December 15, 2017 · kubernetes ghost gcp

Configure a Google Load Balancer & Hosted Ghost Running SSL

Simple configurations are a good strategy for implementing low maintenence solutions.

Click here for a demo redirect.

I'm using a Google global load balancer ingress for this blog. While setting it up, the GCP health checks were failing to establish a valid SSL connection with the Ghost's node.js process which is running on a container on my GKE cluster. This happens because Ghost was written to expect an NGINX container running in front of it as a reverse proxy.

$ kubectl get pods
NAME                   READY  STATUS   RESTARTS   AGE
ghost-5445dccbc-szvfx  1/1    Running  0          11h

$ kubectl exec -it ghost-5445dccbc-szvfx -c ghost bash

bash-4.3# ps ax
    1 node       8:38 node current/index.js
   39 root       0:00 bash
   44 root       0:00 ps ax

Deciding to keep the solution simple and not get NGINX involved, the Ghost container was re-configured with the non-SSL version of my domain by updating and adding a few lines to the config.production.json file from a forked copy of Ghost's Docker Hub repo. This results in a happy health check and a working site.

  "url": "",
  "server": {
    "port": 2368,
    "host": ""
  "admin": {
    "url": ""

In this mode, Ghost looks at the request header to determine the protocol used for constructing a link on the site. If a visitor comes in using https://... then all links are made using their SSL version. However, if a visitor comes in using Ghost will rewrite all the links to be non-SSL. The admin section also instructs Ghost to SSL any connections to the admin interface.

Security is desired, especially for readers of this blog.

After giving up on trying to debug the health check problem, I searched for and found a Javascript example which ensures a redirect to the SSL'd version of a page, if the page is visited in non-ssl (HTTP) mode.

// redirect if someone typed in http
if (location.protocol != 'https:')
 location.href = 'https:' + window.location.href.substring(window.location.protocol.length);

I will show where this script is installed in the Ghosting Kubernetes Guide.

This site will serve both HTTP and HTTPs connections from a simple container running behind a global IP on Google's network using this strategy, all without a bunch of complicated deployment work!