EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #07146
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] HTTPS multiple archives
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: Re: [EP-tech] HTTPS multiple archives
- From: John Salter <J.Salter@leeds.ac.uk>
- Date: Fri, 9 Feb 2018 14:22:16 +0000
Hi Jimmy, I think you need two VHost definitions. Both will link to the same certificate etc., but the ArchiveID will be different. <VirtualHost *:443> ServerName aaa.domain.com ### some other options SSLEngine on SSLCertificateFile /path/to/wildcard.domain.com.crt SSLCertificateKeyFile /path/to/wildcard.domain.com.key SSLCertificateChainFile /path/to/wildcard.domain.com-chain.crt SSLProtocol All -SSLv2 -SSLv3 <Location ""> PerlSetVar EPrints_ArchiveID ARCHIVEID_AAA PerlSetVar EPrints_Secure yes Options +ExecCGI # more options </Location> PerlTransHandler +EPrints::Apache::Rewrite </VirtualHost> <VirtualHost *:443> ServerName bbb.domain.com ### some other options SSLEngine on SSLCertificateFile /path/to/wildcard.domain.com.crt SSLCertificateKeyFile /path/to/wildcard.domain.com.key SSLCertificateChainFile /path/to/wildcard.domain.com-chain.crt SSLProtocol All -SSLv2 -SSLv3 <Location ""> PerlSetVar EPrints_ArchiveID ARCHIVEID_BBB PerlSetVar EPrints_Secure yes Options +ExecCGI # more options </Location> PerlTransHandler +EPrints::Apache::Rewrite </VirtualHost> Cheers, John -----Original Message----- From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Jimmy Girard-Nault Sent: 09 February 2018 13:39 To: eprints-tech@ecs.soton.ac.uk Subject: Re: [EP-tech] HTTPS multiple archives Hi and thanks for your reply. I've got the option b) Two sub-domains... I have the file apache_ssl.conf which contains one line: Include /eprints3/cfg/apache_ssl/*.conf. Then in /eprints3/cfg/apache_ssl/ I have a config file for the two sub-domains which looks like: <Location ""> PerlSetVar EPrints_ArchiveID repoid PerlSetVar EPrints_Secure yes Options +ExecCGI <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all </IfModule> </Location> I think this is where the issue comes from as the two archives loads both files and set the same PerlSetVar EPrints_ArchiveID repoid? Thanks. Jimmy Girard-Nault, M. Sc. Chargé de projet informatique et technologique Service des technologies de l'information Local P2-8190 Université du Québec à Chicoutimi 555, boul. de l'Université Chicoutimi (Québec) G7H 2B1 418 545-5011, poste 2217 jimmy_girard-nault@uqac.ca -----Message d'origine----- De : eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] De la part de John Salter Envoyé : 9 février 2018 04:59 À : eprints-tech@ecs.soton.ac.uk Objet : Re: [EP-tech] HTTPS multiple archives Hi Jimmy, I think you need one of the following: a) Two IP addresses - one for each site - signed with 'traditional' certificates b) Two sub-domains e.g. http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4OWNhOTcxOTNiMjIxMzE2Yj01QTdENzFGRV81NzI3M185MjM4XzEmJmM5MjlmODEyNDA5MTVjND0xMjIyJiZ1cmw9YWFhJTJFZG9tYWluJTJFY29t and http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4YWM5OTQxOTNiMjIxMzE2Yj01QTdENzFGRV81NzI3M185MjM4XzEmJmM5MjlmODEyNDA5MTZjNz0xMjIyJiZ1cmw9YmJiJTJFZG9tYWluJTJFY29t - signed with a wildcard certificate for *.domain.com c) A certificate that uses SNI (Server Name Indication), which lists each of the domains used. We use option c, and