Difference between revisions of "Login-Only Repository"
(10 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
+ | This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password. | ||
+ | |||
+ | The /images and /style directories are deliberately unsecured so that you can explicitly always view the files in them (you need the CSS + images to render the login page!) | ||
+ | |||
+ | This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account. | ||
+ | |||
1. In [[archives/ARCHIVEID/cfg/lang/en/static/]] rename index.xpage to home.xpage | 1. In [[archives/ARCHIVEID/cfg/lang/en/static/]] rename index.xpage to home.xpage | ||
2. Run bin/generate_static to generate the home.html file (and others). | 2. Run bin/generate_static to generate the home.html file (and others). | ||
− | 3. Add the following to [[archives/ARCHIVEID/cfg/]]apachevhost.conf (use your site URL in the last bit): | + | 3. Add the following to [[archives/ARCHIVEID/cfg/]]apachevhost.conf (use your site URL in the last bit and replace ARCHIVEID): |
<Location ""> | <Location ""> | ||
Line 13: | Line 19: | ||
AuthName "Documents Area" | AuthName "Documents Area" | ||
</Location> | </Location> | ||
− | + | ||
− | <Directory "/opt/eprints3/archives/ | + | <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/images"> |
order allow,deny | order allow,deny | ||
allow from all | allow from all | ||
satisfy any | satisfy any | ||
</Directory> | </Directory> | ||
− | + | ||
− | <Directory "/opt/eprints3/archives/ | + | <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style"> |
order allow,deny | order allow,deny | ||
allow from all | allow from all | ||
satisfy any | satisfy any | ||
</Directory> | </Directory> | ||
− | + | ||
+ | <Location "/cgi/reset_password"> | ||
+ | order allow,deny | ||
+ | allow from all | ||
+ | satisfy any | ||
+ | </Location> | ||
+ | |||
+ | <Location "/cgi/confirm"> | ||
+ | order allow,deny | ||
+ | allow from all | ||
+ | satisfy any | ||
+ | </Location> | ||
+ | |||
<LocationMatch "^/$"> | <LocationMatch "^/$"> | ||
− | Redirect / http:// | + | Redirect / http://myarchive.ac.uk/cgi/users/login?target=/home.html |
</LocationMatch> | </LocationMatch> | ||
4. Restart Apache. | 4. Restart Apache. | ||
+ | |||
+ | == Allowing a few things without a password... == | ||
+ | |||
+ | If you need to make any other Directories available without a password, copy the directory directive for the images dir and tweak it. | ||
+ | |||
+ | If you need to make a single file public, for example the RSS feed, use the following: | ||
+ | |||
+ | <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style"> | ||
+ | <Files "latest_tool"> | ||
+ | order allow,deny | ||
+ | allow from all | ||
+ | satisfy any | ||
+ | </Files> | ||
+ | </Directory> | ||
+ | |||
+ | [[Category:Authentication]] |
Latest revision as of 12:36, 20 March 2010
This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.
The /images and /style directories are deliberately unsecured so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)
This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.
1. In archives/ARCHIVEID/cfg/lang/en/static/ rename index.xpage to home.xpage
2. Run bin/generate_static to generate the home.html file (and others).
3. Add the following to archives/ARCHIVEID/cfg/apachevhost.conf (use your site URL in the last bit and replace ARCHIVEID):
<Location ""> AuthName "Documents Area" AuthType "Basic" PerlAuthenHandler EPrints::Apache::Auth::authen PerlAuthzHandler EPrints::Apache::Auth::authz require valid-user AuthName "Documents Area" </Location> <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/images"> order allow,deny allow from all satisfy any </Directory> <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style"> order allow,deny allow from all satisfy any </Directory> <Location "/cgi/reset_password"> order allow,deny allow from all satisfy any </Location> <Location "/cgi/confirm"> order allow,deny allow from all satisfy any </Location> <LocationMatch "^/$"> Redirect / http://myarchive.ac.uk/cgi/users/login?target=/home.html </LocationMatch>
4. Restart Apache.
Allowing a few things without a password...
If you need to make any other Directories available without a password, copy the directory directive for the images dir and tweak it.
If you need to make a single file public, for example the RSS feed, use the following:
<Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style"> <Files "latest_tool"> order allow,deny allow from all satisfy any </Files> </Directory>