Deploying Ghost CMS on Oracle Cloud’s Always Free Tier: A Comprehensive Guide to Setup and Port…

Deploying Ghost CMS on Oracle Cloud’s Always Free Tier: A Comprehensive Guide to Setup and Port Configuration

Ghost is a powerful, open-source content management system (CMS) designed for bloggers, publishers, and developers who want a simple yet customizable platform for creating websites. It’s built on Node.js and uses MySQL as its database backend. One of the best ways to host Ghost for free is on Oracle Cloud Infrastructure (OCI)’s Always Free Tier, which provides robust virtual machine (VM) resources without ongoing costs. However, a common hurdle during deployment is configuring ports for web traffic (80 for HTTP and 443 for HTTPS) and database access (3306 for MySQL), as the VM’s local firewall and OCI’s network security can block them by default.

In this guide, we’ll walk through the entire process: signing up for Oracle Cloud, creating an Always Free VM, setting up ingress rules in your Virtual Cloud Network (VCN), and installing Ghost on Ubuntu. We’ll also address the port issue highlighted in community discussions (e.g., on Reddit), where even after adding OCI ingress rules, ports remain closed due to the VM’s firewall. The solution involves using firewalld to explicitly allow services for HTTP, HTTPS, and MySQL.

Note: Exposing port 3306 (MySQL) publicly is a security risk, as it could allow unauthorized database access. Restrict the source CIDR in your ingress rule to your IP address or use a VPN/bastion host for database management. This guide includes it as requested, but proceed with caution.

Prerequisites

• A free Oracle Cloud account (sign up at https://www.oracle.com/cloud/free/).
• A registered domain name with DNS A records pointing to your future VM’s public IP (required for Ghost’s SSL setup via Let’s Encrypt).
• Basic familiarity with SSH and command-line tools.
• An SSH client (e.g., OpenSSH on Linux/Mac or PuTTY on Windows).

Step 1: Sign Up for Oracle Cloud Free Tier

1. Visit the Oracle Cloud sign-up page: https://signup.cloud.oracle.com/.
2. Enter your account information: name, email, country/territory, and create a cloud account name (this becomes your tenancy name).
3. Verify your email and phone number as prompted.
4. Provide payment details (a credit card is required for verification, but you won’t be charged for Always Free resources).
5. Once verified, log in to the Oracle Cloud Console at https://cloud.oracle.com/.

Oracle’s Always Free Tier includes up to 4 OCPUs and 24 GB RAM on Arm-based Ampere A1 Compute VMs (VM.Standard.A1.Flex shape), plus 200 GB block storage — perfect for Ghost.

Step 2: Create a Virtual Cloud Network (VCN)

Before launching a VM, set up a VCN for networking. If you’re new, use the wizard for simplicity.

1. In the Oracle Cloud Console, open the navigation menu (hamburger icon), go to Networking > Virtual Cloud Networks.
2. Click Start VCN Wizard and select Create VCN with Internet Connectivity.
3. Enter a name for your VCN (e.g., “ghost-vcn”).
4. Under Configure VCN and Related Resources, keep defaults: this creates a public subnet, internet gateway, NAT gateway, and service gateway.
5. Click Next and then Create.
6. Note the VCN’s OCID and subnet details — you’ll need them for the VM.

This setup ensures your VM can access the internet and be reached publicly.

Step 3: Launch an Always Free VM Instance

1. In the Console, go to Compute > Instances.
2. Click Create instance.
3. For basic information, name the instance something like “ghost-vm”.
4. Select your default compartment.
5. Choose an availability domain (e.g., AD-1; Always Free resources are available in all domains).
6. For image and shape, click Change Image > Platform Images > Select Ubuntu (choose Ubuntu 22.04 or 24.04 for Ghost compatibility).
7. Click Change Shape > Shape Series: Ampere > Select VM.Standard.A1.Flex (Always Free eligible).
8. Configure: 4 OCPUs and 24 GB memory (max for free tier).
9. Click Select Shape.
10. For networking, select your VCN from Step 2.
11. Choose the public subnet (e.g., “public-subnet-ghost-vcn”).
12. Assign a public IPv4 address: Select Assign a public IPv4 address.
13. For SSH keys, choose Generate a key pair for me (download the private key) or Paste public keys (upload your existing public key in OpenSSH format).
14. Save the private key securely — it’s needed for SSH.
15. For boot volume, keep defaults (50 GB is fine; expandable up to 200 GB free).
16. Click Create. The instance will provision in a few minutes. Note the public IP address once it’s running.

Step 4: Configure Ingress Rules for Ports 80, 443, and 3306

OCI uses Security Lists in your VCN to control traffic. By default, only SSH (port 22) is allowed.

