EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #07144


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] HTTPS multiple archives


Hi Jimmy,

I think you need one of the following:
a) Two IP addresses - one for each site - signed with 'traditional' certificates
b) Two sub-domains e.g. aaa.domain.com and bbb.domain.com - signed with a wildcard certificate for *.domain.com
c) A certificate that uses SNI (Server Name Indication), which lists each of the domains used.

We use option c, and have config as below - which reference a certificate that has both domains as Subject Alternate Names.
The 'Lets Encrypt' service is useful here - especially on dev/staging machines. See: https://wiki.eprints.org/w/Setting_up_HTTPS_using_Let%27s_Encrypt 

Let me know how you get on!
Cheers,
John

<VirtualHost *:443>
  ServerName aaa.domain.com
  ServerAdmin J.Salter@leeds.ac.uk
... 

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/path/to/certificate.cert"
  SSLCertificateKeyFile   "/path/to/key.key"
  SSLCertificateChainFile "/path/to/chain.crt"
  SSLCACertificatePath    "/path/to/cert"
  SSLProtocol             #options as required

<Location "">
  PerlSetVar EPrints_ArchiveID ARCHIVEID_AAA
  PerlSetVar EPrints_Secure yes
  Options +ExecCGI
  Order allow,deny
  Allow from all
</Location>
PerlTransHandler +EPrints::Apache::Rewrite
</VirtualHost>

For the second domain

<VirtualHost *:443>
  ServerName bbb.domain.com

### all the same stuff as above - SSL directives etc.

<Location "">
  PerlSetVar EPrints_ArchiveID ARCHIVEID_BBB
  PerlSetVar EPrints_Secure yes
  Options +ExecCGI
  Order allow,deny
  Allow from all
</Location>
PerlTransHandler +EPrints::Apache::Rewrite
</VirtualHost>


-----Original Message-----
From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Yuri
Sent: 09 February 2018 07:09
To: eprints-tech@ecs.soton.ac.uk
Subject: Re: [EP-tech] HTTPS multiple archives

Can you post your config? Anyway, multiple https on the same apache means you've to use different ip because of the certificate.

Il 08/02/2018 17:49, Jimmy Girard-Nault ha scritto:
>
> Hi all,
>
> I'm facing an issue when I try to configure HTTPS (I've been following 
> this tuto : https://wiki.eprints.org/w/How_to_use_EPrints_with_HTTPS).
>
> First of all, when I had only one archive, everything was working fine.
>
> The issue came when I added another archive : when I try to reach the 
> first one with its URL, it shows up the other recently added archive. 
> So now both https urls shows up the same archive.
>
> Does anyone have already experienced this ? Do you need more details 
> from my config? I'm using Eprints 3.3.15
>
> Thanks in advance,
>
> Regards
>
> **
>
> *Jimmy*
>
>
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive: http://www.eprints.org/tech.php/
> *** EPrints community wiki: http://wiki.eprints.org/
> *** EPrints developers Forum: http://forum.eprints.org/


*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/