Installing Ghost via the Ghost-CLI

If you install Ghost via the CLI, you don't have to create a custom configuration file. The CLI does this for you and asks you for the minimum required information. See screenshot below. After the installation was successful, you will find a custom configuration file. Continue reading to learn where the configuration files live and which properties can be set.

Custom configuration files

You are able to add a custom configuration file to override Ghost's default behaviour. Ghost's configuration is managed by nconf. A custom configuration file must be a valid JSON file and must be located in the root folder.

development environment
production environment



About Environments

Node.js, and therefore Ghost, has the concept of environments built in. Environments allow you to create different configurations for different modes in which you might want to run Ghost. Ghost has two built-in modes: development and production.

The differences between the two modes mean that development is geared towards developing and debugging Ghost, whereas production is intended to be used when you're running Ghost as a real live blog. You'll find the log output is different in the two modes, the level of concatenation and minification of assets like JS and CSS is higher in production mode, development mode provides more warnings about potential problems with themes. Possibly the most noticeable difference is that theme template files are cached in production mode so you'll want to use development mode when creating themes. Essentially, production mode gives priority to performance, whereas development mode gives priority to information.

As Ghost progresses, these differences will grow and become more apparent, and therefore it will become more and more important that any public blog runs in the production environment. This perhaps begs the question, why development mode by default, if most people are going to want to run it in production mode? Ghost has development as the default because this is the environment that is best for debugging problems, which you're most likely to need when getting set up for the first time.

Ghost in production

It's highly recommended to use the Ghost CLI to install and start Ghost in production.

Ghost in development

If you would like to start Ghost in development, you don't have to specify any environment, because development is default.

If you would like to test starting Ghost in production, you can use:

NODE_ENV=production node index.js

Debugging the configuration output

If you'd like to debug the configuration output, you can start Ghost with:

DEBUG=ghost:*,ghost-config node index.js

Running Ghost with config env variables

You're able to start Ghost using environment variables which match the name and case of each config option like this:

url=http://ghost.local:2368 node index.js

For nested config options, you'd need to separate them with two underscores:

database__connection__host=mysql node index.js


Arrays as in logging__transports=[...] are currently not supported. This is a known issue.

Env vars should be lowercase, we realise this is a little odd, it's a limitation of nconf, but they do work!

Configuration options

Ghost has a number of configuration options which you can add to change things about how Ghost works.



only in production

Set the public URL for your blog



Set the protocol and hostname for your admin panel to be different.


only in production

Add a mail service so that Ghost can send emails such as forgotten password and user invite emails


only in production

The type of database that Ghost uses. This is configured to sqlite3 by default and does not need editing



Host and port, or socket for Ghost to listen on



Disable the Ghost features listed in, e.g. update check, rpc ping, and google fonts



Customise Ghost's internal paths, e.g. to the content directory



Control the content attribute of the meta referrer tag.



Generate assets url with .min notation.



Set a custom storage adapter, read more here Using a custom storage module



Set a custom scheduling adapter, read more here Using a custom scheduling module



Configure logging for Ghost.



Configure spam settings.



Configure caching settings.



Disable compression of server responses.



Configure image manipulation and processing.


One of the first things you should do after installing a Ghost blog, is set the url for your blog. This URL must match the url you will use to access your blog, if it is not set correctly you may get the error Access Denied from url as well as finding that RSS and other external links do not work correctly.

url should be set to the full url for your blog including http:// or if you are using SSL for your blog and want both the admin and frontend to always be served securely, use https://.


If you want Ghost to appear on a subpath or subdirectory of your domain, e.g. the full path needs to be specified in the url field. This option is only available when self-hosting Ghost.

If you get the error Access Denied from url: Please use the url configured in your config file, this means there is a mismatch between the url configured, and the url you used to access your blog's admin panel. To solve this you must either update your config file so the url is correct, or change to using the url already configured in your config file when accessing the admin panel.


As with any config change, once you've updated your url field so that your url is correct, you'll need to restart Ghost for it to take effect.


Ghost has a number of configuration options for working with SSL, and securing the URLs for the admin (/ghost/) and the frontend of your blog. SSL is very important for the admin panel, without SSL your username and password are sent in plaintext. SSL ensures your details are kept private.

If you installed Ghost via the Ghost CLI, you can setup SSL easily. Check out the SSL setup instructions in the CLI knowledge base.

If you just setup SSL for your blog, and leave your url starting with http://, Ghost will serve requests made via HTTPS securely, and leave plain HTTP requests alone. Insecure and secure requests will both be available, and there will be no redirects from one to the other.

If you setup SSL for your blog and change your url to https://, Ghost will serve all requests securely, all requests made via plain HTTP will be redirected to HTTPS. Your blog will always be secure.

If you only want to serve your admin panel (i.e. /ghost/) via SSL, then you can leave your url as starting with http:// and instead set the following option:

"admin": { 
  "url": "" 

This will force any HTTP requests for the admin to be redirected via HTTPS.

