EPrints Technical Mailing List Archive
Message: #06790
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- To: eprints-tech@ecs.soton.ac.uk
- Subject: Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- From: Matthew Kerwin <matthew@kerwin.net.au>
- Date: Wed, 23 Aug 2017 08:36:29 +1000
On 23 Aug. 2017 6:57 am, "Tomasz Neugebauer" <Tomasz.Neugebauer@concordia.ca> wrote:
Google is sending out alerts that it will soon begin to show security warnings in Chrome for any web site that is not SSL (HTTPS).
Our EPrints repository (running 3.3.12) switches over to HTTPS when the user authenticates, but the browse pages are available through HTTP as well.
What is the best way to get EPrints to redirect everything to HTTPS?
I think I remember this question coming up on the list before, but I can’t seem to find any references.
Thanks!
Tomasz
All I remember is that I had to change how eprints generates the Apache config so it added a <Location> chunk for the non-secure root (i.e. "/") inside the :443 VirtualHost, which defined the eprints archive environment variable.
Our repo allows both http and https access, though; if you're going https-everywhere you'll probably have different concerns.
Oh, and see also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
Cheers
--
Matthew Kerwin
- References:
- [EP-tech] SSL (HTTPS) only for an EPrints repository
- From: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
- [EP-tech] SSL (HTTPS) only for an EPrints repository
- Prev by Date: [EP-tech] SSL (HTTPS) only for an EPrints repository
- Next by Date: [EP-tech] Fixity Check and EPrints - Digital Preservation
- Previous by thread: [EP-tech] SSL (HTTPS) only for an EPrints repository
- Next by thread: Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- Index(es):