Self-Hosting a Blog with Ghost and Unraid
How to create a secure blog for free* on unraid
I've been meaning to stand up a blog on my Unraid server for a while and finally decided to make a weekend project of it. Seems only fitting that I should start this blog by walking through the process, so those who come after might avoid a few of my annoying mistakes.
When you're done, you'll have a Ghost blog, secured by an SSL certificate, on a custom domain, and proxied through Cloudflare to protect your server and privacy. The only expense will be the cost of the custom domain. Some of these steps will also set your Unraid server up for any other web services you'd like to host along side your blog.
Depending on your comfort level with some networking concepts, this process might take anywhere from a couple hours to a day. I'll try to go over every step, so if you already know some bits, feel free to skip ahead.
- What you'll need to start
- Configuring Unraid
- Acquiring a domain
- Installing MariaDB
- Installing Ghost
- Configuring Cloudflare
- Installing Nginx Proxy Manager
- Configuring port forwarding for http/https traffic
# What you'll need to start
- Router which supports
- Port forwarding
- Static DHCP IP assignments
- At least $12 per year for a custom domain
- Some idea what Docker is
This guide is written for Unraid using the Community Applications plugin to make the Docker installations easier. However, the process will mostly be applicable even if you have different infrastructure. For instance, the Docker images we'll be using have coherent documentation for manual Docker Compose installations.
One thing you'll definitely need for your blog to be accessible via the Internet is a router capable of forwarding ports to your Unraid server and assigning static IPs. Most routers have this ability but you'll need to be able to log into your router with an admin account. As well, you can't already be using ports 80 and 443 (http and https) for something else, like a different server. Using the method in this guide, you can host as many Internet-facing items on Unraid as you want but you'll need to pipe all 80/443 traffic to your Unraid server for as long as your sites are running.
I'm also going to assume you'll purchase a custom domain for your site or already have one to use. This will be the only expense of this guide (~$12/year). A custom domain isn't required but you'll need some sort of domain that you can add to Cloudflare and change settings on. Cloudflare is also optional but, without it, you'll need a different solution for SSL and won't have very valuable privacy protections that will help keep your server safe from Internet threats.
# Configuring Unraid
You'll need a few things running on Unraid before you get started.
# Docker service
Make sure your Docker service is running. It's under Settings > Docker > Enable Docker. If it's running, you'll see the Docker tab in the Unraid web GUI.
Setting up the Docker service in Unraid is beyond the scope of this tutorial. If you haven't used Docker in Unraid before, do yourself a favor and read up on it.
# Static IP
In order for you to forward port 80 and 443 traffic to your Unraid box, you'll need to have a static IP assigned to Unraid in your router. You should have Unraid's static IP written down for use later. Even if you don't follow through with this tutorial, you should generally have Unraid running under a static IP, anyways, as it makes reaching all your Unraid services much easier.
Assigning static IPs is beyond the scope of this tutorial but you can usually find the settings in your router's admin GUI under something like "DHCP". Once you assign a new static IP to Unraid, you'll typically need to restart Unraid's network connection to pick up the new assignment. You might find it easiest to just unplug the network cables or restart Unraid entirely to accomplish that.
For me, pfSense is my router. Static IPs are under Services > DHCP Server and all the way at the bottom you can click "Add" to add a static mapping. Note that the address you want to reserve must be outside of your automatic DHCP lease space. If you scroll back up, you change change the "Range" setting from something like "192.168.0.1" to "192.168.0.50" to open up 49 IP addresses for you to statically map.
# Acquiring a domain
If you want people to actually reach your blog from the Internet, you'll want a domain name. This step is technically optional, since you can access your blog through your public IP. But no one else online will want to do that and it's a potential security risk to expose your public IP like that.
If you already have a domain, you can skip this step. Just remember, you'll need to point this domain at Cloudflare, so it shouldn't already be used for something else.
There are many "domain registrars" where you can get affordable domain names. For instance, Google Domains, GoDaddy, NameCheap, and HostGator. I tend to use Google Domains, these days, because they offer free privacy protection for all domains and have a very easy to use interface.
