EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #06792
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- From: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
- Date: Thu, 24 Aug 2017 20:30:11 +0000
Thank you, Matthew! We have HTTPS working, with the apache config, but the repository allows users to access “browse/abstract” pages with HTTP as well. Since
we have a search box in our header, Chrome will soon start warning that inputting any text on an HTTP connection is not secure. I was looking at this Google page which recommends HSTS as well:
https://support.google.com/webmasters/answer/6073543?hl=en&ref_topic=6001951 I think that is what we need to implement, I’m just not sure how to do that yet. I noticed that when I try to access a QUT ePrints page with HTTP, it switches over to HTTPS, for example, going here :
http://eprints.qut.edu.au/view/thesis/phd/ , you end up
https://eprints.qut.edu.au/view/thesis/phd/
Does that mean that QUT ePrints is supporting HSTS? Tomasz From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk]
On Behalf Of Matthew Kerwin On 23 Aug. 2017 6:57 am, "Tomasz Neugebauer" <Tomasz.Neugebauer@concordia.ca> wrote:
All I remember is that I had to change how eprints generates the Apache config so it added a <Location> chunk for the non-secure root (i.e. "/") inside the :443 VirtualHost, which defined the eprints archive environment variable. Our repo allows both http and https access, though; if you're going https-everywhere you'll probably have different concerns. Oh, and see also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security Cheers -- Matthew Kerwin |
- References:
- [EP-tech] SSL (HTTPS) only for an EPrints repository
- From: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
- Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- From: Matthew Kerwin <matthew@kerwin.net.au>
- [EP-tech] SSL (HTTPS) only for an EPrints repository
- Prev by Date: [EP-tech] Fixity Check and EPrints - Digital Preservation
- Next by Date: Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- Previous by thread: Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- Next by thread: Re: [EP-tech] SSL (HTTPS) only for an EPrints repository
- Index(es):