Difference between revisions of "Login-Only Repository"
(→HTTP-only Repository Archive) |
|||
| (17 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | '''* * * MODIFIED APRIL 2025 TO UPDATE INSTRUCTIONS FOR APACHE 2.4.x * * *''' | |
| − | |||
| − | + | This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password. | |
| − | + | The <code>/images</code> and <code>/style</code> directories are deliberately unsecured, so that you can explicitly always view the files in them (you need the CSS + images to render the login page!) | |
| + | |||
| + | This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account. | ||
| + | |||
| + | == HTTP-only Repository Archive == | ||
| + | |||
| + | 1. In <code>[[archives/ARCHIVEID/cfg/lang/en/static/]]</code> rename <code>index.xpage</code> to <code>home.xpage</code>. | ||
| + | |||
| + | 2. Generate static pages to create the file <code>home.html</code> amongst others. | ||
| + | EPRINTS_PATH/bin/generate_static ARCHIVEID | ||
| + | |||
| + | 3. Add the following to <code>[[Apachevhost.conf|archives/ARCHIVEID/cfg/apachevhost.conf]]</code>. (Be sure to substitute <code>EPRINTS_PATH</code>, <code>ARCHIVEID</code> and <code>HOSTNAME</code> as appropriate): | ||
<Location ""> | <Location ""> | ||
| Line 12: | Line 22: | ||
PerlAuthzHandler EPrints::Apache::Auth::authz | PerlAuthzHandler EPrints::Apache::Auth::authz | ||
require valid-user | require valid-user | ||
| − | |||
</Location> | </Location> | ||
| + | |||
| + | <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/images"> | ||
| + | require all granted | ||
| + | </Directory> | ||
| + | |||
| + | <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/style"> | ||
| + | require all granted | ||
| + | </Directory> | ||
| + | |||
| + | <Location "/cgi/reset_password"> | ||
| + | require all granted | ||
| + | </Location> | ||
| + | |||
| + | <Location "/cgi/confirm"> | ||
| + | require all granted | ||
| + | </Location> | ||
| + | |||
| + | <LocationMatch "^/$"> | ||
| + | Redirect / http://HOSTNAME/cgi/users/login?target=/home.html | ||
| + | </LocationMatch> | ||
| − | + | 4. If you did not already have an [[archives/ARCHIVEID/cfg/]]apachevhost.conf then run the following to make sure it is included in your Apache configuration: | |
| − | + | EPRINTS_PATH/bin/generate_apacheconf --system --replace | |
| − | + | ||
| − | + | 5. Restart Apache. | |
| − | + | ||
| + | == HTTPS-only or HTTP and HTTPS Repository Archive == | ||
| + | ''TO BE WRITTEN'' | ||
| + | |||
| + | == Allowing a few things without a password... == | ||
| − | <Directory " | + | If you need to make any other directories available without a password, say the javascript directory, copy the directory directive for the images directory and tweak it: |
| − | + | <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/javascript"> | |
| − | + | require all granted | |
| − | |||
</Directory> | </Directory> | ||
| − | < | + | If you need to make a single file public, for example the RSS/Atom feeds for latest publications, use the following: |
| − | + | <Files "latest_tool"> | |
| − | </ | + | require all granted |
| + | </Files> | ||
| − | + | [[Category:Authentication]] | |
Latest revision as of 12:01, 19 April 2025
* * * MODIFIED APRIL 2025 TO UPDATE INSTRUCTIONS FOR APACHE 2.4.x * * *
This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.
The /images and /style directories are deliberately unsecured, so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)
This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.
HTTP-only Repository Archive
1. In archives/ARCHIVEID/cfg/lang/en/static/ rename index.xpage to home.xpage.
2. Generate static pages to create the file home.html amongst others.
EPRINTS_PATH/bin/generate_static ARCHIVEID
3. Add the following to archives/ARCHIVEID/cfg/apachevhost.conf. (Be sure to substitute EPRINTS_PATH, ARCHIVEID and HOSTNAME as appropriate):
<Location ""> AuthName "Documents Area" AuthType "Basic" PerlAuthenHandler EPrints::Apache::Auth::authen PerlAuthzHandler EPrints::Apache::Auth::authz require valid-user </Location> <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/images"> require all granted </Directory> <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/style"> require all granted </Directory> <Location "/cgi/reset_password"> require all granted </Location> <Location "/cgi/confirm"> require all granted </Location> <LocationMatch "^/$"> Redirect / http://HOSTNAME/cgi/users/login?target=/home.html </LocationMatch>
4. If you did not already have an archives/ARCHIVEID/cfg/apachevhost.conf then run the following to make sure it is included in your Apache configuration:
EPRINTS_PATH/bin/generate_apacheconf --system --replace
5. Restart Apache.
HTTPS-only or HTTP and HTTPS Repository Archive
TO BE WRITTEN
Allowing a few things without a password...
If you need to make any other directories available without a password, say the javascript directory, copy the directory directive for the images directory and tweak it:
<Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/javascript"> require all granted </Directory>
If you need to make a single file public, for example the RSS/Atom feeds for latest publications, use the following:
<Files "latest_tool"> require all granted </Files>