Whichever registrar you choose, search for a domain you like and that isn't already purchased. Most ".com" domains can be had for $12/year or less. Some special domains or domains that are highly-sought-after can go for much more, so be sure to check the price, first.
Once you purchase your domain, it should become immediately available for you to use. Make a note of exactly what your domain is; we'll need it for a few steps later.
# Installing MariaDB
Ghost uses a database to store all of its content and data. This can be any MySQL drop-in flavor but the default for the Ghost docker we'll be using is MariaDB.
MariaDB is a popular drop-in replacement for MySQL which tends to offer some performance benefits over vanilla MySQL. The differences won't really matter for a small, personal blog, so don't feel like you have to use MariaDB if you really prefer MySQL or already have MySQL running on Unraid.
# Installing the Docker image
Otherwise, we can install MariaDB now. Navigate to the "Apps" tab in Unraid GUI and type "MariaDB" into the search bar.
You should see a number of results, including a lot of items which merely reference "MariaDB" in their description. Near the top should be the actual MariaDB images. For this tutorial, I'll be using the result in the image above from linuxserver. Just up to your personal preference but linuxserver is quite a popular maintainer of many Docker images. Click the download icon to move to the install screen.
You should be presented with a screen like below:
Most of these defaults should be fine, unless you know that you need a port other than 3306. This tutorial is going to assume you're running MariaDB on the default port.
One thing you may need to change is the "AppData Config Path". This is the path on your Unraid array where you'll be storing all your Ghost data (aside from config files). You should make sure it's a folder with enough space for your blog to grow.
And the last thing you'll want to change is "Key 3", described as "MYSQL_ROOT_PASSWORD". This will be the password for the user "root" so that you can manage your database. Enter a decent password and write it down somewhere.
Click "Apply" and wait for the installation process to finish. Once it's done, you can move to your Docker tab in Unraid GUI and confirm that you see that the MariaDB instance is running.
If it isn't running, you can click on the MariaDB logo and then click on "Logs" to check for any errors when it tried to run.
# Creating a user and database
Once MariaDB is running, click the logo and click "Console" to connect to the terminal inside the instance. You should be presented with a new window that's mostly blank.
We can type into this window to connect to our new database.
mysql -u root -p
The terminal will prompt you for that root password you set in the MariaDB install step. Then you should be presented with the MariaDB console.
Ghost will need a user and a database for it to use. We can set those both up within the MariaDB console.
CREATE USER ghost IDENTIFIED BY 'some_secure_password'; CREATE DATABASE ghost; GRANT ALL PRIVILEGES ON ghost.* TO ghost IDENTIFIED BY 'some_secure_password'; FLUSH PRIVILEGES;
Replace both instances of "some_secure_password" above with a real password you want the ghost database user to have. Leave the real password inside of single quotes (so don't use single quotes in the password itself).
Those three statements create a new user called "ghost", create a new database called "ghost", gives that new user all the rights it needs to use the new database, and re-caches our user rights. Without that last step, you'll have a very hard to debug issue later.
At this point, MariaDB is all set up and you can close the popup window for the Docker terminal.
# Installing Ghost
Ghost is the actual Content Management System that will run our blog.
Return to your "Apps" tab in Unraid GUI and search for "ghost". Again, you should see a few results at the top.
For this tutorial, I'll be using the image from Sycotix. Feel free to use another image and adapt the steps. Click the download icon to move to the configuration screen.
This Docker image has a lot of settings, so I won't post a screenshot of that page, but we can walk through the settings to change. For the email-related settings, if you don't plan to let Ghost send emails, you're free to leave them as their default values.
- GHOST_HOST: This should be the domain you intend to host Ghost under. If you use the Sycotix image, this should be the full URL (eg. https://mysite.com). I believe the cheesemarathon image wants it without the "https://" in front.
If you're going to host your site under a subdomain (eg. blog.mysite.com), enter that full URL here.
