Difference between revisions of "HTTPS for Debian/Ubuntu"

From EPrints Documentation
Jump to: navigation, search
Line 1: Line 1:
 
=EPrints Configuration=
 
=EPrints Configuration=
This is still the same process as the standard HTTPS setup. Add the following lines to archive/ARCHIVEID/cfg/cfg.d/10_core.pl;
+
This is still the same process as the standard HTTPS setup. Add the following lines to ''archive/ARCHIVEID/cfg/cfg.d/10_core.pl'';
  
 
  $c->{securehost} = 'example.com';
 
  $c->{securehost} = 'example.com';
Line 20: Line 20:
  
 
==Generating the SSL certificate==
 
==Generating the SSL certificate==
The first thing you need to do is install the ssl certificate generator if you don't already have it;
+
The first thing you need to do is install the SSL certificate generator if you don't already have it;
  
 
  sudo apt-get install ssl-cert
 
  sudo apt-get install ssl-cert
  
Next make a directory for all your ssl certificates in your apache2 directory;
+
Next make a directory for all your SSL certificates in your apache2 directory;
  
 
  sudo mkdir /etc/apache2/ssl
 
  sudo mkdir /etc/apache2/ssl
Line 32: Line 32:
 
  sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
 
  sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
  
==Setting up Apache2==
+
==Setting up the SSL Virtual Host==
 
Now enable the module for apache2 which should already be installed as part of the apache2 package;
 
Now enable the module for apache2 which should already be installed as part of the apache2 package;
  
 
  sudo a2enmod ssl
 
  sudo a2enmod ssl
  
We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the ssl virtualhost, but it does not exist on Debian/Ubuntu.
+
We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the SSL virtualhost, but it does not exist on Debian/Ubuntu. Create a new file in ''/etc/apache2/sites-available/eprints3-ssl'', in this file you want to put the following;
 +
 
 +
<VirtualHost *:443>
 +
  SSLEngine on
 +
  SSLCertificateFile /etc/apache2/ssl/apache.pem
 +
  Include /usr/share/eprints3/archives/ARCHIVEID/var/auto-secure.conf
 +
</VirtualHost>
 +
 
 +
Once you have done this enable the site;
 +
 
 +
sudo a2ensite eprints3-ssl
 +
 
 +
Then restart apache2 in the standard way;
 +
 
 +
sudo /etc/init.d/apache2 restart
 +
 
 +
=Conclusion=
 +
That should be everything set up for EPrints to operate over https. If you followed the configuration options outlined on this page then your https repository should be running at ''https://example.com/'' whilst the traditional ''http://example.com/'' repository remains intact.

Revision as of 14:28, 12 November 2009

EPrints Configuration

This is still the same process as the standard HTTPS setup. Add the following lines to archive/ARCHIVEID/cfg/cfg.d/10_core.pl;

$c->{securehost} = 'example.com';
$c->{secureport} = 443;
$c->{securepath} = '/secure';

$c->{http_root} = ;
$c->{https_root} = ;
$c->{http_cgiroot} = '/cgi';
$c->{https_cgiroot} = '/cgi';

Next you need to run the generate_apacheconf command;

bin/generate_apacheconf

EPrints should now be ready for SSL.

Apache Configuration

Generating the SSL certificate

The first thing you need to do is install the SSL certificate generator if you don't already have it;

sudo apt-get install ssl-cert

Next make a directory for all your SSL certificates in your apache2 directory;

sudo mkdir /etc/apache2/ssl

Now we can generate the certificate;

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Setting up the SSL Virtual Host

Now enable the module for apache2 which should already be installed as part of the apache2 package;

sudo a2enmod ssl

We now need to create a new virtualhost since EPrints makes some assumptions about the existence of the SSL virtualhost, but it does not exist on Debian/Ubuntu. Create a new file in /etc/apache2/sites-available/eprints3-ssl, in this file you want to put the following;

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/apache.pem
  Include /usr/share/eprints3/archives/ARCHIVEID/var/auto-secure.conf
</VirtualHost>

Once you have done this enable the site;

sudo a2ensite eprints3-ssl

Then restart apache2 in the standard way;

sudo /etc/init.d/apache2 restart

Conclusion

That should be everything set up for EPrints to operate over https. If you followed the configuration options outlined on this page then your https repository should be running at https://example.com/ whilst the traditional http://example.com/ repository remains intact.