How to Host a Ghost CMS Site on a VPS: Complete Setup and Maintenance Guide

Overview

If your goal is to host Ghost CMS on a VPS with minimal surprises, the safest path is a simple stack: Ubuntu LTS, a non-root sudo user, a firewall, Nginx as the reverse proxy, a MySQL-compatible database, Node.js in a supported version for your Ghost release, and systemd for process management. This keeps the setup close to how many self-hosted Ghost deployments are maintained in practice and avoids unnecessary complexity for a single publication site.

Before you start, decide what kind of Ghost site you are running. A personal publication with light traffic can usually live on a small VPS if the image storage, email provider, and backups are handled sensibly. A business publication with multiple staff users, custom themes, newsletters, or membership features may need a larger instance, an external mail service, and stricter operational habits. The exact VPS size depends on traffic, image usage, theme behavior, and background jobs, so it is better to think in terms of headroom and observability than fixed numbers.

Your baseline deployment checklist looks like this:

• Choose a VPS provider and Ubuntu LTS image.
• Create a non-root sudo user and disable password-only root logins where appropriate.
• Update packages and install core utilities.
• Point your domain or subdomain to the server with DNS A or AAAA records.
• Install Nginx, your database server, and the required Node.js runtime.
• Create a dedicated system user for Ghost if your workflow does not already do this.
• Install Ghost in its own directory with proper ownership and permissions.
• Configure Nginx as a reverse proxy to the Ghost app port.
• Issue and renew TLS certificates.
• Configure transactional email for sign-ins, newsletters, or member notifications.
• Set up backups for both content files and the database.
• Document your update and rollback procedure.

For readers still choosing infrastructure, it can help to compare developer-oriented VPS options before you build. See Best VPS Hosting for Developers: Updated Performance, Pricing, and Control Comparison and DigitalOcean vs Linode vs Vultr vs Hetzner: Which Cloud Host Is Best for Small Teams?.

A typical server preparation flow on Ubuntu looks like this:

sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx ufw curl git unzip
sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable

That does not finish the job, but it creates a cleaner base for the rest of the setup.

Checklist by scenario

This section is designed to be reusable. Pick the scenario closest to your situation, then work through the corresponding checklist.

Scenario 1: New single-site Ghost install on a fresh Ubuntu VPS

This is the most common starting point and the easiest to keep maintainable.

1. Create the server and secure access. Add your SSH key during provisioning if your provider supports it. Create a sudo user and avoid using root for routine administration.
2. Update the OS. Run system updates before installing application dependencies.
3. Install Nginx and database services. Keep your web server and database separate from the Ghost application process in your mental model, even if they run on the same machine.
4. Install the supported Node.js runtime. Ghost depends on Node.js, so always check Ghost's current support requirements before upgrading Node independently.
5. Create a Ghost application directory. Use a predictable path such as /var/www/ghost and set ownership carefully.
6. Install Ghost. Whether you use the Ghost CLI or a manual workflow, keep the install isolated and documented.
7. Configure the site URL correctly. Your configured URL must match the final public URL, including https and whether you use www or not.
8. Configure Nginx reverse proxying. Nginx listens on ports 80 and 443 and forwards traffic to the Ghost application port on localhost.
9. Enable TLS. Use certificates and verify automated renewal.
10. Test the admin panel, image upload, and outbound mail. Do this before announcing the site.

A minimal Nginx site configuration often resembles this pattern:

server {
    listen 80;
    server_name example.com www.example.com;

    location / {
        proxy_pass http://127.0.0.1:2368;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Adjust this to your environment and TLS setup rather than treating it as a drop-in production config.

Scenario 2: Moving an existing Ghost site from managed or shared hosting to a VPS

Migrations fail most often because operators focus on the app and forget the surrounding services.

1. Inventory the existing site. Note the Ghost version, Node version, custom theme, active integrations, redirects, and mail provider settings.
2. Export content and users from Ghost admin. Do not rely only on server-level copying if your current environment is opaque.
3. Back up themes, images, and custom routes or redirects. Your publication may depend on files outside the content export.
4. Rebuild the target VPS first. Do not point DNS until the new site is fully tested.
5. Import content into the new install. Then reinstall your theme and verify image paths.
6. Set TTL lower before the DNS cutover if possible. This can make the switchover less disruptive.
7. Test sign-in, theme rendering, membership flows, and email. These are common break points after migration.
8. Keep the old host available until traffic stabilizes. Avoid deleting the old environment immediately.

If your migration includes broader stack changes, the discipline is similar to any website migration hosting project: rebuild cleanly, test on the target, switch DNS carefully, and keep a rollback path.

Scenario 3: Hosting Ghost on a VPS for a small team

Once several people touch the site, operational discipline matters more than raw server power.

1. Separate admin access from server access. Not every editor needs shell access.
2. Store infrastructure notes in versioned documentation. Record the server IP, DNS settings, package sources, backup locations, and upgrade sequence.
3. Use a staging workflow for theme changes. Theme edits directly on production create avoidable risk.
4. Set up monitoring. At minimum, watch service uptime, disk usage, memory pressure, TLS expiration, and backup success.
5. Plan mail delivery early. Ghost features that depend on email become operational issues if mail is left as an afterthought.
6. Review permissions. Keep file ownership, sudo rights, and SSH keys current.

