Setting up a Jekyll server with Apache reverse proxy

OK, this site runs as a Jekyll blog, so how do we do that?

First, we install Jekyll at the intended server, for Ubuntu:

sudo apt-get install ruby-full build-essential zlib1g-dev

Then, we add a designated user to run the blog:

sudo useradd jekyll

After that, we export some necessary variables for the next step:

sudo -i
su - jekyll
export GEM_HOME="/home/jekyll/gems"
export PATH="home/jekyll/gems/bin:$PATH"

To complete the Jekyll installation, we install the necessary Ruby components. Be sure that you are user jekyll and inside the /home/jekyll directory:

gem install jekyll bundler

Then, we create a new blog:

jekyll new blog

Finally, we have to create the service unit file as /lib/systemd/system/jekyll.service:

[Unit]
Description=Jekyll service
After=syslog.target
After=network.target

[Service]
# Added solution -- add WorkingDirectory to directory where you clone your markdown files for Jekyll to render
WorkingDirectory=/home/jekyll/blog
# Name of the user account that is running the Jekyll server
User=jekyll
Type=simple
# Location (source) of the markdown files to be rendered
ExecStart=/usr/bin/bash /home/jekyll/start.sh
Restart=always
StandardOutput=journal
StandardError=journal
SyslogIdentifier=jekyll

[Install]
WantedBy=multi-user.target

where the start.sh script reads as

export GEM_HOME='/home/jekyll/gems' 
export PATH='/home/jekyll/gems/bin:$PATH'

cd /home/jekyll/blog 
export BUNDLE_GEMFILE='/home/jekyll/blog/Gemfile' 
bundle exec jekyll serve --host 127.0.0.1 --port 4000 

For automated start on boot, we have to link this service under /etc/systemd/system/multi-user.target.wants:

cd /etc/systemd/system/multi-user.target.wants
sudo ln -s /lib/systemd/system/jekyll.service .
sudo systemctl daemon-reload

For now, we can start the service manually by sudo service jekyll start.

For the proxy configuration to work, we want to be sure to have proxy functionality enabled:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo systemctl restart apache2

So, our Jekyll blog server is at present running at port 4000 localhost.
To publish it, we have to amend the Apache configuration as follows.

/etc/apache2/sites-available/blog.example.com.conf:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName blog.example.com
    ServerAlias blog.example.com

    ProxyPass / http://127.0.0.1:4000/
    ProxyPassReverse / http://127.0.0.1:4000/

    ErrorLog ${APACHE_LOG_DIR}/blog.example.com.error.log
    CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined
</VirtualHost>

Now it’s time to restart the web server:

sudo service apache2 restart

Then, given that certbot is installed, run

certbot --apache -d blog.example.com

in order to create a SSL-encrypted site.

That’s it! Now we have a Jekyll blog running SSL encrypted behind an Apache reverse proxy.

This post was updated 2023-11-19 to fix/clarify some service related details.