How to use EPrints with HTTPS

From EPrints Documentation
Revision as of 15:06, 2 March 2006 by WikiSysop (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • Contributor: [Tim Miles-Board]
  • Eprints version: 2.3
  • Purpose: Secure EPrints with HTTPS
  • License: GNU General Public License

!!! Add HTTPS Settings

For each @@ARCHIVEID.xml@@ file, fill in the @@securehost@@ and @@securepath@@ entries.

Example:

<archive id="demo">
   ....
   <securehost>secure.mydomain.com</securehost>
   <securepath>/demo</securepath>
   ....
</archive>

The @@securehost@@ is vhosted on the same server as your EPrints archive(s).

Secure requests will be of the form https://securehost/securepath.

@@securepath@@ therefore differentiates requests from individual archives.

!!! Generate Secure Config

$ bin/generate_apacheconf

As well as the usual apache configuration files, this will generate an @@auto-secure.conf@@ file in each archive's @@cfg@@ directory.

!!! Set up Secure Host

Under Fedora Core 4, I ran:

$ yum install mod_ssl

This sets up a test SSL server.

For a production system, you would need to provide the relevant certificates and tweak the mod_ssl config accordingly.

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

Include each @@auto-secure.conf@@ file generated by EPrints inside the @@Virtualhost@@ directive.

For me, this meant editing @@/etc/httpd/conf.d/ssl.conf@@:

<VirtualHost _default_:443>
   ....
   Include /opt/eprints2/archives/demo/cfg/auto-secure.conf
</VirtualHost>

!!! Create Template for Secure Pages

I made a copy of @@template-en.xml@@:

$ cp template-en.xml template-secure-en.xml

In a multi-language archive, you would need to do this for each language-specific template.

It's a good idea to have a visual differentiation between secure and non-secure pages: e.g. I edited @@template-secure-en.xml@@ and added "(SECURE)" to the title of the page.

Some browsers will complain if images/CSS etc. embedded in a secure page are served by the non-secure host. To solve this, I added a new entity to @@ArchiveConfig.pm/sub get_entities@@:

$entities{ssl_base_url} = "https://" . $archive->get_conf("securehost") . $archive->get_conf("securepath");

I then replaced image/CSS @@base_url@@s with @@ssl_base_url@@.