[ECODP-dev] ODP-206 CKAN SSL setup
John Glover
john.glover at okfn.org
Tue Apr 9 14:13:14 UTC 2013
Hello,
There should be no problem serving the current CKAN instance over SSL.
There are a few different ways that this could be set up, but I think that
the most simple way is to handle the SSL configuration at the proxy (we use
NGINX).
To configure NGINX, you can simply add the following to the server block:
listen 443 ssl;
ssl_certificate <path to cert>;
ssl_certificate_key <path to key>;
ssl_session_cache shared:SSL:10m; # or other suitable cache settings
If this is added in addition to the current config, both http:// and
https:// links can be served.
The only additional change is that a WSGI environment variable must be set
so that CKAN redirects use the correct scheme ("http" or "https" depending
on where the request came from).
To do this with the NGINX and Apache setup, make sure that the
HTTP_X_SCHEME header is passed to the WSGI app by first making sure that
the following directive is included in each NGINX location block:
proxy_set_header X-Scheme $scheme;
Then the WSGI file (/applications/ecodp/users/ecodp/ckan/lib/ecodp/wsgi.py)
must be updated to read this and set the wsgi.url_scheme value.
Examples of working NGINX config and wsgi.py files are attached. Without
NGINX, this wsgi.py file can still be used as long as the scheme is passed
in the correct header to Apache.
Regards,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20130409/8cd7d388/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: default.conf
Type: application/octet-stream
Size: 1495 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20130409/8cd7d388/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wsgi.py
Type: application/octet-stream
Size: 926 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20130409/8cd7d388/attachment-0003.obj>
More information about the ecodp-dev
mailing list