Skip to content

Starting CKAN over HTTPs using Apache

Jump to bottom
Aitor Magán García edited this page Aug 28, 2014 · 12 revisions

CKAN uses Nginx and Apache2 by default. However, in this case you will learn how to deploy a CKAN over HTTPs using only an Apache server (Nginx is only used as a cache server, so do not worry). To do so, first of all you have to stop the Nginx server:

$ sudo service nginx stop

Take into account that the nginx service will start every time you reboot your machine. If you want to avoid this, please execute the following command:

$ sudo update-rc.d -f nginx remove


Once that the Nginx server is stopped, we should modify the Apache configuration. First, modify the file `/etc/apache2/ports.conf` and replace the following two lines:

NameVirtualHost *:8080 Listen 8080


by these ones:

CKAN

NameVirtualHost *:443 Listen 443


Then, we have to modify the site configuration. To do so, open the file `/etc/apache2/sites-available/ckan_default` and replace its content by the following one:

WSGISocketPrefix /var/run/wsgi <VirtualHost 0.0.0.0:443>

ServerName <SERVER_NAME>
ServerAlias <SERVER_ALIAS>
WSGIScriptAlias / /etc/ckan/default/apache.wsgi

# pass authorization info on (needed for rest api)
WSGIPassAuthorization On

# Deploy as a daemon (avoids conflicts between CKAN instances)
WSGIDaemonProcess ckan_default display-name=ckan_default processes=2 threads=15

WSGIProcessGroup ckan_default

ErrorLog /var/log/apache2/ckan_default.error.log
CustomLog /var/log/apache2/ckan_default.custom.log combined

SSLEngine On
SSLCertificateFile <PATH_TO_YOUR_CERTIFICATE_FILE>
SSLCertificateKeyFile <PATH_TO_YOUR_KEY_FILE>

<Location />
    SSLRequireSSL On
    SSLVerifyClient optional
    SSLVerifyDepth 1
    SSLOptions +StdEnvVars +StrictRequire
</Location>
```

Optionally, you can create a second server listening on the port 80 (HTTP) to redirect users automatically to the secure version. To achieve this, add the following content to the file /etc/apache2/ports.conf:

NameVirtualHost *:80
Listen 80

and the next lines to the file /etc/apache2/sites-available/ckan_default:

# Redirection to the secure version
<VirtualHost 0.0.0.0:80>
    ServerName <SERVER_NAME>
    Redirect permanent / https://<SERVER_NAME>/
</VirtualHost>

Finally, run these commands:

$ sudo a2enmod ssl
$ sudo service apache2 restart

Now you should be able to access your CKAN instance by accessing https://YOUR_HOST

  1. Activating & Installing the plugin
  2. Starting CKAN over HTTPs
  3. Starting CKAN over HTTPs using Apache
  4. Starting CKAN over HTTPs using Nginx
  5. Starting CKAN over HTTPs using Apache and Nginx
  6. How it works?
Clone this wiki locally