cloud-computing google blogging

Ghost on GAE

Setting up Ghost CMS on Google App Engine, easier done than said

Bas Leenders

Bas Leenders

3 min read
Gemini AI image of an engine in the clouds

As my dear ex-colleague Thomas would say (or, could have said):

Do as I do, I never do as they tell me.

So I didn't. But it still is quite useful to have look at his old post on creating a Ghost blog on Google App Engine:

Ghost blog on App Engine
In this blog we will explore how to host a Ghost blog on Google App Engine.…
DEV CommunityThomas van Latum

So what did I do differently?

  • I brought my own docker file, the one I created for my other blog. It uses a slightly more developed (and maintained!) connector for Cloud Storage.
  • Not sure why, but for me it worked better to put my Ghost website configuration in the app.yaml with env_variables, not in a config.json. This also tracks nicely with my setup of Ghost on Cloud Run.
  • (I have not yet decided which is a better fit, Run or App Engine. So that will be a different topic.)
  • To get the database-connection working with the UNIX socket in stead of the (external) IP address, I used the app engine beta setting. This way you can just put the (same) string in the variable database__connection__socketPath and it's all plug & play.
  • I needed yet another custom theme, because I want to use the tags a lot more. So multi-tasking eh, source-multitag was born. And tweaked, and tweaked again.

Don't publish passwords

Probably I would want to share, or at least store, my app.yaml online. Either way, it would be better to use Google Cloud Secret Manager with GAE, to protect confidential info. I handcrafted a small shell-script to do the legwork for that. So now there's no creds in my repo, yo!

# Copy the input file to a new, temporary file
cp app.yaml secret.app.yaml

# Extract all secret names from the input file, 
# finding placeholders like ${SECRET_NAME}
secret_names=$(grep -o '\${[^}]*}' app.yaml | sed 's/[${}]//g')

for secret_name in $secret_names; do
  # Retrieve the secret value from the Secret Manager
  secret_value=$(gcloud secrets versions access latest --secret=$secret_name)

  # Store the secret value in the temporary deployment file
  sed -i '' "s|\${$secret_name}|$secret_value|g" secret.app.yaml
done

gcloud app deploy secret.app.yaml

# Remove the temporary file after use
rm secret.app.yaml

Shell script for deploying the app, after retrieving the passwords from Secret Manager

Even considering all of the above, it takes very little effort to get this Ghost up in the cloud. Maybe this helps you too? Let me know if you have any questions!

Update (2025-02-11)

I did a few weeks of testing, tweaking, and cost-comparing. Hosting Ghost CMS on GAE was ±3 times more expensive than on Run. The latter is just more modern, more of a 'managed service'. (Also, I talked to Thomas.) All good reasons to migrate this site from Apple Engine to Google Cloud Run. Reusing the container was easy, and creating the Cloud Run Service was too, since I had done it all before.

So the move to Cloud Run was very low effort, and any maintenance will now be even easier. There may have been a little downtime between the new domain mapping kicking out the previous one, and the Run service picking it up. For those who noticed: συγνώμη λίγο. And for all of you reading this: enjoy Cloud Run! (And see my custom Ghost container on Git.)

Read more