1. In the Console, go to Networking > Virtual Cloud Networks > Select your VCN > Resources > Security Lists > Click the default security list (e.g., “Default Security List for ghost-vcn”).
2. Under Ingress Rules, click Add Ingress Rules.
3. Add a rule for Port 80 (HTTP): Source Type: CIDR, Source CIDR: 0.0.0.0/0 (all IPs; restrict if possible), IP Protocol: TCP, Source Port Range: All, Destination Port Range: 80.
4. Add a rule for Port 443 (HTTPS): Source Type: CIDR, Source CIDR: 0.0.0.0/0, IP Protocol: TCP, Source Port Range: All, Destination Port Range: 443.
5. Add a rule for Port 3306 (MySQL): Source Type: CIDR, Source CIDR: 0.0.0.0/0 (strongly recommend restricting to your IP, e.g., your_ip/32), IP Protocol: TCP, Source Port Range: All, Destination Port Range: 3306.
6. Click Add Ingress Rules. Changes apply immediately.

These rules allow inbound traffic to your VM on these ports from the specified sources.

Step 5: SSH into the VM and Install Ghost

SSH into your VM using the public IP and private key: ssh -i path/to/private_key ubuntu@your_public_ip (username is “ubuntu” for Ubuntu images).

1. Create a new non-root user (avoid “ghost” to prevent conflicts): sudo adduser youruser.
2. Add the user to sudo group: sudo usermod -aG sudo youruser.
3. Switch to the new user: su — youruser.
4. Update packages: sudo apt update && sudo apt upgrade -y.
5. Install firewalld: sudo apt install firewalld -y.
6. Enable firewalld: sudo systemctl enable firewalld.
7. Start firewalld: sudo systemctl start firewalld.
8. Add HTTP service: sudo firewall-cmd — zone=public — add-service=http — permanent.
9. Add HTTPS service: sudo firewall-cmd — zone=public — add-service=https — permanent.
10. Add MySQL service: sudo firewall-cmd — zone=public — add-service=mysql — permanent (for port 3306).
11. Reload firewall: sudo firewall-cmd — reload.
12. If iptables is interfering, flush rules: sudo iptables -F.
13. Set input policy: sudo iptables -P INPUT ACCEPT.
14. Disable netfilter-persistent if installed: sudo systemctl disable netfilter-persistent.
15. Verify firewall: sudo firewall-cmd — list-all.
16. Install NGINX: sudo apt install nginx -y.
17. If ufw is active: sudo ufw allow ‘Nginx Full’.
18. Install MySQL: sudo apt install mysql-server -y.
19. Secure MySQL: sudo mysql_secure_installation (follow prompts).
20. Set root password authentication: sudo mysql.
21. In MySQL shell: ALTER USER ‘root’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘strongpassword’;.
22. Flush privileges: FLUSH PRIVILEGES;.
23. Exit MySQL: exit.
24. Install Node.js (v20 or v22; Ghost supports up to v22): curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -.
25. Install Node.js: sudo apt install nodejs -y.
26. Install Ghost-CLI: sudo npm install ghost-cli@latest -g.
27. Create Ghost directory: sudo mkdir -p /var/www/ghost.
28. Set ownership: sudo chown youruser:youruser /var/www/ghost.
29. Set permissions: sudo chmod 775 /var/www/ghost.
30. Change directory: cd /var/www/ghost.
31. Install Ghost: ghost install.
32. Answer prompts: Blog URL: https://yourdomain.com (use HTTPS for SSL), MySQL Host: localhost, MySQL User: root, MySQL Password: Your password from earlier, Database Name: ghost_prod (or custom), Set up NGINX? Yes, Set up SSL? Yes (provide email for Let’s Encrypt), Set up systemd? Yes, Start Ghost? Yes.

Ghost will configure NGINX as a reverse proxy, set up SSL, and start the service. Access your site at https://yourdomain.com and create an admin account.

Troubleshooting Tips

• Ports Still Closed? Test with sudo nmap -p 80,443,3306 localhost or externally. Double-check OCI ingress rules and firewalld status.
• Firewall Conflicts: If ufw is enabled, disable it: sudo ufw disable.
• Performance: Monitor resource usage; idle VMs may be reclaimed after 7 days of low activity.
• Updates: Keep Ghost updated: ghost update.

Conclusion

You’ve now deployed a production-ready Ghost CMS on Oracle Cloud’s Always Free Tier, complete with proper port configurations for seamless access. This setup is cost-free, scalable, and leverages Oracle’s reliable infrastructure. If you encounter issues, check Oracle’s docs or communities like Reddit’s r/oraclecloud. Happy blogging!