我正在设置CKAN v2.7.2(使用Apache Web服务器在HTTPs下提供),并希望使用Nginx(版本1.13.3)-反向代理Web服务器进行访问。它需要在/ ckan安装点上安装ckan,因此在ckan.ini文件中添加了以下内容
ckan.root_path = /ckan/{{LANG}}
此外,我只能使用Nginx访问CKAN。虽然将CKAN设置为Nginx,但使用Nginx反向代理服务器时,安装程序无法正常工作,而基本CKAN(即不使用Nginx的情况下,效果很好):
我无法成功查看私有数据集,而公共数据集运行得很好。
我的CKAN Apache日志为:
[Fri Jan 11 06:21:46.242529 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,242 DEBUG [ckan.logic] check access OK - dashboard_activity_list user=admin
[Fri Jan 11 06:21:46.283912 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,283 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/snippets/home_breadcrumb_ item.html[jinja2]
[Fri Jan 11 06:21:46.285169 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,285 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/package/snippets/ resources.html [jinja2]
[Fri Jan 11 06:21:46.292565 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,292 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/snippets/social.html [jinja2]
[Fri Jan 11 06:21:46.294569 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,294 DEBUG [ckan.logic] check access OK
- package_update user=admin
[Fri Jan 11 06:21:46.295155 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,295 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckanext/datastore/templates/package/snippets /data_api_button.html [jinja2]
[Fri Jan 11 06:21:46.299369 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,299 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/package/snippets/ resource_views_list.html [jinja2]
[Fri Jan 11 06:21:46.307521 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,307 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/package/snippets/ resource_views_list_item.html [jinja2]
[Fri Jan 11 06:21:46.314911 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,314 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/package/snippets/ resource_view.html [jinja2]
[Fri Jan 11 06:21:46.338195 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,338 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/snippets/license.html [jinja2]
[Fri Jan 11 06:21:46.339502 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,339 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/package/snippets/ resources.html [jinja2]
[Fri Jan 11 06:21:46.340241 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,340 DEBUG [ckan.lib.base] rendering /usr/lib/ckan/default/src/ckan/ckan/templates/snippets/social.html[jinja2]
[Fri Jan 11 06:21:46.341363 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,341 DEBUG [ckan.lib.base] rendering usr/lib/ckan/default/src/ckan/ckan/templates/snippets/ language_selector.html [jinja2]
[Fri Jan 11 06:21:46.345452 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,345 INFO [ckan.lib.base] /dataset/vfvfvfv/resource/1db088cc-2805-4c20-887c-f2f2ed91630e render time
0.209 seconds
[Fri Jan 11 06:21:46.438541 2019] [wsgi:error] [pid 2178:tid 139975710496512] 2019-01-11 06:21:46,438 DEBUG [ckan.config.middleware.pylons_app] Pylons route match: {'url': u'base/images/nav-active.png', 'action': u'view', 'controller': u'template'} Origin: core
[Fri Jan 11 06:21:46.438661 2019] [wsgi:error] [pid 2178:tid 139975710496512] 2019-01-11 06:21:46,438 DEBUG [ckan.config.middleware] Route support answers for GET /base/images/nav-active.png: [(False, 'flask_app'), (True, 'pylons_app', 'core')]
[Fri Jan 11 06:21:46.438755 2019] [wsgi:error] [pid 2178:tid 139975710496512] 2019-01-11 06:21:46,438 DEBUG [ckan.config.middleware] Serving request via pylons_app app
[Fri Jan 11 06:21:46.447920 2019] [wsgi:error] [pid 2179:tid 139975718889216] 2019-01-11 06:21:46,447 DEBUG [ckan.config.middleware.pylons_app] Pylons route match: {'lang': u'en', 'action': u'i18n_js_translations', 'controller': u'api', 'ver': u'/1'} Origin: core
[Fri Jan 11 06:21:46.448081 2019] [wsgi:error] [pid 2179:tid 139975718889216] 2019-01-11 06:21:46,448 DEBUG [ckan.config.middleware] Route support answers for GET /api/i18n/en: [(False, 'flask_app'), (True, 'pylons_app', 'core')]
[Fri Jan 11 06:21:46.448141 2019] [wsgi:error] [pid 2179:tid 139975718889216] 2019-01-11 06:21:46,448 DEBUG [ckan.config.middleware] Serving request via pylons_app app
**[Fri Jan 11 06:21:46.450241 2019] [wsgi:error] [pid 2179:tid 139975718889216] 2019-01-11 06:21:46,450 DEBUG [ckan.logic] check access OK
- site_read user=
