Login-Only Repository

From EPrints Documentation
Jump to: navigation, search

* * * MODIFIED APRIL 2025 TO UPDATE INSTRUCTIONS FOR APACHE 2.4.x * * *

This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.

The /images and /style directories are deliberately unsecured, so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)

This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.

HTTP-only Repository Archive

1. In archives/ARCHIVEID/cfg/lang/en/static/ rename index.xpage to home.xpage.

2. Generate static pages to create the file home.html amongst others. 

EPRINTS_PATH/bin/generate_static ARCHIVEID

3. Add the following to archives/ARCHIVEID/cfg/apachevhost.conf. (Be sure to substitute EPRINTS_PATH, ARCHIVEID and HOSTNAME as appropriate): 

 <Location "">
   AuthName "Documents Area"
   AuthType "Basic"
   PerlAuthenHandler EPrints::Apache::Auth::authen
   PerlAuthzHandler EPrints::Apache::Auth::authz
   require valid-user
 </Location>

 <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/images">
  require all granted
 </Directory>

 <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/style">
   require all granted
 </Directory>

 <Location "/cgi/reset_password">
   require all granted
 </Location>

 <Location "/cgi/confirm">
   require all granted
 </Location>

 <LocationMatch "^/$">
   Redirect / http://HOSTNAME/cgi/users/login?target=/home.html
 </LocationMatch>

4. If you did not already have an archives/ARCHIVEID/cfg/apachevhost.conf then run the following to make sure it is included in your Apache configuration: 

EPRINTS_PATH/bin/generate_apacheconf --system --replace

5. Restart Apache.

HTTPS-only or HTTP and HTTPS Repository Archive

TO BE WRITTEN

Allowing a few things without a password...

If you need to make any other directories available without a password, say the javascript directory, copy the directory directive for the images directory and tweak it: 

 <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/javascript">
   require all granted
 </Directory>

If you need to make a single file public, for example the RSS/Atom feeds for latest publications, use the following: 

 <Files "latest_tool">
   require all granted
 </Files>
Retrieved from ‘https://wiki.eprints.org/w/index.php?title=Login-Only_Repository&oldid=16759