Admin URL

As per the SSL section above, admin.url can be used to specify a different protocol for your admin panel. It can also be used to specify a different hostname (domain name). It cannot be used to affect the path at which the admin panel is served (this is always /ghost/).

"admin": { 
  "url": "" 


Possibly the most important piece of configuration is setting up mail so that Ghost can let you reset your password if you forget it. We have a separate Mail Configuration which will guide you through this process.


By default, Ghost comes configured to use MySQL.


"database": {
  "client": "mysql",
  "connection": {
    "host": "",
    "port": 3306,
    "user": "your_database_user",
    "password": "your_database_password",
    "database": "your_database_name"


Alternatively you can configure sqlite3.

"database": {
  "client": "sqlite3",
  "connection": {
    "filename": "content/data/ghost-test.db"
  "useNullAsDefault": true,
  "debug": false


The default charset is utf8mb4 and can't be overridden.

Number of connections

You can also limit the number of simultaneous connections should you wish, by using the pool setting. The default values are min: 2, max: 10, which means Ghost will always maintain 2 active database connections. You can set min: 0 to prevent this.

"database": {
  "client": ...,
  "connection": { ... },
  "pool": {
    "min": 2,
    "max": 20

More details about the database configuration can be found in the knex library documentation.


The server host and port are the IP address and port number that Ghost should listen on for requests. In the majority of cases this will not need to be changed, with requests being routed from port 80 to Ghost by either nginx (recommended) or apache.

"server": {
    "host": "",
    "port": 2368

Unix Sockets

Ghost can also be configured to listen on a unix socket by changing the server config to something like:

"server": {
    "socket": "path/to/socket.sock"

The default permissions are 0660, but this can also be configured by expanding the socket config:

"server": {
    "socket": {
        "path": "path/to/socket.sock",
        "permissions": "0666"


There are a set of configuration options available to turn off all of the features listed in the file. All of these feature are enabled by default, but users may choose to turn them off in order to protect their privacy.

If you simply want to turn off all of these features, you can do so by adding the following to your config file.


Once the useTinfoil flag is set to true, no other privacy flags will take effect.

"privacy": {
    "useTinfoil": true

Alternatively, you can configure each of the features individually.

"privacy": {
    "useUpdateCheck": false,
    "useGravatar": false,
    "useRpcPing": false,
    "useStructuredData": false

Update Check

Ghost introduced an automatic update check service to let you know when a new version of Ghost is available (woo!). By default, collects basic anonymous usage statistics from update check requests.

See for more details.

You can disable collecting statistics from your blog:

"privacy": {
    "useUpdateCheck": false

Disabling collecting statistics from your blog doesn't mean you won't receive notifications anymore. This behaviour has changed in 1.20.0.

In Ghost < 1.20 disabling the privacy config has a different meaning. You won't receive any update notifications. So please upgrade to 1.20.


See for more details.

Disable with:

"privacy": {
    "useGravatar": false

RPC Ping

See for more details.

Disable with:

"privacy": {
    "useRpcPing": false

Structured Data

See for more details.

Disable with:

"privacy": {
    "useStructuredData": false


The configuration of paths can be relative or absolute.

If you wish to use a content directory that does not live inside the Ghost folder, then you can do this by specifying a paths object with a new contentPath:

"paths": {
    "contentPath": "content/"


If you are using an SQLite database, you will also need to update the path to your database to match the new location of the data folder.


If you configure a custom content path, the content directory must exist and contain sub directories for data, images, themes, logs and adapters, otherwise Ghost might fail to start.

Referrer Policy

You can set the value of the content attribute of the meta referrer HTML tag by adding referrerPolicy to your config. origin-when-crossorigin is default.

Read through all possible options here.


You can configure how Ghost should log.

"logging": {
  "path": "something/",
  "level": "info",
  "rotation": {
    "enabled": true,
    "count": 15,
    "period": "1d"
  "transports": ["stdout", "file"]


The default log level is info, which will print all info, warning and error logs.Info logs are for example requests.

You can set it to error to only print errors.


You can tell Ghost to rotate your log files.

By default Ghost keeps 10 log files and rotates every day.

Rotation is enabled by default in production and disabled in development.

If you want to, read more about log file rotation here.


The transport define where Ghost should log to.

By default, Ghost will write to stdout and into file for production and to stdout only for development.

e.g. ["file", "stdout"]


By default, Ghost logs into your content path e.g. content/logs/.

You can set any path here. But note: the permissions must be correct to write into this folder.


You can tell Ghost how to treat spam requests.

See spam configuration in Ghost.


Caching for sitemaps, redirects or assets can be configured via the caching property.
See caching configuration in Ghost.


Compression flag for servers response bodies. It is turned on by default. Can be turned off by adding "compress": false to your config.[env].json file.

Image Optimization

Available since Ghost 2.1.0.

If you upload an image, Ghost will by default normalize the image.

  • We resize the image to 2000px.
  • JPEG's are compressed to 80% quality.
  • We remove the meta data from the processed image.
  • We keep the original image next to the uploaded one (with the suffix _o).

You can enable or disable this behaviour in your config.[env].json.

    "imageOptimization": {
        "resize": true | false