- GHOST_EMAIL: This is the email you want outbound emails from the Ghost application to appear to be from. You'll notice that there's a setting lower down called SMTP_FROM_ADDRESS, which sounds like the same thing. What's the difference? ¯\_(ツ)_/¯
- BLOG_TITLE: What you want the blog to call itself. This will appear in the page headers on the blog.
- MARIADB_HOST: This should be the IP or hostname where we just installed MariaDB. This should be either Unraid's static IP or some alias that resolves to its IP. eg. 192.168.0.123
- MARIADB_PORT_NUMBER: The port behind which MariaDB is exposed. This should match whatever you set it to in the previous section. The default is 3306.
- GHOST_DATABASE_NAME: The name of the database Ghost will use to store data. Ours, from above, was "ghost".
- GHOST_DATABASE_PASSWORD: The password for the user above.
- SMTP_*: All the SMTP settings are related to Ghost being able to send outbound emails. You can find the appropriate settings on your email provider's website (the same kind of settings you'd use to manually connect to your email from your phone). If you won't be using emails, leave these as default.
- GHOST_PROTOCOL: This should be "https" but it doesn't seem to have an effect. We'll be correcting this manually in a moment.
- GHOST_USERNAME: The username for the admin account in Ghost.
- GHOST_PASSWORD: The password for the admin account in Ghost.
- Under "Show more settings", Appdata: This is the path where Ghost's config files will be stored. Write this down for later.
At this point, you should be able to click "Apply" and let the Ghost image install. Once it's done, you can go back to your Docker tab in Unraid GUI and check that the instance actually started.
As before, if it isn't running, you can click the logo and click "Logs". Troubleshooting my Ghost install was my biggest time-sink when going through this myself. The image refused to start or refused to initialize the database.
The former issue was due to me not putting in the GHOST_HOST variable how it wanted. The latter issue was because of me not flushing the database privileges according the steps in the previous section.
# Configuring HTTPS
As stated above, the GHOST_PROTOCOL variable doesn't seem to properly work in the Sycotix Docker image. Luckily, it's quite easy for us to configure this manually.
In Unraid GUI, click the "Terminal" shortcut to open a new terminal inside Unraid.
You'll be presented with a new window which is mostly blank. Here, we will navigate to our Ghost config files, open one in nano, and change one line to make Ghost use HTTPS.
cd /mnt/user/appdata/ghost/ghost ls
Your path may be different from "/mnt/user/appdata/", depending on the settings you have for your array, for the Docker service, or for your Ghost instance. Refer to the path you wrote down in the previous step for Ghost's config files.
"ls" will show us the files inside our current directory. You should see a "config.production.json", like above. This is the file we'll want to edit.
This will open the file in a text editor called "nano". You should see that the "url" line near the top has "http://yourdomain.com" but we want it to be "https://yourdomain.com". Setting it to "https" will tell Ghost to use HTTPS for all of the links is makes automatically.
Use your arrow keys to move the white cursor down to the "url" line and add an "s" after the "http". The line should then look like:
To save the file, press CTRL+O and then ENTER. To exit, press CTRL+X. You can now close the terminal window.
For Ghost to see the change, we need to restart the Docker instance. Navigate back to your Docker tab in Unraid GUI, click the Ghost logo, and click "Restart".
# Configuring Cloudflare
Cloudflare is a Content Delivery Network with a bunch of extra features. In order to make using an SSL certificate easier and to protect our privacy and security when exposing our Unraid server to the Internet, we'll be pointing our new domain at Cloudflare to proxy.
This means Cloudflare's servers will sit between our Unraid server and the wider Internet. Whenever someone visits your domain, they'll be directed to Cloudflare. Cloudflare will then forward requests to our Unraid server and return the response to the visitor. This gives Cloudflare the opportunity to stop bad actors before they reach our Unraid server and hides your real IP.
If you don't already have a Cloudflare account, go ahead and create a new one for free.
# Adding our domain
Once you have a Cloudflare account, it might let you add a domain right away. If not, you can click "Add Site" in the header.
