How to use EPrints with HTTPS

From EPrints Documentation
Revision as of 15:06, 2 March 2006 by WikiSysop (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • Contributor: [Tim Miles-Board]
  • Eprints version: 2.3
  • Purpose: Secure EPrints with HTTPS
  • License: GNU General Public License

!!! Add HTTPS Settings

For each @@ARCHIVEID.xml@@ file, fill in the @@securehost@@ and @@securepath@@ entries.


<archive id="demo">

The @@securehost@@ is vhosted on the same server as your EPrints archive(s).

Secure requests will be of the form https://securehost/securepath.

@@securepath@@ therefore differentiates requests from individual archives.

!!! Generate Secure Config

$ bin/generate_apacheconf

As well as the usual apache configuration files, this will generate an @@auto-secure.conf@@ file in each archive's @@cfg@@ directory.

!!! Set up Secure Host

Under Fedora Core 4, I ran:

$ yum install mod_ssl

This sets up a test SSL server.

For a production system, you would need to provide the relevant certificates and tweak the mod_ssl config accordingly.

Include each @@auto-secure.conf@@ file generated by EPrints inside the @@Virtualhost@@ directive.

For me, this meant editing @@/etc/httpd/conf.d/ssl.conf@@:

<VirtualHost _default_:443>
   Include /opt/eprints2/archives/demo/cfg/auto-secure.conf

!!! Create Template for Secure Pages

I made a copy of @@template-en.xml@@:

$ cp template-en.xml template-secure-en.xml

In a multi-language archive, you would need to do this for each language-specific template.

It's a good idea to have a visual differentiation between secure and non-secure pages: e.g. I edited @@template-secure-en.xml@@ and added "(SECURE)" to the title of the page.

Some browsers will complain if images/CSS etc. embedded in a secure page are served by the non-secure host. To solve this, I added a new entity to get_entities@@:

$entities{ssl_base_url} = "https://" . $archive->get_conf("securehost") . $archive->get_conf("securepath");

I then replaced image/CSS @@base_url@@s with @@ssl_base_url@@.