Difference between revisions of "HTTPS for Debian/Ubuntu"

From EPrints Documentation
Jump to: navigation, search
(Setting up the SSL Virtual Host)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Category:Authentication]]
 +
[[Category:Debian_and_Ubuntu]]
 
=EPrints Configuration=
 
=EPrints Configuration=
 
This is still the same process as the standard HTTPS setup. Add the following lines to ''archive/ARCHIVEID/cfg/cfg.d/10_core.pl'';
 
This is still the same process as the standard HTTPS setup. Add the following lines to ''archive/ARCHIVEID/cfg/cfg.d/10_core.pl'';
Line 6: Line 8:
 
  $c->{securepath} = '/secure';
 
  $c->{securepath} = '/secure';
 
   
 
   
  $c->{http_root} = '';
+
  $c->{http_root} = <nowiki>''</nowiki>;
  $c->{https_root} = '';
+
  $c->{https_root} = <nowiki>''</nowiki>;
 
  $c->{http_cgiroot} = '/cgi';
 
  $c->{http_cgiroot} = '/cgi';
 
  $c->{https_cgiroot} = '/cgi';
 
  $c->{https_cgiroot} = '/cgi';
Line 42: Line 44:
 
   SSLEngine on
 
   SSLEngine on
 
   SSLCertificateFile /etc/apache2/ssl/apache.pem
 
   SSLCertificateFile /etc/apache2/ssl/apache.pem
   Include /usr/share/eprints3/archives/ARCHIVEID/var/auto-secure.conf
+
   Include /usr/share/eprints3/cfg/apache_ssl.conf
 
  </VirtualHost>
 
  </VirtualHost>
  

Latest revision as of 09:06, 14 October 2011

EPrints Configuration

This is still the same process as the standard HTTPS setup. Add the following lines to archive/ARCHIVEID/cfg/cfg.d/10_core.pl;

$c->{securehost} = 'example.com';
$c->{secureport} = 443;
$c->{securepath} = '/secure';

$c->{http_root} = '';
$c->{https_root} = '';
$c->{http_cgiroot} = '/cgi';
$c->{https_cgiroot} = '/cgi';

Next you need to run the generate_apacheconf command;

bin/generate_apacheconf

EPrints should now be ready for SSL.

Apache Configuration

Generating the SSL certificate

The first thing you need to do is install the SSL certificate generator if you don't already have it;

sudo apt-get install ssl-cert

Next make a directory for all your SSL certificates in your apache2 directory;

sudo mkdir /etc/apache2/ssl

Now we can generate the certificate;

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Setting up the SSL Virtual Host

Now enable the module for apache2 which should already be installed as part of the apache2 package;

sudo a2enmod ssl

We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the SSL virtualhost, but it does not exist on Debian/Ubuntu. Create a new file in /etc/apache2/sites-available/eprints3-ssl, in this file you want to put the following;

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/apache.pem
  Include /usr/share/eprints3/cfg/apache_ssl.conf
</VirtualHost>

Once you have done this enable the site;

sudo a2ensite eprints3-ssl

Then restart apache2 in the standard way;

sudo /etc/init.d/apache2 restart

Conclusion

That should be everything set up for EPrints to operate over https. If you followed the configuration options outlined on this page then your https repository should be running at https://example.com/ whilst the traditional http://example.com/ repository remains intact.