Type your domain name (eg. my-site.com) into the textbox and click the "Add Site" button. Cloudflare should start retrieving information about your domain and present you with instructions, after a moment.
Cloudflare should tell you to replace your domain's existing nameservers with Cloudflare's own nameservers.
Open a new tab to get back wherever you registered your domain. There should be a tab for "DNS" where you can change the nameservers for your domain. For instance, Google Domains has it here, after you click the domain itself:
For Google Domains, you also need to go to the "Custom name servers" tab and click "Switch to these settings" in order to change the nameservers. Click "Manage name servers" and some textboxes will appear where you can paste the ones Cloudflare gave you.
Click "Save" and Google will broadcast the change to the Internet. This process is known as "propagation" and can take anywhere from 30 seconds to 48 hours to reach all the parts of the Internet. If you just set this domain up, it's likely to be quick but there are really no guarantees. In the end, if your domain isn't working, check back every few hours for a few days before looking for other problems.
If you go back to Cloudflare, you can tell it that you changed the nameservers. Cloudflare will begin checking for the change in the background until it sees the correct settings under your domain.
While Cloudflare watches for the change, it may ask you to set up a few default settings for your site. The defaults should be fine but you can make sure any SSL settings are turned on.
You don't need to wait for Cloudflare to say it sees your nameserver settings before you can continue with this tutorial. Just know that you probably won't be able to see your blog until Cloudflare is satisfied with your nameservers.
# Configuring DNS
For Cloudflare to forward Internet requests to your Unraid server, it needs to know what your public IP is. This is the address that your Internet Service Provider gives to you so that you can access the Internet. For instance, you can go to WhatIsMyIPAddress to view your current public IP.
Note: This is NOT the static IP you assigned to your Unraid server at the top of this tutorial. That IP is internal to your home's network. Your router's public IP is an address within the Internet.
In Cloudflare's UI, head to the "DNS" tab. You might see some default entries in the DNS table or it may be empty. Entries in this table tell Cloudflare how to translate requests for "my-domain.com" into a real IP address. In this case, into your public IP address.
If you already have an "A" record, click "Edit" next to it. Otherwise, click "Add record" above the table. Here, we'll want to create a root record for our domain:
Enter your real public IP into the "IPv4 address" field. This will tell Cloudflare how to translate requests into our real IP.
If you have an IPv6 address, repeat this step with an "AAAA" record. If not, skip this step.
Now, this will work if someone types exactly "my-domain.com" into their browser. However, websites typically alias the "www" subdomain to also point at their site. That way, if someone types "www.my-domain.com" into their browser, they reach the same page as before.
Add a "CNAME" record:
Replace "Target" with your real domain. This will alias any request for "www.my-domain.com" to "my-domain.com".
You can repeat this step with any other subdomains you want to use. For instance, I have this blog hosted under a "blog" subdomain, so that I can use the base domain for other things. Just remember that whatever URL you entered into the Ghost config must match what you have in Cloudflare. If you change your mind or make a mistake, use the method in Configuring HTTPS to change Ghost's bound URL and restart the Docker instance.
# Configuring Dynamic DNS
Now, you have Cloudflare pointed at your current public IP. Unfortunately, most residential ISPs in the US offer public IPs through temporary leases, meaning that your public IP may change from day to day. This is a problem for our website, since it means we need to tell Cloudflare about our new public IP every time it changes.
If you're lucky, your ISP will either give you a static IP or offer to give you one if you call/pay for it. In that instance, you can set your public IP in Cloudflare once and leave it. If you do have a static IP from your ISP, you can skip this subsection.
Instead of manually checking your public IP every day and updating Cloudflare's DNS settings whenever it changes, we can use Dynamic DNS (DDNS) to do this for us. There are several ways to set up DDNS. There are 3rd party sites, such as noip.com which can keep a domain up-to-date, usually for a fee. You can install a Docker app in Unraid such as Cloudflare DDNS or ddclient. Or you can set your router to update your Cloudflare DNS directly.
