HTTPS for Debian/Ubuntu

From EPrints Documentation
Revision as of 09:06, 14 October 2011 by Tdb01r (talk | contribs) (Setting up the SSL Virtual Host)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

EPrints Configuration

This is still the same process as the standard HTTPS setup. Add the following lines to archive/ARCHIVEID/cfg/cfg.d/10_core.pl;

$c->{securehost} = 'example.com';
$c->{secureport} = 443;
$c->{securepath} = '/secure';

$c->{http_root} = '';
$c->{https_root} = '';
$c->{http_cgiroot} = '/cgi';
$c->{https_cgiroot} = '/cgi';

Next you need to run the generate_apacheconf command;

bin/generate_apacheconf

EPrints should now be ready for SSL.

Apache Configuration

Generating the SSL certificate

The first thing you need to do is install the SSL certificate generator if you don't already have it;

sudo apt-get install ssl-cert

Next make a directory for all your SSL certificates in your apache2 directory;

sudo mkdir /etc/apache2/ssl

Now we can generate the certificate;

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Setting up the SSL Virtual Host

Now enable the module for apache2 which should already be installed as part of the apache2 package;

sudo a2enmod ssl

We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the SSL virtualhost, but it does not exist on Debian/Ubuntu. Create a new file in /etc/apache2/sites-available/eprints3-ssl, in this file you want to put the following;

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/apache.pem
  Include /usr/share/eprints3/cfg/apache_ssl.conf
</VirtualHost>

Once you have done this enable the site;

sudo a2ensite eprints3-ssl

Then restart apache2 in the standard way;

sudo /etc/init.d/apache2 restart

Conclusion

That should be everything set up for EPrints to operate over https. If you followed the configuration options outlined on this page then your https repository should be running at https://example.com/ whilst the traditional http://example.com/ repository remains intact.