Difference between revisions of "HTTPS for Debian/Ubuntu"
(→Setting up the SSL Virtual Host) |
|||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:Authentication]] | ||
| + | [[Category:Debian_and_Ubuntu]] | ||
=EPrints Configuration= | =EPrints Configuration= | ||
| − | This is still the same process as the standard HTTPS setup. Add the following lines to archive/ARCHIVEID/cfg/cfg.d/10_core.pl; | + | This is still the same process as the standard HTTPS setup. Add the following lines to ''archive/ARCHIVEID/cfg/cfg.d/10_core.pl''; |
$c->{securehost} = 'example.com'; | $c->{securehost} = 'example.com'; | ||
| Line 6: | Line 8: | ||
$c->{securepath} = '/secure'; | $c->{securepath} = '/secure'; | ||
| − | $c->{http_root} = ''; | + | $c->{http_root} = <nowiki>''</nowiki>; |
| − | $c->{https_root} = ''; | + | $c->{https_root} = <nowiki>''</nowiki>; |
$c->{http_cgiroot} = '/cgi'; | $c->{http_cgiroot} = '/cgi'; | ||
$c->{https_cgiroot} = '/cgi'; | $c->{https_cgiroot} = '/cgi'; | ||
| Line 20: | Line 22: | ||
==Generating the SSL certificate== | ==Generating the SSL certificate== | ||
| − | The first thing you need to do is install the | + | The first thing you need to do is install the SSL certificate generator if you don't already have it; |
sudo apt-get install ssl-cert | sudo apt-get install ssl-cert | ||
| − | Next make a directory for all your | + | Next make a directory for all your SSL certificates in your apache2 directory; |
sudo mkdir /etc/apache2/ssl | sudo mkdir /etc/apache2/ssl | ||
| Line 32: | Line 34: | ||
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem | sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem | ||
| − | ==Setting up | + | ==Setting up the SSL Virtual Host== |
Now enable the module for apache2 which should already be installed as part of the apache2 package; | Now enable the module for apache2 which should already be installed as part of the apache2 package; | ||
sudo a2enmod ssl | sudo a2enmod ssl | ||
| − | We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the | + | We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the SSL virtualhost, but it does not exist on Debian/Ubuntu. Create a new file in ''/etc/apache2/sites-available/eprints3-ssl'', in this file you want to put the following; |
| + | |||
| + | <VirtualHost *:443> | ||
| + | SSLEngine on | ||
| + | SSLCertificateFile /etc/apache2/ssl/apache.pem | ||
| + | Include /usr/share/eprints3/cfg/apache_ssl.conf | ||
| + | </VirtualHost> | ||
| + | |||
| + | Once you have done this enable the site; | ||
| + | |||
| + | sudo a2ensite eprints3-ssl | ||
| + | |||
| + | Then restart apache2 in the standard way; | ||
| + | |||
| + | sudo /etc/init.d/apache2 restart | ||
| + | |||
| + | =Conclusion= | ||
| + | That should be everything set up for EPrints to operate over https. If you followed the configuration options outlined on this page then your https repository should be running at ''https://example.com/'' whilst the traditional ''http://example.com/'' repository remains intact. | ||
Latest revision as of 09:06, 14 October 2011
Contents
EPrints Configuration
This is still the same process as the standard HTTPS setup. Add the following lines to archive/ARCHIVEID/cfg/cfg.d/10_core.pl;
$c->{securehost} = 'example.com';
$c->{secureport} = 443;
$c->{securepath} = '/secure';
$c->{http_root} = '';
$c->{https_root} = '';
$c->{http_cgiroot} = '/cgi';
$c->{https_cgiroot} = '/cgi';
Next you need to run the generate_apacheconf command;
bin/generate_apacheconf
EPrints should now be ready for SSL.
Apache Configuration
Generating the SSL certificate
The first thing you need to do is install the SSL certificate generator if you don't already have it;
sudo apt-get install ssl-cert
Next make a directory for all your SSL certificates in your apache2 directory;
sudo mkdir /etc/apache2/ssl
Now we can generate the certificate;
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
Setting up the SSL Virtual Host
Now enable the module for apache2 which should already be installed as part of the apache2 package;
sudo a2enmod ssl
We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the SSL virtualhost, but it does not exist on Debian/Ubuntu. Create a new file in /etc/apache2/sites-available/eprints3-ssl, in this file you want to put the following;
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem Include /usr/share/eprints3/cfg/apache_ssl.conf </VirtualHost>
Once you have done this enable the site;
sudo a2ensite eprints3-ssl
Then restart apache2 in the standard way;
sudo /etc/init.d/apache2 restart
Conclusion
That should be everything set up for EPrints to operate over https. If you followed the configuration options outlined on this page then your https repository should be running at https://example.com/ whilst the traditional http://example.com/ repository remains intact.
