Difference between revisions of "Login-Only Repository"

From EPrints Documentation
Jump to: navigation, search
(HTTP-only Repository Archive)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
'''* * * MODIFIED APRIL 2025 TO UPDATE INSTRUCTIONS FOR APACHE 2.4.x * * *'''
 +
 
This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.
 
This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.
  
The /images and /style directories are deliberately unsecured so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)
+
The <code>/images</code> and <code>/style</code> directories are deliberately unsecured, so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)
  
 
This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.
 
This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.
  
1. In [[archives/ARCHIVEID/cfg/lang/en/static/]] rename index.xpage to home.xpage
+
== HTTP-only Repository Archive ==
 +
 
 +
1. In <code>[[archives/ARCHIVEID/cfg/lang/en/static/]]</code> rename <code>index.xpage</code> to <code>home.xpage</code>.
  
2. Run bin/generate_static to generate the home.html file (and others).
+
2. Generate static pages to create the file <code>home.html</code> amongst others.
 +
EPRINTS_PATH/bin/generate_static ARCHIVEID
  
3. Add the following to [[archives/ARCHIVEID/cfg/]]apachevhost.conf (use your site URL in the last bit and replace ARCHIVEID):
+
3. Add the following to <code>[[Apachevhost.conf|archives/ARCHIVEID/cfg/apachevhost.conf]]</code>. (Be sure to substitute <code>EPRINTS_PATH</code>, <code>ARCHIVEID</code> and <code>HOSTNAME</code> as appropriate):
  
 
   <Location "">
 
   <Location "">
Line 17: Line 22:
 
     PerlAuthzHandler EPrints::Apache::Auth::authz
 
     PerlAuthzHandler EPrints::Apache::Auth::authz
 
     require valid-user
 
     require valid-user
    AuthName "Documents Area"
 
 
   </Location>
 
   </Location>
 
   
 
   
   <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/images">
+
   <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/images">
    order allow,deny
+
  require all granted
    allow from all
 
    satisfy any
 
 
   </Directory>
 
   </Directory>
 
   
 
   
   <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style">
+
   <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/style">
     order allow,deny
+
     require all granted
    allow from all
 
    satisfy any
 
 
   </Directory>
 
   </Directory>
 
   
 
   
 
   <Location "/cgi/reset_password">
 
   <Location "/cgi/reset_password">
     order allow,deny
+
     require all granted
    allow from all
 
    satisfy any
 
 
   </Location>
 
   </Location>
 
   
 
   
 
   <Location "/cgi/confirm">
 
   <Location "/cgi/confirm">
     order allow,deny
+
     require all granted
    allow from all
 
    satisfy any
 
 
   </Location>
 
   </Location>
 
   
 
   
 
   <LocationMatch "^/$">
 
   <LocationMatch "^/$">
     Redirect / http://myarchive.ac.uk/cgi/users/login?target=/home.html
+
     Redirect / http://HOSTNAME/cgi/users/login?target=/home.html
 
   </LocationMatch>
 
   </LocationMatch>
  
4. Restart Apache.
+
4. If you did not already have an [[archives/ARCHIVEID/cfg/]]apachevhost.conf then run the following to make sure it is included in your Apache configuration:
 +
EPRINTS_PATH/bin/generate_apacheconf --system --replace
 +
 
 +
5. Restart Apache.
 +
 
 +
== HTTPS-only or HTTP and HTTPS Repository Archive ==
 +
''TO BE WRITTEN''
  
 
== Allowing a few things without a password... ==
 
== Allowing a few things without a password... ==
  
If you need to make any other Directories available without a password, copy the directory directive for the images dir and tweak it.
+
If you need to make any other directories available without a password, say the javascript directory, copy the directory directive for the images directory and tweak it:
 
+
  <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/javascript">
If you need to make a single file public, for example the RSS feed, use the following:
+
    require all granted
 +
  </Directory>
  
  <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style">
+
If you need to make a single file public, for example the RSS/Atom feeds for latest publications, use the following:
 
   <Files "latest_tool">
 
   <Files "latest_tool">
     order allow,deny
+
     require all granted
    allow from all
 
    satisfy any
 
 
   </Files>
 
   </Files>
  </Directory>
 
  
 
[[Category:Authentication]]
 
[[Category:Authentication]]

Latest revision as of 12:01, 19 April 2025

* * * MODIFIED APRIL 2025 TO UPDATE INSTRUCTIONS FOR APACHE 2.4.x * * *

This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.

The /images and /style directories are deliberately unsecured, so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)

This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.

HTTP-only Repository Archive

1. In archives/ARCHIVEID/cfg/lang/en/static/ rename index.xpage to home.xpage.

2. Generate static pages to create the file home.html amongst others. 

EPRINTS_PATH/bin/generate_static ARCHIVEID

3. Add the following to archives/ARCHIVEID/cfg/apachevhost.conf. (Be sure to substitute EPRINTS_PATH, ARCHIVEID and HOSTNAME as appropriate): 

 <Location "">
   AuthName "Documents Area"
   AuthType "Basic"
   PerlAuthenHandler EPrints::Apache::Auth::authen
   PerlAuthzHandler EPrints::Apache::Auth::authz
   require valid-user
 </Location>

 <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/images">
  require all granted
 </Directory>

 <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/style">
   require all granted
 </Directory>

 <Location "/cgi/reset_password">
   require all granted
 </Location>

 <Location "/cgi/confirm">
   require all granted
 </Location>

 <LocationMatch "^/$">
   Redirect / http://HOSTNAME/cgi/users/login?target=/home.html
 </LocationMatch>

4. If you did not already have an archives/ARCHIVEID/cfg/apachevhost.conf then run the following to make sure it is included in your Apache configuration: 

EPRINTS_PATH/bin/generate_apacheconf --system --replace

5. Restart Apache.

HTTPS-only or HTTP and HTTPS Repository Archive

TO BE WRITTEN

Allowing a few things without a password...

If you need to make any other directories available without a password, say the javascript directory, copy the directory directive for the images directory and tweak it: 

 <Directory "EPRINTS_PATH/archives/ARCHIVEID/html/en/javascript">
   require all granted
 </Directory>

If you need to make a single file public, for example the RSS/Atom feeds for latest publications, use the following: 

 <Files "latest_tool">
   require all granted
 </Files>
Retrieved from ‘https://wiki.eprints.org/w/index.php?title=Login-Only_Repository&oldid=16759