Using the default setup and installation of Ghost from Bitnami in Amazon Lighsail, it will deliver pages via https, but images will be served over http, resulting in browsers rightfully complaining the page connection is not secure.

Inside of the post creation portion of Ghost, you can upload an image. It then proceeds to deliver this image over HTTP... The bitnami deployment has Ghost sitting behind Apache http server. There is a 307 redirect that delivers the correct HTTPS data. But why does this happen?

Ghost is set up to run on http://domain:80 with Apache httpd redirecting 443 traffic to this endpoint. If you change Ghost's setting to https://domain, you will get an infinite redirect.

Googling this back in February, I did not come across anything particularly helpful. Upon revisiting this issue recently, I found several helpful links.

To solve this problem you have to change two pieces:

Forward the protocol https from apache to ghost in bitnami.conf

<VirtualHost _default_:443>
  RequestHeader set X-Forwarded-Proto "https"

Update Ghost's url to https in config.production.json

  "url": ""

I am perplexed as to why this isn't the default setting in the Bitnami Ghost image.