Difference between revisions of "Login-Only Repository"

From EPrints Documentation
Jump to: navigation, search
 
(10 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.
 +
 +
The /images and /style directories are deliberately unsecured so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)
 +
 +
This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.
 +
 
1. In [[archives/ARCHIVEID/cfg/lang/en/static/]] rename index.xpage to home.xpage
 
1. In [[archives/ARCHIVEID/cfg/lang/en/static/]] rename index.xpage to home.xpage
  
 
2. Run bin/generate_static to generate the home.html file (and others).
 
2. Run bin/generate_static to generate the home.html file (and others).
  
3. Add the following to [[archives/ARCHIVEID/cfg/]]apachevhost.conf (use your site URL in the last bit):
+
3. Add the following to [[archives/ARCHIVEID/cfg/]]apachevhost.conf (use your site URL in the last bit and replace ARCHIVEID):
  
 
   <Location "">
 
   <Location "">
Line 13: Line 19:
 
     AuthName "Documents Area"
 
     AuthName "Documents Area"
 
   </Location>
 
   </Location>
 
+
   <Directory "/opt/eprints3/archives/mbi/html/en/images">
+
   <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/images">
 
     order allow,deny
 
     order allow,deny
 
     allow from all
 
     allow from all
 
     satisfy any
 
     satisfy any
 
   </Directory>
 
   </Directory>
 
+
   <Directory "/opt/eprints3/archives/mbi/html/en/style">
+
   <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style">
 
     order allow,deny
 
     order allow,deny
 
     allow from all
 
     allow from all
 
     satisfy any
 
     satisfy any
 
   </Directory>
 
   </Directory>
 
+
 +
  <Location "/cgi/reset_password">
 +
    order allow,deny
 +
    allow from all
 +
    satisfy any
 +
  </Location>
 +
 +
  <Location "/cgi/confirm">
 +
    order allow,deny
 +
    allow from all
 +
    satisfy any
 +
  </Location>
 +
 
   <LocationMatch "^/$">
 
   <LocationMatch "^/$">
     Redirect / http://mbiprints.ecs.soton.ac.uk/cgi/users/login?target=/home.html
+
     Redirect / http://myarchive.ac.uk/cgi/users/login?target=/home.html
 
   </LocationMatch>
 
   </LocationMatch>
  
 
4. Restart Apache.
 
4. Restart Apache.
 +
 +
== Allowing a few things without a password... ==
 +
 +
If you need to make any other Directories available without a password, copy the directory directive for the images dir and tweak it.
 +
 +
If you need to make a single file public, for example the RSS feed, use the following:
 +
 +
  <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style">
 +
  <Files "latest_tool">
 +
    order allow,deny
 +
    allow from all
 +
    satisfy any
 +
  </Files>
 +
  </Directory>
 +
 +
[[Category:Authentication]]

Latest revision as of 12:36, 20 March 2010

This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.

The /images and /style directories are deliberately unsecured so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)

This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.

1. In archives/ARCHIVEID/cfg/lang/en/static/ rename index.xpage to home.xpage

2. Run bin/generate_static to generate the home.html file (and others).

3. Add the following to archives/ARCHIVEID/cfg/apachevhost.conf (use your site URL in the last bit and replace ARCHIVEID):

 <Location "">
   AuthName "Documents Area"
   AuthType "Basic"
   PerlAuthenHandler EPrints::Apache::Auth::authen
   PerlAuthzHandler EPrints::Apache::Auth::authz
   require valid-user
   AuthName "Documents Area"
 </Location>

 <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/images">
   order allow,deny
   allow from all
   satisfy any
 </Directory>

 <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style">
   order allow,deny
   allow from all
   satisfy any
 </Directory>

 <Location "/cgi/reset_password">
   order allow,deny
   allow from all
   satisfy any
 </Location>

 <Location "/cgi/confirm">
   order allow,deny
   allow from all
   satisfy any
 </Location>

 <LocationMatch "^/$">
   Redirect / http://myarchive.ac.uk/cgi/users/login?target=/home.html
 </LocationMatch>

4. Restart Apache.

Allowing a few things without a password...

If you need to make any other Directories available without a password, copy the directory directive for the images dir and tweak it.

If you need to make a single file public, for example the RSS feed, use the following:

 <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style">
 <Files "latest_tool">
   order allow,deny
   allow from all
   satisfy any
 </Files>
 </Directory>