OCL - Various tweaks for production on AWS & certbot additions #14
Conversation
Tweaked the default.conf Added home path in ubuntu user folder for production Docker run for nginx and mounting the ssl certs Create sysadmin admin added bash script
|
|
||
| # Collaborators extension | ||
| RUN ckan-pip install git+https://github.com/okfn/[email protected] | ||
| #RUN ckan-pip install git+https://github.com/okfn/ckanext-collaborators.git |
There was a problem hiding this comment.
Can go if we're getting dataset level permissions in 2.9
bin/run_ckan.sh
Outdated
| #docker exec ckan /usr/local/bin/ckan-paster --plugin=ckanext-collaborators collaborators init-db -c /etc/ckan/production.ini | ||
|
|
||
| # Create Sysadmin | ||
| docker exec -it ckan /usr/local/bin/ckan-paster --plugin=ckan sysadmin -c /etc/ckan/production.ini add johndoe |
There was a problem hiding this comment.
Yeah, got that off the CKAN docs
|
|
||
| # sudo certbot certonly --standalone -d <FQDN e.g. data.demo.com> | ||
| docker run -d --restart always -v /etc/letsencrypt:/etc/nginx/certs:z -v /home/ubuntu/Data-Portal/config/default.conf:/etc/nginx/conf.d/default.conf --network ckan --name ckan-proxy -p 443:443 -p 80:80 nginx |
There was a problem hiding this comment.
I'm not keen for the gateway proxy to live in the CKAN setup script, mostly for security reasons.
Ideally, we would spin up ckan, run some sort of local readiness test, then run proxy setup script. Will you please move proxy setup into its own script, please
| @@ -6,7 +6,7 @@ server { | |||
| } | |||
|
|
|||
| server { | |||
| server_name ckan.arbidata.com; | |||
| server_name cct.opencitieslab.org; | |||
There was a problem hiding this comment.
I think we might have to look at some templating for this file, and the production.ini one - you can do some rudimentary stuff with SED, or go a little fancier with a jinja based setup.
Any preference?
| @@ -57,7 +57,7 @@ ckan.datastore.default_fts_index_method = gist | |||
|
|
|||
| ## Site Settings | |||
|
|
|||
| ckan.root_path = /data-catalogue/{{LANG}} | |||
| #ckan.root_path = /home/ubuntu/ckan/{{LANG}} | |||
There was a problem hiding this comment.
See earlier comment about potential for templating
|
I've borrowed quite liberally from this branch, and addressed some of my concerns above in wip/docker-s3. Might be an idea to rebase against it, sort out the merge conflicts, and see where you are after that? |
No description provided.