[ckan-dev] CKAN not working over HTTPS/SSL
Nigel Babu
nigel.babu at okfn.org
Thu Nov 27 10:20:41 UTC 2014
Aha, this is precisely the subtle bug I've noticed with configuring a
server that I've found in the past.
I do not know what's the Apache equivalent for this line, but you need to
send a header from your proxy server to the app. The header is called
"X-Forwarded-Proto" and it's value should be the current scheme. I've done
this with Nginx in the configuration
<https://gist.github.com/nigelbabu/076ad12c13b2071de8e1#file-ckan_nginx-conf-L33>
I linked you to already.
Nigel Babu
Senior Sysadmin, Open Knowledge
On 26 November 2014 at 10:52, Rene Pietzsch <rpietzsch at brox.de> wrote:
> Hello Nigel, hello Andrew,
>
> thanks for your mails and information.
>
> We are running 2.2.1 docker-ized.
> Apache and nginx config is here
> https://github.com/eccenca/ckan-docker/tree/develop/contrib/docker
>
> On the docker host we are running a apache as reverse proxy that takes
> request on ports 80 (redirected to https) and 443.
>
> <VirtualHost *:80> ServerName hostname.example.com Redirect permanent / https://hostname.example.com/
> </Virtualhost>
> <VirtualHost *:443>
> ServerName hostname.example.com
> Options FollowSymLinks
> HostnameLookups Off
> ProxyRequests Off
> ProxyPreserveHost On
> SSLEngine on
> SSLCertificateFile /etc/apache2/ssl/server.cer
> SSLCertificateKeyFile /etc/apache2/ssl/server.key
> ServerAdmin administration at example.com
> ProxyPass / http://localhost:81/
> ProxyPassReverse / http://localhost:81/
> ErrorLog ${APACHE_LOG_DIR}/hostname.example.com.error.log
> LogLevel warn
> CustomLog ${APACHE_LOG_DIR}/hostname.example.com.access.log combined
> </VirtualHost>
>
> Everything worked fine except the mixed-content warning on the
> language resource file and the reclinepreview (e.g. on CSV files).
>
> We implemented the following workaround:
> https://github.com/eccenca/ckan/commit/9ded23a6aa0a5642822b2ea6d800dd4fb8033ae1
>
> But I’d like to run it without any modification if it is just a matter of
> configuration.
>
> Regards, René
>
>
>
> Am Dienstag, 25. November 2014 um 12:49 schrieb Nigel Babu:
>
> Can you send your Apache and Nginx configuration, please?
>
> It's incredibly hard to do any sort of debugging without it. I'd also
> recommend taking a look at this gist:
> https://gist.github.com/nigelbabu/076ad12c13b2071de8e1
>
> Nigel Babu
> Senior Sysadmin, Open Knowledge
>
> On 18 November 2014 at 15:42, Rene Pietzsch <rpietzsch at brox.de> wrote:
>
> Hello all,
>
> we are currently trying to setup a ckan (2.2.1) instance to work via
> https/ssl and we are facing some mixed-content issues namely for
>
> - http://<hostname>/api/i18n/de
> - and ressources, e.g.: http://
> <hostname>/dataset/c1d182a1-91c8-4b12-9bc1-de417ff10521/resource/64823ec4-5039-4d43-94d4-b46a540e9dfe/preview
>
> Can you point me to some information/documentation on how to configure
> ckan and apache correctly? Or is ckan currently not capable of fully
> working over https?
>
> I came cross this discussion:
> https://lists.okfn.org/pipermail/ckan-dev/2014-April/007355.html which
> says it is working, so I hope that someone can describe on how to get
> a proper configuration.
>
> Many thanks in advance and kind regards,
>
> René
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20141127/29a77568/attachment-0003.html>
More information about the ckan-dev
mailing list