How to Host Your Very Own Ghost Blog on AWS (The Real Way)

Hosting a Ghost blog on AWS sounds simple… until it isn't. This guide skips the beginner fluff and focuses on what actually works, what breaks, and how to avoid wasting your time.

This isn’t a step-by-step tutorial. It’s a list of hard-earned tips that will save you frustration if you're deploying Ghost on Amazon Linux 2023 with EC2.

🔧 Prerequisite Knowledge

We’re assuming you already know how to:

• SSH into EC2
• Use dnf and the Linux terminal
• Work with nginx, systemd, and DNS
• Allocate and assign Elastic IPs
• Set A records and point a domain to AWS
• Obtain SSL certificates manually

💀 Tip 1: 1 GB of RAM Is a Trap

Yes, Ghost will install and load on a t2.micro or t3.micro — but the moment you publish a post or enable image uploads, you are liable to run out of memory and crash.

Worse:

• Instance Connect won’t even let you back in.
• You’ll be forced to manually stop and restart the instance via the AWS Console.
• Ghost won't auto-restart unless you’ve already set up a systemd service.

💡 Solution: Use at least 2 GB of RAM. It's worth the few extra bucks.

⚙️ Tip 2: Ghost-CLI Will Fail at Configuring nginx & SSL

When you run ghost install, it tries to configure nginx and SSL for you — but fails silently or dumps files in the wrong place.

Why?

• Amazon Linux 2023 and Ghost-CLI use different paths for nginx configs.
• SSL setup fails because Ghost-CLI can’t find or validate certs in custom locations.

💡 Solution:

• Let ghost install run anyway — just let it fail at the nginx and SSL step.
• Find the temp nginx config it generated (likely in /var/www/ghost/system/files/).
• Copy it into /etc/nginx/conf.d/ghost.conf.
• Then manually modify the server block to enable SSL.

🔒 3. Set Up SSL Manually

Ghost expects Let’s Encrypt to be installed and configured, but if you're using something like Cloudflare (or any external cert provider), you’ll need to do this yourself.

✅ Solution: Place your certs somewhere logical, like /etc/nginx/certs/, then update your nginx config:

nginxCopyEditssl_certificate /etc/nginx/certs/your_domain.crt;
ssl_certificate_key /etc/nginx/certs/your_domain.key;

Then restart nginx:

sudo systemctl restart nginx

sudo systemctl restart nginx

Ghost will work fine with your manual cert setup.

👤 4. Don’t Use the Default ec2-user

The default ec2-user has no password and limited suitability for installing Ghost via the CLI.

✅ Solution: Create a dedicated Ghost admin user:

sudo adduser ghostadmin
sudo passwd ghostadmin
sudo usermod -aG wheel ghostadmin

Then log in as ghostadmin and install Ghost there. This avoids permission issues and keeps things clean.

🛢️ 5. MySQL Version Matters (A Lot)

Newer versions of MySQL use a different default authentication plugin, and Ghost doesn’t support it. If you're not careful, Ghost will fail to connect to the database even if your credentials are correct.

✅ Solution: Use the MySQL version Ghost recommends in their docs. As of this writing, MySQL 8.4 works only if you manually set the authentication plugin:

ALTER USER 'ghost'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_password';

This step is non-optional if you’re using recent MySQL packages.

✅ Final Thoughts

Ghost runs great on AWS, but only if you know what to expect. Skip the headaches by:

• Avoiding small instances
• Ignoring Ghost’s automatic nginx and SSL setup
• Creating a real admin user
• Using a MySQL version that actually works

This isn’t the “easy install” path, but it’s the one that works.