have config as below - which reference a certificate that has both domains as Subject Alternate Names. The 'Lets Encrypt' service is useful here - especially on dev/staging machines. See: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY5Y2Q4ZDg1ODJkMmE1MTAwZj01QTdENzFGRV81NzI3M185MjM4XzEmJmFhZmQ0OTYzZjBkMWFjMj0xMjIyJiZ1cmw9aHR0cHMlM0ElMkYlMkZ3aWtpJTJFZXByaW50cyUyRW9yZyUyRnclMkZTZXR0aW5nJTVGdXAlNUZIVFRQUyU1RnVzaW5nJTVGTGV0JTI1MjdzJTVGRW5jcnlwdA== Let me know how you get on! Cheers, John <VirtualHost *:443> ServerName http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4OWNhOTcxOTNiMjIxMzE2Yj01QTdENzFGRV81NzI3M185MjM4XzEmJmM5MjlmODEyNDA5MTVjND0xMjIyJiZ1cmw9YWFhJTJFZG9tYWluJTJFY29t ServerAdmin J.Salter@leeds.ac.uk ... ## SSL directives SSLEngine on SSLCertificateFile "/path/to/certificate.cert" SSLCertificateKeyFile "/path/to/key.key" SSLCertificateChainFile "/path/to/chain.crt" SSLCACertificatePath "/path/to/cert" SSLProtocol #options as required <Location ""> PerlSetVar EPrints_ArchiveID ARCHIVEID_AAA PerlSetVar EPrints_Secure yes Options +ExecCGI Order allow,deny Allow from all </Location> PerlTransHandler +EPrints::Apache::Rewrite </VirtualHost> For the second domain <VirtualHost *:443> ServerName http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4YWM5OTQxOTNiMjIxMzE2Yj01QTdENzFGRV81NzI3M185MjM4XzEmJmM5MjlmODEyNDA5MTZjNz0xMjIyJiZ1cmw9YmJiJTJFZG9tYWluJTJFY29t ### all the same stuff as above - SSL directives etc. <Location ""> PerlSetVar EPrints_ArchiveID ARCHIVEID_BBB PerlSetVar EPrints_Secure yes Options +ExecCGI Order allow,deny Allow from all </Location> PerlTransHandler +EPrints::Apache::Rewrite </VirtualHost> -----Original Message----- From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Yuri Sent: 09 February 2018 07:09 To: eprints-tech@ecs.soton.ac.uk Subject: Re: [EP-tech] HTTPS multiple archives Can you post your config? Anyway, multiple https on the same apache means you've to use different ip because of the certificate. Il 08/02/2018 17:49, Jimmy Girard-Nault ha scritto: > > Hi all, > > I'm facing an issue when I try to configure HTTPS (I've been following > this tuto : > http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY5Y2Q4ZDg1ODJkMmE1MTAwZj0 > 1QTdENzFGRV81NzI3M185MjM4XzEmJmFiNGRlOTUxNDEwMWJmYT0xMjIyJiZ1cmw9aHR0c > HMlM0ElMkYlMkZ3aWtpJTJFZXByaW50cyUyRW9yZyUyRnclMkZIb3clNUZ0byU1RnVzZSU > 1RkVQcmludHMlNUZ3aXRoJTVGSFRUUFMlMjklMkU= > > First of all, when I had only one archive, everything was working fine. > > The issue came when I added another archive : when I try to reach the > first one with its URL, it shows up the other recently added archive. > So now both https urls shows up the same archive. > > Does anyone have already experienced this ? Do you need more details > from my config? I'm using Eprints 3.3.15 > > Thanks in advance, > > Regards > > ** > > *Jimmy* > > > > *** Options: > http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiZjNmQ4OTk0MzMwMjM1MDE2Yj0 > 1QTdENzFGRV81NzI3M185MjM4XzEmJjZkMmM0ODk2NDA5MTVjYz0xMjIyJiZ1cmw9aHR0c > CUzQSUyRiUyRm1haWxtYW4lMkVlY3MlMkVzb3RvbiUyRWFjJTJFdWslMkZtYWlsbWFuJTJ > GbGlzdGluZm8lMkZlcHJpbnRzLXRlY2g= > *** Archive: > http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTAwYT0 > 1QTdENzFGRV81NzI3M185MjM4XzEmJjI4YjlmODczYjE2MWRjYj0xMjIyJiZ1cmw9aHR0c > CUzQSUyRiUyRnd3dyUyRWVwcmludHMlMkVvcmclMkZ0ZWNoJTJFcGhwJTJG > *** EPrints community wiki: > http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTAwYj0 > 1QTdENzFGRV81NzI3M185MjM4XzEmJmM5N2Q4Y2MyZTE0MDZjYz0xMjIyJiZ1cmw9aHR0c > CUzQSUyRiUyRndpa2klMkVlcHJpbnRzJTJFb3JnJTJG > *** EPrints developers Forum: > http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTExYj0 > 1QTdENzFGRV81NzI3M185MjM4XzEmJmE4ZWM0OGY2NTAxMDRkNz0xMjIyJiZ1cmw9aHR0c > CUzQSUyRiUyRmZvcnVtJTJFZXByaW50cyUyRW9yZyUyRg== *** Options: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiZjNmQ4OTk0MzMwMjM1MDE2Yj01QTdENzFGRV81NzI3M185MjM4XzEmJjZkMmM0ODk2NDA5MTVjYz0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRm1haWxtYW4lMkVlY3MlMkVzb3RvbiUyRWFjJTJFdWslMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZlcHJpbnRzLXRlY2g= *** Archive: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTAwYT01QTdENzFGRV81NzI3M185MjM4XzEmJjI4YjlmODczYjE2MWRjYj0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRnd3dyUyRWVwcmludHMlMkVvcmclMkZ0ZWNoJTJFcGhwJTJG *** EPrints community wiki: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTAwYj01QTdENzFGRV81NzI3M185MjM4XzEmJmM5N2Q4Y2MyZTE0MDZjYz0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRndpa2klMkVlcHJpbnRzJTJFb3JnJTJG *** EPrints developers Forum: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTExYj01QTdENzFGRV81NzI3M185MjM4XzEmJmE4ZWM0OGY2NTAxMDRkNz0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRmZvcnVtJTJFZXByaW50cyUyRW9yZyUyRg== *** Options: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiZjNmQ4OTk0MzMwMjM1MDE2Yj01QTdENzFGRV81NzI3M185MjM4XzEmJjZkMmM0ODk2NDA5MTVjYz0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRm1haWxtYW4lMkVlY3MlMkVzb3RvbiUyRWFjJTJFdWslMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZlcHJpbnRzLXRlY2g= *** Archive: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTAwYT01QTdENzFGRV81NzI3M185MjM4XzEmJjI4YjlmODczYjE2MWRjYj0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRnd3dyUyRWVwcmludHMlMkVvcmclMkZ0ZWNoJTJFcGhwJTJG *** EPrints community wiki: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTAwYj01QTdENzFGRV81NzI3M185MjM4XzEmJmM5N2Q4Y2MyZTE0MDZjYz0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRndpa2klMkVlcHJpbnRzJTJFb3JnJTJG *** EPrints developers Forum: http://antispam.uqac.ca:32224/?dmVyPTEuMDAxJiY4MGRmODI0NzY1NjI1MTExYj01QTdENzFGRV81NzI3M185MjM4XzEmJmE4ZWM0OGY2NTAxMDRkNz0xMjIyJiZ1cmw9aHR0cCUzQSUyRiUyRmZvcnVtJTJFZXByaW50cyUyRW9yZyUyRg== *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/ *** EPrints developers Forum: http://forum.eprints.org/
- Follow-Ups:
- Re: [EP-tech] HTTPS multiple archives
- From: John Salter <J.Salter@leeds.ac.uk>
- Re: [EP-tech] HTTPS multiple archives
- References:
- [EP-tech] HTTPS multiple archives
- From: Jimmy Girard-Nault <Jimmy_Girard-Nault@uqac.ca>
- Re: [EP-tech] HTTPS multiple archives
- From: Yuri <yurj@alfa.it>
- Re: [EP-tech] HTTPS multiple archives
- From: John Salter <J.Salter@leeds.ac.uk>
- Re: [EP-tech] HTTPS multiple archives
- From: Jimmy Girard-Nault <Jimmy_Girard-Nault@uqac.ca>
- Re: [EP-tech] HTTPS multiple archives
- From: John Salter <J.Salter@leeds.ac.uk>
- [EP-tech] HTTPS multiple archives
- Prev by Date: Re: [EP-tech] HTTPS multiple archives
- Next by Date: Re: [EP-tech] Eprints for research data
- Previous by thread: [EP-tech] EPrints/CRIS
- Next by thread: [EP-tech] DOI handling in orcid_support_advance
- Index(es):