Difference between revisions of "Login-Only Repository"

This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.

The /images and /style directories are deliberately unsecured so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)

This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.

1. In archives/ARCHIVEID/cfg/lang/en/static/ rename index.xpage to home.xpage

2. Run bin/generate_static to generate the home.html file (and others).

3. Add the following to archives/ARCHIVEID/cfg/apachevhost.conf (use your site URL in the last bit and replace ARCHIVEID):

 <Location "">
   AuthName "Documents Area"
   AuthType "Basic"
   PerlAuthenHandler EPrints::Apache::Auth::authen
   PerlAuthzHandler EPrints::Apache::Auth::authz
   require valid-user
   AuthName "Documents Area"
 </Location>

 <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/images">
   order allow,deny
   allow from all
   satisfy any
 </Directory>

 <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style">
   order allow,deny
   allow from all
   satisfy any
 </Directory>

 <Location "/cgi/reset_password">
   order allow,deny
   allow from all
   satisfy any
 </Location>

 <Location "/cgi/confirm">
   order allow,deny
   allow from all
   satisfy any
 </Location>

 <LocationMatch "^/$">
   Redirect / http://myarchive.ac.uk/cgi/users/login?target=/home.html
 </LocationMatch>

4. Restart Apache.