If your team is more container-oriented, compare whether a standard VM setup or a container workflow better fits your habits in Best Hosting for Docker Projects: VPS, PaaS, and Managed Container Options Compared. For a single Ghost site, a plain VPS is often simpler to operate than a container stack unless your team already standardizes on Docker.

Scenario 4: Rebuilding Ghost after a server failure

This is where your maintenance habits are tested.

1. Provision a new VPS.
2. Restore the OS baseline and application dependencies.
3. Restore the Ghost files and content directory.
4. Restore the database.
5. Restore Nginx configuration and TLS automation.
6. Update DNS if the IP changed.
7. Verify site URL, asset loading, admin login, and outbound email.

If this process is slow or unclear, your deployment is under-documented. Treat disaster recovery as part of setup, not a later project.

What to double-check

The details below are where many Ghost VPS installs become fragile. Revisit them before launch and before any major update.

1. DNS and canonical URL

Make sure your DNS records point to the correct server and your Ghost configuration uses the exact public URL you intend to keep. A mismatch between http and https, or between apex and www, can cause redirect loops, broken assets, or admin session issues. If you are also using a proxy or CDN, verify whether it forwards the right headers to Nginx. If you need help with DNS hygiene, a practical companion read is best domain registrar guidance in your buying process and a dedicated Cloudflare DNS setup workflow if you use Cloudflare.

2. Node.js compatibility

Do not upgrade Node.js just because a newer version exists. Ghost versions are tied to supported runtime versions. If you change Ubuntu, package sources, or automation scripts, confirm that your Node runtime still matches the Ghost version you plan to run.

3. File ownership and permissions

Ghost needs write access to the right directories, but not broad write access everywhere. Avoid running the app as root. Keep ownership explicit and consistent, especially after restoring from backups or moving files between servers.

4. Reverse proxy headers

Nginx should pass the host, scheme, and client IP headers correctly. This matters for secure redirects, generated URLs, logs, and behavior behind a proxy.

5. Database backups

A filesystem snapshot alone is not always enough. Your content, settings, users, and memberships may depend on a clean database dump. Keep both file-level and database-level backups, and test that they can actually be restored.

6. Email configuration

Many self-hosted Ghost setups work until the first member invitation, password reset, or newsletter task. Use a dedicated transactional or mail delivery provider rather than assuming local server mail will be dependable. Also check SPF, DKIM, and any required DNS records if your provider needs them.

7. Update path

Document how you will update Ghost, how you will update Ubuntu packages, and what you do if a custom theme breaks. The best update plan is one that includes a backup, a maintenance window, and a rollback note.

Common mistakes

Most Ghost VPS problems are not exotic. They are usually the result of skipping a small but important operational step.

• Installing directly as root and leaving it that way. This makes later permission cleanup harder and widens the blast radius of mistakes.
• Forgetting to secure SSH. Key-based access, least privilege, and basic firewall rules matter on even the smallest VPS.
• Changing multiple layers at once. Migrating Ghost, upgrading Ubuntu, switching DNS providers, and replacing the theme in one cutover makes troubleshooting much harder.
• Assuming TLS renewal works without testing. Certificate automation should be checked, not trusted blindly.
• Ignoring logs. Nginx logs, systemd service logs, and Ghost logs often reveal the issue quickly if you look early.
• Skipping mail validation. A site can appear healthy while critical email features silently fail.
• No rollback plan. If an update breaks the site, you should already know whether you are restoring from snapshot, database dump, or a parallel server.
• Using a VPS that is too constrained for your media and traffic pattern. Ghost can feel light until image processing, imports, or spikes expose thin memory and disk margins.

For developers comparing broader hosting approaches before settling on VPS, it may be useful to contrast Ghost's needs with other application patterns. See Best Hosting for Laravel Applications: Shared, VPS, Cloud, and Managed Options for a parallel way to think about tradeoffs between control and convenience.

When to revisit

The best Ghost CMS hosting guide is not something you read once. Revisit your setup whenever one of the underlying inputs changes.

Use this practical review checklist:

1. Before upgrading Ghost. Confirm runtime compatibility, back up files and database, review theme compatibility, and test on staging if possible.
2. Before upgrading Ubuntu or changing package repositories. Recheck Node, database, Nginx, and service startup behavior.
3. When you change DNS, registrar, or CDN settings. Verify canonical URLs, TLS behavior, and proxy headers.
4. Before seasonal traffic spikes or planned campaigns. Check disk space, image storage, backup recency, and mail throughput.
5. When workflows or tools change. If you move from a manual setup to automation, or from direct edits to Git-based theme deployment, update the runbook too.
6. When team ownership changes. Rotate SSH keys, review sudo access, and refresh documentation.
7. After any incident. Turn the incident into a clearer recovery checklist while details are fresh.

A sensible maintenance rhythm is monthly for basic health checks, quarterly for backup restore tests and documentation review, and before any major version change for a full deployment review. If you want a final action list to keep nearby, use this:

• Verify SSH access and firewall rules.
• Check system updates and supported Node version.
• Confirm Ghost service health and Nginx status.
• Inspect disk, memory, and log growth.
• Test admin login and a core publishing action.
• Confirm outbound email works.
• Validate backup completion and perform a restore test on a non-production environment.
• Review DNS, TLS renewal, and canonical URL behavior.
• Update your runbook with any changes made since the last review.

If you treat that list as part of normal operations, a self-hosted Ghost setup on a VPS stays predictable. That is the real goal: not just getting Ghost online, but keeping it easy to understand, easy to repair, and easy to move when your hosting needs change.