Deployment
From CKAN
Once you have installed CKAN (either with packages or as source) it runs on the local machine. These instructions show you how to 'deploy' CKAN to be accessible over the Internet.
CKAN runs on WSGI, which can be provided by a number of server software. For example:
- modwsgi & Apache
- paster & Apache reverse proxy
- paster & nginx reverse proxy
- uwsgi & nginx
Do not use modpython as it is now obsolete and has been replaced by modwsgi.
Contents |
modwsgi & Apache
This is the standard deployment mechanism.
Create the Pylons WSGI script
Create a file ~/var/srvc/demo.ckan.net/pyenv/bin/demo.ckan.net.py as follows (editing the first couple of variables as necessary):
import os
instance_dir = '/home/USER/var/srvc/demo.ckan.net'
config_file = 'demo.ckan.net.ini'
pyenv_bin_dir = os.path.join(instance_dir, 'pyenv', 'bin')
activate_this = os.path.join(pyenv_bin_dir, 'activate_this.py')
execfile(activate_this, dict(__file__=activate_this))
from paste.deploy import loadapp
config_filepath = os.path.join(instance_dir, config_file)
from paste.script.util.logging_config import fileConfig
fileConfig(config_filepath)
application = loadapp('config:%s' % config_filepath)
Setup Apache with Ckan
Create file /etc/apache2/sites-available/demo.ckan.net as follows:
<VirtualHost *:80>
ServerName demo.ckan.net
ServerAlias demo.ckan.net
WSGIScriptAlias / /home/USER/var/srvc/demo.ckan.net/pyenv/bin/demo.ckan.net.py
# pass authorization info on (needed for rest api)
WSGIPassAuthorization On
ErrorLog /var/log/apache2/demo.ckan.net.error.log
CustomLog /var/log/apache2/demo.ckan.net.custom.log combined
</VirtualHost>
Set path permissions for Apache
Whilst in the ~/var/srvc/demo.ckan.net directory, you need to make sure two Pylons directories exist and are writable by the Apache process:
$ mkdir data sstore
$ chmod g+w -R data sstore
$ sudo chgrp -R www-data data sstore
Configure logging for a sensible place
Where the CKAN logs are stored is set in the CKAN config:
args = ("ckan.log", "a", 20000000, 9)
Apache will try to write the logs to /ckan.log and will no doubt hit permission problems. So change this to something like /var/log/ckan/demo.ckan.net/. Create the directory as follows:
$ sudo -u www-data mkdir -p /var/log/ckan/demo.ckan.net/
temporary files
If you ran CKAN with paster first, then it will probably have created directories with the wrong permissions. Correct this like this:
$ sudo chown www-data:www-data -R /home/okfn/var/srvc/demo.ckan.net/data/*
who.ini config
Also it is necessary to provide who.ini (repoze.who configuration) in a different place:
$ ln -s pyenv/src/ckan/who.ini ./
Also edit the who.ini configuration file to set a secret for the auth_tkt plugin.
Starting Apache
Enable site in Apache:
$ sudo a2ensite demo.ckan.net
Restart Apache:
$ sudo /etc/init.d/apache2 restart
Browse CKAN website at: http://demo.ckan.net/ (assuming you have the DNS setup for this server).
Should you have problems, take a look at the log files specified in your apache config and ckan oconfig. e.g. /var/log/apache2/demo.ckan.net.error.log and /var/log/ckan/demo.ckan.log.
Mounting CKAN at a non-root URL
CKAN (since version 1.6) can run mounted at a 'sub-directory' URL, such as http://mysite.com/data/. This is achieved by changing the WSGIScriptAlias first parameter (in the Apache site config). e.g.:
WSGIScriptAlias /data /home/dread/etc/ckan-pylons.py
CORS
As of CKAN v1.5 CORS is built in to CKAN so for CKAN >= 1.5 no modifications to your webserver config are needed.
CORS = Cross Origin Resource Sharing. It is away to allow browsers (and hence javascript in browsers) make requests to domains other than the one the browser is currently on.
In Apache you can enable CORS for you CKAN site by setting the following in your config:
Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" Header always set Access-Control-Allow-Headers "X-CKAN-API-KEY, Content-Type"
# Respond to all OPTIONS requests with 200 OK
# This could be done in the webapp
# This is need for pre-flighted requests (POSTs/PUTs)
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
Dumps and Backups
(In addition to the instructions here: http://docs.ckan.org/en/latest/database_dumps.html ) Here's you might set-up a daily backup of the full CKAN database:
$ sudo -u www-data crontab -e 00 23 * * * /home/okfn/var/srvc/ckan.net/pyenv/bin/paster --plugin=ckan db dump /var/backups/ckan/ckan.net/ckan.net-`date +"%Y-%m-%d"` --config=/home/okfn/var/srvc/ckan.net/ckan.net.ini && gzip /var/backups/ckan/ckan.net/ckan.net-`date +"%Y-%m-%d"`
