I think that here:

https://wiki.eprints.org/w/Setting_up_HTTPS_using_Let%27s_Encrypt

this part:

"You can test to confirm this by creating a .well-known/acme-challenge/ directory in your DocumentRoot. Typically, this will be something like /var/www/html/.well-known/acme-challenge/. If you then add a small text file you can request (e.g. test.txt) to this directory and then see if you can download it from your web browser, (e.g. http://example.eprints.org/.well-known/acme-challenge/test.txt), if you can download this, Let's Encrypt Acme challenges should work and you can remove the .well-known directory as Certbot will re-create this when it needs it."

is not working because Eprints will not serve from DocumentRoot (maybe rewrite_exceptions as David suggested would work using generate_static?). I tried it but it doesn't work. Anyway, the trigger part in the docs worked (mostly, see below). What I did:

- modified generate_static, changing around line 299 (to not skip .well-known dirs: next if $file =~ /^\./ && $file !~ /^\.well-known/ && $file !~ /^\.ht/;
- enabled the trigger (copy paste in z_rewrite.pl). As .well-known can contain various things other than acme-challenge (.well-known it is a sort of W3C standard to web services entry point) I've enabled all the /.well-known URLs. I've modified the trigger to use the lang, because get_conf( "htdocs_path" ) points to the html directory while static files are in the subfolder with the lang id:

if( $o{uri} =~ m!^${o{urlpath}}/\.well-known/! )
  {
  my $lang = $o{repository}->get_langid;
                  if( -f $o{repository}->get_conf( "htdocs_path" ).'/'.$lang.$o{uri} )
                {
                        # reply with an HTTP '200'
                        ${$o{return_code}} = OK;
                        # and return the file reqested
                        $o{request}->filename( $o{repository}->get_conf( "htdocs_path" ).'/'.$lang.$o{uri} );
              
                }
                # and say that we've handled the request - so no more triggers should be run.
                return EP_TRIGGER_DONE;
        }

So now I can edit cfg/lang/<lang>/static/.well-known/afile, do generate_static <repo> and have my .well-known static afile updated.

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Thanks David and John! I'll work on it.

Il 11/02/25 18:07, David R Newman ha scritto:

Sorry that should have been:

Alias /.well-known EPRITHS_PATH/archives/ARCHIVE_ID/cfg/lang/en/static/.well-known

With EPRINTS_PATH and ARCHIVE_ID substituted as appropriate.

On 11/02/2025 17:05, David R Newman wrote:

Hi Yuri,

I think an alternative option could be to setup a rewrite exception [1], as these look to be applied before anything start with a "/." is rejected.   E.g.

$c->{rewrite_exceptions} = [ '/.well-known/' ];

Then you can write you own Apache config wherever your HTTPS virtualhost is to allow it to serve your .well-known/afile.

Alias /.well-known /opt/eprints3/archives/cfg/lang/en/static/.well-known

You may also need to add this to your archive's cfg/apachevhost.conf or create one and run:

EPRINTS_PATH/bin/generate_apacheconf --system --replace

If you need to also be able to serve this file under HTTPS.

This is a bit like the configuration used support Shibboleth authentication [2].

Regards

David Newman

[1] https://wiki.eprints.org/w/Shibboleth

[2] https://wiki.eprints.org/w/Shibboleth#Configuring_Apache_and_EPrints

On 11/02/2025 16:47, John Salter wrote:

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Hi Yuri,
Yes - by default (as mentioned in those Additional Notes), EPrints will reject requests containing "/.".

If it's a static file that you need to serve, you should just be able to replace the 'acme-challenge' part in that trigger with the URL to your file.
As this trigger gets called early in the Apache stack, EPrints possibly won't copy the file from e.g. archives/ARCHVIEID/cfg/static/.well-known/file to archives/ARCHVIEID/html/static/.well-known/file - so you might need to do this manually.

If you need to generate content for the .well-known URL dynamically, I can provide some suggestions to create a handler.

Cheers,
John

-----Original Message-----
From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> On Behalf Of Yuri
Sent: 11 February 2025 16:35
To: EPrints.org Technical List <eprints-tech@ecs.soton.ac.uk>
Subject: [EP-tech] Eprints and .well-known

CAUTION: External Message. Use caution opening links and attachments.

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Hi!

  I'm unable to make .well-know work in Eprints. I've changed generate_static to allow it, the directory is created under <repo>/cfg/lang/en/ but accessing it via url /.well-known/afile does not work. Do I need Additional Notes in
https://eur03.safelinks.protection.outlook.com/?url=""
 0608dd4abbcc04%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638748892632612446%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=B0l7vuIV87OBSpq8g2HF3tHPRS0A9sRsLHmgeJPxLCQ%3D&reserved=0 ?

  thanks!

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/