EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #06790


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] SSL (HTTPS) only for an EPrints repository




On 23 Aug. 2017 6:57 am, "Tomasz Neugebauer" <Tomasz.Neugebauer@concordia.ca> wrote:

Google is sending out alerts that it will soon begin to show security warnings in Chrome for any web site that is not SSL (HTTPS).

Our EPrints repository (running 3.3.12) switches over to HTTPS when the user authenticates, but the browse pages are available through HTTP as well.

What is the best way to get EPrints to redirect everything to HTTPS?

I think I remember this question coming up on the list before, but I can’t seem to find any references.

Thanks!

Tomasz


All I remember is that I had to change how eprints generates the Apache config so it added a <Location> chunk for the non-secure root (i.e. "/") inside the :443 VirtualHost, which defined the eprints archive environment variable.

Our repo allows both http and https access, though; if you're going https-everywhere you'll probably have different concerns.


Cheers
-- 
Matthew Kerwin