Which option you choose depends on which you have available. If your router offers DDNS, it's the preferred method. Failing that, the Docker method. And then the 3rd party sites are usually a last resort.
For me, I'm using pfSense as my router, which has an easy DDNS service built-in. If you're using pfSense, go to Services > Dynamic DNS, click "Add", set
- "Service Type" to "Cloudflare"
- "Hostname" to "@"
- "Domain name" to your site's base domain (eg. my-site.com)
- "Username" to your Cloudflare username
- "Password" to your Cloudflare API key:
You can get your Cloudflare API key by going to Cloudflare, clicking "My Profile" in the top right corner, and viewing your global API key. If you prefer, you can also create a custom API token just for your DDNS service, for extra security:
Repeat this step with "Service Type" of "Cloudflare (v6)", if you want DDNS for your IPv6 address.
If your router doesn't have DDNS built-in, check out one of the two Docker containers linked above. You can find them in Unraid GUI under the "Apps" tab. They have instructions and many tutorials online for how to set them up with Cloudflare. Just remember that your DDNS Docker app must always be running, or else your domain may point somewhere you don't want it to.
# Creating an origin certificate
Currently, Cloudflare can only service our domain without HTTPS/SSL security. Thankfully, Cloudflare offers us a free SSL certificate specifically for communication between their server and ours.
If you already have something like swag/certbot running on your Unraid server to get custom certificates, you'll still need to follow these steps to use Cloudflare's "origin certificate". The certificate Cloudflare serves to visitors will be their own, however. If you want to use a cert you create yourself, you can't use Cloudflare's free service tier.
Return to Cloudflare and go into the settings for your domain. Then click on "SSL/TLS".
Change the SSL/TLS mode to "Full (strict)" to fully secure communications between Cloudflare and our Unraid server.
Then click on the "Origin Server" sub-tab.
Click "Create Certificate".
Leave the settings as default and click "Create". You'll be presented with two text fields: a certificate and a key.
Copy each of the values into separate text files on your computer. You can name them something like "my-domain.com.pem" for the certificate and "my-domain.com.key" for the key. Make sure the only thing in those files is the value you copy out of these text areas. If there is any other text in the files, you'll get an error later on.
Once you click "OK", you'll never be able to view the key within Cloudflare again. Make sure you don't lose the ".key" file you just made, unless you want to redo these steps and the ones that use the key later. Don't share your ".key" file anywhere online, either, as it could allow a bad actor to trick visitors to your domain.
Remember the locations of these text files for later.
# Installing Nginx Proxy Manager
Right now, if you tried to visit your domain, you'd get an error that there's nothing responding on the other end. Traffic should be flowing through Cloudflare and down to your router. At that point, your router doesn't know you want port 80 and 443 traffic to be sent to Unraid, so it tosses the traffic aside. However, we can't yet set up our port forwarding in the router until we know which ports Unraid wants to receive 80/443 traffic on.
What we need is a proxy that listens for requests coming from your custom domain and can forward that traffic on from Unraid itself to the Ghost app. This proxy app will ultimately listen on ports 1880 and 18443.
Nginx Proxy Manager can do just that. There are other proxies out there, too. For instance, since I'm using pfSense, I could be using HAProxy in my router directly. But I find the Nginx Proxy Manager is simply friendlier to use.
If we navigate back to Unraid GUI and the "Apps" tab to search for "Nginx Proxy Manager", we'll see some results.
I'll be using the image from Djoss for this tutorial but adapt the steps for whichever image you prefer. Click the download icon.
These defaults should all be fine, as long as the ports don't interfere with anything else on your Unraid server. Write down the 1880 and 18443 ports for use later.
Click "Apply" and wait for it to finish. Return to the "Docker" tab and confirm that Nginx Proxy Manager is running.
As before, if there are any issues, click the app's logo and click "Logs" to troubleshoot.
Once it's running fine, click the app's logo and click "WebUI" to enter the Nginx Proxy Manager interface.
