Starting CKAN over HTTPs

CKAN uses Nginx and Apache2 by default. However, in order to run CKAN over HTTPs, the best option is using only an Apache server. To do so, first of all we have to stop the Nginx server:

$ sudo service nginx stop

Take into account that the nginx service will start every time you reboot your machine. If you want to avoid this, please execute the following command:

$ sudo update-rc.d -f nginx remove

Once that the nginx server is stopped, we should modify the Apache configuration. First, modify the /etc/apache2/ports.conf file and replace the following two lines:

NameVirtualHost *:8080
Listen 8080

by these ones:

# NameVirtualHost *:8080
# Listen 8080

Then, we have to modify the site configuration. To do so, we have to modify the /etc/apache2/sites-available/ckan_default file and replace it content by the following one:

WSGISocketPrefix /var/run/wsgi
<VirtualHost 0.0.0.0:443>

    ServerName <SERVER_NAME>
    ServerAlias <SERVER_ALIAS>
    WSGIScriptAlias / /etc/ckan/default/apache.wsgi

    # pass authorization info on (needed for rest api)
    WSGIPassAuthorization On

    # Deploy as a daemon (avoids conflicts between CKAN instances)
    WSGIDaemonProcess ckan_default display-name=ckan_default processes=2 threads=15

    WSGIProcessGroup ckan_default

    ErrorLog /var/log/apache2/ckan_default.error.log
    CustomLog /var/log/apache2/ckan_default.custom.log combined

    SSLEngine On
    SSLCertificateFile <PATH_TO_YOUR_CERTIFICATE_FILE>
    SSLCertificateKeyFile <PATH_TO_YOUR_KEY_FILE>

    <Location />
        SSLRequireSSL On
        SSLVerifyClient optional
        SSLVerifyDepth 1
        SSLOptions +StdEnvVars +StrictRequire
    </Location>

</VirtualHost>

Finally, run these commands:

$ sudo a2enmod rewrite
$ sudo a2enmod ssl
$ sudo service apache2 restart

Now you should be able to access your CKAN instance by accessing https://YOUR_HOST