[ECODP-dev] Deprecating Nginx and having SSL logins as before

Dimitrios Mexis dimitrios.mexis at tenforce.com
Tue Jul 23 10:04:21 UTC 2013


Attached are the conf files, trying to work with only apache in replacement
of nginx. Since they come from development machine, SSL is broken for the
part of login.

Below, on mail body, there are some of the lines cut out to be easily read.

Side effect: what I have understood so far, is that we need to have two
seperate processes wsgi for ssl and for non-ssl sessions. I don't know if
that is the optimal.
Second, and more interesting, despite my efforts, I saw that there is a
unique redirection of CKAN to http when the login takes place. So that led
me to the conclusion, that Nginx works like a shell for the login operation
in SSL.

Also with David, it was confirmed this behavior, in a very elementary
Out of this discussion, I think it would be great if we could have a
configuration sort of, that for specific logins, for example, publishers
and user system adminsitrators,  CKAN would connect through SSL, without
tweaking apache or nginx rules.

I believe the steps are two:
First step is to remove nginx, as it is sort of regression in our
deliveries. Partially I have done it.
Second step to make a solid the login process through ssl and the view of
site from normal http operation.

RewriteEngine on
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 9
RewriteRule ^/(..)/data($|/(!user(.*)))$ /data/$1/$3 [L,C,QSA,PT]
RewriteRule ^/(..)/data/(.*) https://%{HTTP_HOST}/data/$1/$2 [QSA,R=301,L]

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://%{HTTP_HOST}${REQUEST_URI} [R,L]

RewriteEngine on
#RewriteRule ^/(..)/data($|/(.*))$ /data/$1/$3 [L,QSA,PT]
RewriteLog "/var/log/httpd/rewrite_ssl.log"
RewriteLogLevel 3
RewriteRule ^/(..)/data($|/(.*))$ https://%{HTTP_HOST}/data/$1/$3

Kind regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20130723/3e9a4544/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecodp.conf
Type: application/octet-stream
Size: 3986 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20130723/3e9a4544/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: httpd.conf
Type: application/octet-stream
Size: 35019 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20130723/3e9a4544/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl.conf
Type: application/octet-stream
Size: 10973 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20130723/3e9a4544/attachment-0005.obj>

More information about the ecodp-dev mailing list