The default admin credentials you'll need to enter are documented in the Docker image's GitHub but they are currently:
- Username: [email protected]
- Password: changeme
Once you log in, you can click the profile menu in the top right corner and change both the password and the admin email address, as desired.
# Installing Cloudflare's origin certificate
Once your account settings are changed, click on "SSL Certificates" in the navbar.
Click on "Add SSL Certificate" and select "Custom". Here's where we can enter the details of the certificate that we save from Cloudflare.
- Name: Whatever you want. Typically, the domain to which the certificate belongs. eg. my-domain.com
- Certificate Key: Pick the ".key" file you saved from Cloudflare.
- Certificate: Pick the ".pem" file you saved from Cloudflare.
- Intermediate Certificate: Leave blank.
Click "Save". If there are errors, it is likely that you didn't copy the key or certificate text from Cloudflare correctly. Repeat the steps under Creating an origin certificate and try adding the files here again.
# Creating a proxy host
Next, we need to create the rule that will forward requests from "my-domain.com" to your Ghost app.
Click "Hosts" in the navbar and then click "Proxy Hosts".
In the "Details" tab, we need to enter the rule for what requests to listen for and where to forward them on to.
- Domain Names: Enter the domain you have for Ghost. eg. my-domain.com.
Be sure to hit "Tab" or click the "Add..." menu that appears under the textbox to have the form save your input.
- Scheme: Leave as http. This is the scheme for communication between your docker containers, not between Ghost and the Internet.
- Forward Hostname/IP: Enter Unraid's static IP, not its machine name or an alias.
- Forward Port: The port you set up for Ghost. Default is 2368.
- Cache Assets: You can turn this on if you want. Will cache static assets like images, with some potential but unlikely problems.
- Block Common Exploits: Turn on.
- Websockets Support: Doesn't hurt to turn it on though I don't believe Ghost uses websockets.
- Access List: Leave as "Publicly Accessible".
NB: The "Hostname/IP" field should be your Unraid server's static LAN IP and not a machine name or alias, unless you feel adventurous. This caused me a lot of trouble and using the IP directly was the solution. I have gotten the machine name to work, but only by using my server's fully-qualified alias (eg. unraid.lan) and I don't know how that might work for your network setup.
Don't click "Save", yet. Move to the "SSL" tab.
- SSL Certificate: Click the dropdown and select the certificate you just created in the previous section.
- Force SSL: Might as well turn it on, since you're using SSL here.
- HTTP/2 Support: Turn on. This can help speed up your website for visitors and Cloudflare has it enabled by default on their end.
- HSTS Enabled and HSTS Subdomains: You probably want to leave these off. HSTS tells visitors' browsers that they should remember that your site uses SSL and never let you connect without it. If something goes wrong with your certificate in the future or you have a subdomain you don't want under this SSL cert, you could cause yourself or visitors headaches. For a personal blog, it's not very necessary.
Now, you can click "Save".
At this point, Unraid is ready to receive and route requests for your custom domain.
# Configuring port forwarding for http/https traffic
Before we can actually see our blog online, we need our router to know that we want Internet requests over ports 80 and 443 (HTTP and HTTPS) to be forwarded to our Unraid server. Right now, your router is probably blocking requests over those ports as a security precaution. Even if it isn't, it doesn't know that we want HTTP traffic to go to Unraid vs any other machine on our home network.
The details of how you need to forward those two ports depends on which router you have and if there are any other complexities in your home network. If you go into your router's admin interface, there will usually be a setting called something like "Port Forward" that you can edit.
The import thing is that you sent port 80 traffic to your Unraid server's static IP under port 1880 and port 443 traffic to your Unraid server's static IP under port 18443.
For me, pfSense is my router. You can define Port Forwarding rules under Firewall > NAT > Port Forward. Click "^ Add" (the one that adds rules at the top).
- Interface: WAN
- Protocol: TCP/UDP
- Destination: Any
- Destination port range: HTTP
- Redirect target IP: Your Unraid server's static IP
- Redirect target port: 1880 (the http port you set in your Nginx Proxy Manager app before)
Click "Save" and repeat these steps for "Destination port range" set to "HTTPS" and "Redirect target port" set to "18443".
