It was easy enough to add the provider, and provisioning would run without errors, but nginx would return bad gateway errors whenever trying to proxy to Ghost. Checking the nodejs Ghost process, it thought it was up and running ok. Trying to access the Ghost port (2368) however, didn't play so nicely and wouldn't connect.

After a bit a of troubleshooting, it turns out that the AWS CentOS 7 AMI has SELinux (Security Enhanced Linux) enabled, whereas it is disabled in the Digital Ocean image. SELinux has a preconfigured list of HTTP ports that it allows connectivity on and 2368 was not one of these and so it was being blocked.

(To be fair, SELinux being enabled is mentioned in the AMI notes, but I missed it...)

So, to make it work it was necessary to add 2368 to the list of allowed http ports. This can be done via semanage using:

semanage port -a -t http_port_t  -p tcp 2368  

(It would also have been possible to disable SELinux by editing /etc/selinux/config and setting SELINUX=disabled and then performing a reboot, but building a reboot into a vagrant provisioning sequence would be a pain, and for a prod box it would be nice to leave SELinux enabled anyway.)

Some simple commands that can help you trying to troubleshoot an issue like this:

Find out whether SELinux is running and its status:

sestatus  

Find things that SELinux is impacting:

cat /var/log/messages | grep "SELinux"  

List the configured ports in SELinux:

semanage port -l  

produces output (filtered for http) like:

http_port_t   tcp  80, 81, 443, 488, 8008, 8009, 8443, 9000  

If you want further info the following are useful:

• Introduction to SELinux on CentOS7 - 3 part tutorial series by Digital Ocean on how to use it - well worth a read if you are going to leave SELinux on
• http://wiki.centos.org/HowTos/SELinux - the CentOS howto on SELinux (though at the time of writing, this didn't appear to have been updated for CentOS7)

Using yum-cron in Centos 7, you also have the flexibility to specify what level of upgrades you want applied, eg: all updates, security updates, minimal security updates, etc. For stability on your production servers you'll probably only want to go with security updates, but on dev servers where it's not as much of an issue just go with all.

Install with yum -y install yum-cron and then edit the file /etc/yum/yum-cron.conf to set your options. Some of the options you'll want to change (the file is well commented to indicate what the options available are):

update_cmd = security  
download_updates = yes  
apply_updates = yes  

Don't forget to make sure it's started and running:

systemctl restart yum-cron  
systemctl status yum-cron  

There's a good description of how to get going with yum-cron at linuxaria with more details on the configuration options available.

Centos 7 uses systemd rather than the older /etc/init.d method of managing services and daemons, so it could be a little bit of a change from what you're used to (and a source of a little controversy).

systemd uses service files (unit definitions) that declaratively capture the expected behaviour of an application (eg: how to start/stop, automatic restart behaviour upon failure, etc) as its native method of configuration.

nginx comes with a systemd unit definition (see: /usr/lib/systemd/system/nginx.service), so if you've installed from the standard repos using yum, you should be able to start, stop, restart & check status nginx using the following (as root or via sudo):

systemctl start nginx  
systemctl stop nginx  
systemctl restart nginx  
systemctl status nginx  

If you install Ghost by using the zip file installer then you will need to provide a unit definition for Ghost so it can be managed by systemd. An example of a unit definition is below (change user, group, paths to ghost as appropriate for your installation). Create the unit definition as:

/etc/systemd/system/ghost.service

[Service]
ExecStart=/usr/bin/node /ghost/index.js  
Restart=always  
StandardOutput=syslog  
StandardError=syslog  
SyslogIdentifier=ghost  
User=ghost  
Group=ghost  
Environment=NODE_ENV=production

[Install]
WantedBy=multi-user.target  

Once you've created the ghost.service file you'll be able to manage ghost in the same way as nginx, ie:

systemctl start ghost  
systemctl stop ghost  
systemctl restart ghost  
systemctl status ghost  

Note that having Restart=always set in the unit definition means that if the node.js process running ghost dies for any reason, then systemd will automatically restart it.

For more detailed information on how to use systemd (enabling/disabling services, auditing, logging, etc), some useful references include:

• RHEL7 - How to get started with systemd - Practical advice on starting, stopping, logging, etc.
• Overview of systemd for RHEL7 - Redhat's article on systemd