If you have an existing site — for example a shop, or a static site hosted elsewhere — Ghost can be run from a separate location e.g. yourdomain.com/blog otherwise known as a subdirectory.

Subdirectory installs are supported at the Business plan level and require a custom nginx or apache configuration that follows reverse proxy rules. In addition to a proxy, you must also contact support@ghost.org to indicate the subdirectory path to be used with your publication.

Reverse proxy rules

Here's a guide for setting up reverse proxy rules:

1. Provide a certificate & serve HTTPS traffic.
Only HTTPS traffic is supported.

2. Redirect non-HTTPS traffic to HTTPS.
It's more performant for this to be configured at the proxy level.

3. Proxy to your ghost.io subdomain, leaving it set as the HOST header.
Required to get through our security layer.

4. Have an X-Forwarded-Host header that matches the custom domain in my.ghost.org.
Without this, your blog will redirect to your ghost.io subdomain, causing a loop.

5. Include the X-Forwarded-Proto header set to https not http.
Without this your blog will redirect to https, causing a loop.

6. Include the X-Forwarded-For header, populated with the remote IP of the original request.
Without this, we aren't able to detect spam traffic patterns and your site risks being rate limited or incorrectly restricted.

Example configurations

Verification

To ensure your proxy is correctly configured, check the headers using the custom header X-Ghost-Proxy: true.

For example: curl -IL -H 'x-ghost-proxy:true' https://<your domain here>/<subdirectory>

If your proxy is correct you’ll see a response header of x-ghost-proxy set to VALID. If an invalid header is detected, you will see INVALID next to it.