In pfSense, you have to click "Apply" to restart the firewall and get the new rules working. Most residential routers will simply immediately apply the new port forwarding rules.
Almost done! Before we forget, we should set all of our Docker containers to autostart. That way, if our Unraid server ever restarts, we won't have to log into Unraid GUI and start everything to bring our site back online.
Go the the Docker tab in Unraid GUI. Turn on the "Autostart" toggle beside your three apps:
Also, Unraid starts your Docker apps from top to bottom in the list. You'll want them to be in the order above: MariaDB, then Ghost, then NginxProxyManager. Ghost needs MariaDB to be running before it tries to start.
If you notice that Ghost fails to start whenever you restart Unraid, try clicking the "Basic/Advanced View" toggle at the top of the Unraid tab. It should show a new field beneath each "Autostart" toggle called "wait". By default, the wait time is set to "0" (seconds), meaning all of the apps will try to start at the same time.
Try setting MariaDB's "wait" to something like "10" so that Unraid will start MariaDB, wait 10 seconds, and then start the next item (Ghost).
Type your custom domain into your browser and you should now see your new blog up and running!
If you site isn't visible, check out some of the items under Troubleshooting. There are a lot of differences with everyone's routers and ISPs, so take a deep breath and start looking for more details about similar setups online.
Once your site is visible, you can get to Ghost's admin panel by navigating to "https://my-domain.com/ghost". You should be able to log in with the username and password you typed in when you created your Ghost Docker app. Time to read through some of the default posts Ghost made in your site and the documentation on the Ghost site so you can get to writing posts!
Going forward, remember that you'll need to renew your domain purchase every year (or however often your registrar let you pick). Most registrars let you choose to auto-renew and Google Domains is good about emailing you a bit before they charge you each year.
Also, you'll want to look into ways to keep your Docker images up-to-date in Unraid for the best security and any new features. The Unraid community has a plugin called CA Auto Update Applications which can schedule updates for you automatically. Alternatively, you can update the images manually in the Docker tab of Unraid GUI.
If your site isn't responding at all
- Check that Cloudflare has seen your domain's nameserver changes propagate. Again, it can take up to 48 hours for the whole Internet to see the change.
- Check that your port forwarding rules go from 80->1880 and 443->18443 or whatever ports you set Nginx Proxy Manager to listen to. Make sure you have the correct LAN IP for your Unraid server.
- Ensure that your router isn't blocking traffic on ports 80 and 443. This would be different for every router. pfSense would likely have the rules under Firewall > Rules > WAN.
- Ensure that all your Docker containers are running: Ghost, MariaDB, NginxProxyManager. Turn on the "Autostart" setting beside each Docker app in Unraid to let them start up automatically if your server restarts. Unraid starts Docker apps in order, from top to bottom. Make sure MariaDB starts before Ghost does.
- Ensure that you typed in the correct nameservers from Cloudflare into your domain's DNS settings.
- Ensure that Cloudflare's DNS settings for your domain point the A and/or AAAA records at your real public IP address. Remember, you need to set up DDNS to keep Cloudflare informed of your public IP changes, if you don't have a static IP form your ISP.
If your site is found but you get a security warning
- Check that all your SSL settings are correct in Cloudflare, per this tutorial.
- Ensure that you added the correct origin certificate to Nginx Proxy Manager for your custom domain.
- Ensure that you have the correct certificate selected for your proxy host in Nginx Proxy Manager
If your site worked for a while and then stopped
- Make sure you have DDNS running to keep Cloudflare's DNS updated, if you don't have a static IP from your ISP.
- Ensure that all your Docker containers are running: Ghost, MariaDB, NginxProxyManager. Turn on the "Autostart" setting beside each Docker app in Unraid to let them start up automatically if your server restarts. Unraid starts Docker apps in order, from top to bottom. Make sure MariaDB starts before Ghost does.