blog update Featured

Woops, here we are again

Daniel Everitt

2 min read
Woops, here we are again
Photo by Dan Loran / Unsplash

It was some time back in September that I realised my site was down / broken...

In a bid to save some money, I had moved my site away from being hosted with Akamai and took the plunge to self hosting it myself at home, fronted with cloudflare tunnels... Whilst it was all ok I just never really noticed when it went down.

Because of this I didn't really know what the issue was... So I just had to find some time to rebuild. Time that I have very little of as of late! I have actually tried several times to get the site back up and running but every time I tried to build the ghost blog back up, it failed with a 502 host error. I finally figured it out, by spending an evening with "charlie" (chatGPT)...

Anyway, I just wanted to post what the overall summary and the final solution was... Might help me again in future when the site gets cached by "the way back machine" ha...

  1. Cloudflare Tunnel Setup and Configuration:
    • The Cloudflare Zero Trust tunnel was set up successfully, but there were initial difficulties in configuring and aligning it with the Ghost LXC instance.
    • The Cloudflare tunnel was unable to communicate properly with the Ghost server because the server wasn’t accessible on the expected IP and port.
  2. Ghost Blog Accessibility Issue:
    • Despite completing the ghost install process successfully, the blog was inaccessible via my configured domain https://blog.deveritt.me.
    • Logs from the Cloudflare tunnel indicated the error:

Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp ghostlxcip2368:

connect: connection refused

    • This error suggested that the Ghost service wasn't reachable from outside the LXC container.
  1. Localhost Binding in Ghost Configuration:
    • The root cause of the issue was that Ghost was configured to listen only on 127.0.0.1 (localhost) within the LXC container.
    • This restricted access to the service from any external source, including the Cloudflare tunnel.

Final Fix:

The issue was resolved by modifying the Ghost configuration file (config.production.json) to change the listening address from 127.0.0.1 to 0.0.0.0. This allowed Ghost to accept connections from any network interface, enabling the Cloudflare tunnel to reach the Ghost service.

Steps Taken to Fix:

  1. Opened the Ghost configuration file:

/var/www/ghost/config.production.json

  1. Located the server section and updated the host value

"server": {
"host": "0.0.0.0",
"port": 2368
}

Restarted the Ghost service to apply changes: ghost restart

Outcome:

After changing the host to 0.0.0.0, the Ghost blog became accessible through the Cloudflare tunnel, and the domain https://blog.deveritt.me resolved correctly. This fix ensured that the service could accept external traffic routed through the tunnel while maintaining secure SSL termination via Cloudflare.

Mainly here to help myself, but hopefully it helped someone else too!

If you found this interesting, come find me on bluesky and say hi!

Dan (@deveritt-uk.bsky.social)
Made in England, Fixer of broken computery things / backup infrastructures, Senior pyro tech @FuseFireworks Co-host @dotnetsheff Founder @titanmesh
Bluesky Social