[Fri Jan 11 06:21:46.453059 2019] [wsgi:error] [pid 2179:tid 139975718889216] 2019-01-11 06:21:46,453 INFO [ckan.lib.base] /api/i18n/en render time 0.003 seconds
[Fri Jan 11 06:21:46.503467 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,503 DEBUG [ckan.config.middleware.pylons_app] Pylons route match: {'action': u'resource_view', 'view_id': u'a663fdda-ce6f-4ac2-b872-a646f488feff', 'controller': u'package', 'id': u'vfvfvfv', 'resource_id': u'1db088cc-2805- 4c20-887c-f2f2ed91630e'} Origin: core
[Fri Jan 11 06:21:46.503593 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,503 DEBUG [ckan.config.middleware] Route support answers for GET /dataset/vfvfvfv/resource/1db088cc-2805-4c20- 887c-f2f2ed91630e/view/a663fdda-ce6f-4ac2-b872-a646f488feff: [(False, 'flask_app'), (True, 'pylons_app', 'core')]
[Fri Jan 11 06:21:46.503652 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,503 DEBUG [ckan.config.middleware] Serving request via pylons_app app
**[Fri Jan 11 06:21:46.511546 2019] [wsgi:error] [pid 2178:tid 139975718889216] 2019-01-11 06:21:46,511 DEBUG [ckan.logic] check access NotAuthorized - package_show user= "User not authorized to read package 1c10b0c0-2a2b-46e1-abc5-ff61f6794f8c"
此外,我认为在查看私有数据集时,我的请求从Nginx发送给 admin 用户的Apache Web服务器,该用户尚未登录,因此无法找到该私有资源,因此在上方显示找不到错误404 。
以**开头的日志是不显示资源的原因,而在上述某些地方的check_access日志中,则显示 user = admin 。仅在此身份验证时,没有用户(admin是ckan上的sysadmin用户)
Nginx中用于CKAN的Default.conf
proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache_ckan:30m max_size=250m;
proxy_temp_path /tmp/nginx_proxy 1 2;
server {
listen 443;
server_name localhost;
real_ip_header X-Forwarded-For;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options SAMEORIGIN;
ssl on;
ssl_certificate /etc/nginx/cert/nginx.crt;
ssl_certificate_key /etc/nginx/cert/nginx.key;
ssl_protocols TLSv1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!SHA1;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
# maintenance
error_page 503 @503_error;
set $maintenance false;
if (-f /etc/nginx/maintenance/maintenance.txt) {
set $maintenance true;
}
if ($allow_ip_flag) {
set $maintenance false;
}
location = /maintenance.html {
if ($maintenance = false) {
return 404;
}
}
if ($maintenance = true) {
return 503;
}
location @503_error {
root /etc/nginx/maintenance/html;
internal;
expires 0;
set $mainte_503 O;
if ($request_method != GET) {
set $mainte_503 T;
}
if ($maintenance = true) {
set $mainte_503 "${mainte_503}R";
}
if ($mainte_503 = TR) {
return 503;
}
if ($mainte_503 = OR) {
rewrite ^(.*)$ /maintenance.html break;
}
if ($maintenance = false) {
return 503;
}
}
location /ckan/ {
proxy_pass https://ckan-base-app-ip:5000;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header Host $host;
# rewrite ^/ckan/ckan/(.*) /ckan/$1 permanent;
if ($args ~* "(.*)&csrfpId=([^&]*)(.*)") {
set $args $1$3;
}
proxy_cache cache_ckan;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 10m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
limit_rate 25M;
#limit_req zone=ckan burst=100 nodelay;
}
location /css/ngsi_icons.css {
proxy_pass https://ckan-base-app-ip:5000/css/ngsi_icons.css;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header Host $host;
proxy_cache cache_ckan;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 10m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
limit_rate 25M;
# #limit_req zone=ckan burst=100 nodelay;
}
location /images/sprite-resource-icons2.png {
proxy_pass https://ckan-base-app-ip:5000/ckan/images/sprite-resource-icons2.png;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header Host $host;
proxy_cache cache_ckan;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 10m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
limit_rate 25M;
#limit_req zone=ckan burst=100 nodelay;
}
location /ckan/api/i18n/en/{
if ($request_uri !~* datastore_create|datastore_search|resource_show|datapusher_hook){
return 403;
}
proxy_pass https://ckan-base-app-ip:5000/api/i18n/en;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header Host $host;
proxy_cache cache_ckan;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 10m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
limit_rate 25M;
#limit_req zone=ckan burst=100 nodelay;
}
}
我无法像使用Nginx进行设置时那样,设置使我的设置正常工作所需的所有标头。我认为问题出在Nginx而非CKAN上,所以我应该将所有标头包含在其中Nginx要成功运行它??