Starting CKAN over HTTPs using Nginx

Nginx is used together with CKAN in order to get a cache system. If you don't want to use this cache system, you can also start a CKAN instance using only a Nginx server. To do so, first of all, you need to disable the Apache CKAN instance. You can do it by running the following command:

$ sudo a2dissite ckan_default

Once that the site has been disabled, enter your virtuanenv and install uwsgi:

$ pip install uwsgi

Then, edit your file production.ini, located generally in etc/ckan/default and add the following lines at the end:

[uwsgi]
socket = /tmp/ckan_socket.sock
master = true
processes = 1

Now, you have to execute the following command to start the uWSGI process. Take into account that you must run this command with enough privileges:

$ uwsgi --ini-paste /etc/ckan/default/production.ini --chmod-socket=666

Once that the uWSGI process is running, you have to edit the Nginx sites configuration. To do so, please edit the file /etc/nginx/sites-available/ckan and replace its content by the following one:

uwsgi_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;

server {
    listen 80;
    server_name <YOUR_SERVER_NAME>;
    rewrite ^ https://$server_name$request_uri? permanent;
}

server {

    listen 443;
    ssl on;
    ssl_certificate <PATH_TO_YOUR_CERTIFICATE_FILE>;
    ssl_certificate_key <PATH_TO_YOUR_KEY_FILE>;

    client_max_body_size 100M;
    location / {

        include uwsgi_params;
        uwsgi_pass unix:///tmp/ckan_socket.sock;
        uwsgi_param SCRIPT_NAME '';
        uwsgi_param UWSGI_SCHEME $scheme;

        # Cache stuff
        uwsgi_cache cache;
        uwsgi_cache_bypass $cookie_auth_tkt;
        uwsgi_no_cache $cookie_auth_tkt;
        uwsgi_cache_valid 30m;
        uwsgi_cache_key $host$scheme$proxy_host$request_uri;

    }

}

Finally, reload your Nginx server in order to read the new configuration:

$ sudo service nginx reload

That's all! You will be able now to access your CKAN instance via HTTPs.