for most people, and you'll just use the cloudflare nameserver entries instead of the DigitalOcean name servers. There is even an easy-to-follow guide for setting up a free tier account.
Securing your droplet - Firewall
You don't want to have your blog hacked, so you should at least get some basic security configured before we start configuring Ghost. The first step is locking down your droplet so that only you can even attempt to log in. Anyone reading this who is more familiar with linux can just go and do this from inside the droplet using ufw, but I'll show the droplet interface here. Go into your DigitalOcean project menu and select 'Secure your Droplets.
You'll see a screen a little different than the one below, modify it to be similar to what I've shown. Using the 'New rule' button, with your own IP address range in the blacked-out area for SSH and ICMP.
We'll talk about some other steps to secure your droplet in the next post on this topic, as well as the basics of adding a theme and updating the underlying operating system your droplet is running on.
Ghost 4.0 was released just as I published this first post, so there may be some inaccuracies; I'll review and update. However, the update was quite painless and onlt required a few modifications to the theme.