Another option would be to just put haproxy in front of Ghost, and have haproxy handle the SSL termination.