From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> On Behalf Of Yuri
Sent: 08 April 2025 07:27
To: eprints-tech@ecs.soton.ac.uk
Subject: Re: [EP-tech] HTTPS-only

CAUTION: This e-mail originated outside the University of Southampton.

"generates a 500 Internal Server Error"

can you post the apache error log about this 500 error?

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Hi

 

I am almost there with resolving the problems I had in switching to https-only. The server is behaving itself and eprints is generating all the files necessary for a fully functioning site. The basic pages all for each item in the repository were all in the right place, i.e. all the pages at /opt/eprints3/archives/arcom/html/en were properly set up by the software. The only problem that remained was that I cannot find how to point the browser at the correct folder for the pages that should appear when abstracts are searched, browsed or listed. I know that there is a mis-configured configuration file somewhere, but I cannot find it. In the browser, clicking on Latest Additions, Browse, Search catalogue, or anything that presents data, generates a 500 Internal Server Error. I am pretty sure that there is just one line of code missing from a single config file. In trying to fix that, I cannot access the site at all in the browser, but all the files are being properly generated.

 

I am going around in circles with this, and have been for weeks. Here are my config files. Is it possible to see anything obvious that is missing, please?

 

Thank you in advance

 

Best wishes

 

Will


Regenerated the auto-generated conf files as follows:

/etc/apache2$ /opt/eprints3/bin/generate_apacheconf --system --replace

 

1. /opt/eprints3/cfg/apache.conf

#

# apache.conf include file for EPrints

#

# Any changes made here will be lost if you run generate_apacheconf

# with the --replace --system options

#

 

# Load the perl modules & repository configurations

PerlSwitches -I/opt/eprints3/perl_lib

Include /opt/eprints3/cfg/perl_module_isolation.conf

 

# Load the per-repository apache configuration

Include /opt/eprints3/cfg/apache/*.conf

 

2. /opt/eprints3/cfg/apache_ssl.conf

#

# apache_ssl.conf include file for EPrints

#

# Any changes made here will be lost if you run generate_apacheconf

# with the --replace --system options

#

 

# Note that PerlTransHandler can't go inside

# a "Location" block as it occurs before the

# Location is known.

PerlTransHandler +EPrints::Apache::Rewrite

 

# Load the per-repository apache configuration

Include /opt/eprints3/cfg/apache_ssl/*.conf

 

 

3. /opt/eprints3/cfg/perl_module_isolation.conf

##This file is included by apache.conf -- Do not edit this file directly.

##You should edit the perl_module_isolation flag in /opt/eprints3/perl_lib/EPrints/SystemSettings.pm, then run /opt/eprints3/bin/generate_apacheconf --system --replace to regenerate this file.

 

##The following two lines turn the perl_module_isolation OFF (All repositories now sharing a single perl interpreter and have access to all perl modules.)

#PerlModule EPrints

#PerlPostConfigHandler +EPrints::post_config_handler

 

4. /opt/eprints3/cfg/perl_module_isolation_vhost.conf

##This file is included by each repository's apache conf -- Do not edit this file directly.

##You should edit the perl_module_isolation flag in /opt/eprints3/perl_lib/EPrints/SystemSettings.pm, then run /opt/eprints3/bin/generate_apacheconf --system --replace to regenerate this file.

 

##The following three lines are commented out to turn the perl_module_isolation OFF (All repositories now sharing a single perl interpreter and have access to all perl modules.)

#PerlOptions +Parent

#PerlSwitches -I/opt/eprints3/perl_lib

#PerlModule EPrints

 

 

5. /opt/eprints3/cfg/apache/arcom.conf

#

# apache.conf include file for arcom

#

# Any changes made here will be lost if you run generate_apacheconf

# with the --replace option

#

# This file manually created after guidance from https://wiki.eprints.org/w/HTTPS-only_and_HSTS

 

# The main virtual host for this repository

<VirtualHost *:80>

  RedirectPermanent / https://arcomabstracts.com/

</VirtualHost>

 

 

6. /opt/eprints3/cfg/apache_ssl/arcom.conf

#

# secure.conf include file for arcom

#

# Any changes made here will be lost if you run generate_apacheconf

# with the --replace option

#

  # Set by $c->{max_upload_filesize}

  LimitRequestBody 1073741824

 

Include /opt/eprints3/cfg/perl_module_isolation_vhost.conf

 

  <Location "">

    PerlSetVar EPrints_ArchiveID arcom

    PerlSetVar EPrints_Secure yes

               PerlSetVar ArchiveDocRoot /opt/eprints3/archives/arcom/html

 

    Options +ExecCGI

    <IfModule mod_authz_core.c>

       Require all granted

    </IfModule>

    <IfModule !mod_authz_core.c>

       Order allow,deny

       Allow from all

    </IfModule>

  </Location>

 

 

7. /opt/eprints3/archives/arcom/ssl/securevhost.conf

<VirtualHost *:443>

  ServerName arcomabstracts.com

  Header set Strict-Transport-Security "max-age=15780000"

 

  # EPrints core config

  Include /opt/eprints3/cfg/apache_ssl/arcom.conf

  Include /opt/eprints3/cfg/perl_module_isolation_vhost.conf

 

  # SSL Configuration

  SSLEngine on

  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

  SSLHonorCipherOrder on

  SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

  SSLCertificateFile /opt/eprints3/archives/arcom/ssl/arcomabstracts.com.crt

  SSLCertificateKeyFile /opt/eprints3/archives/arcom/ssl/arcomabstracts.com.key

  SSLCertificateChainFile /opt/eprints3/archives/arcom/ssl/arcomabstracts.com.ca-bundle

 

  # Content handling

  DocumentRoot /opt/eprints3/archives/arcom/html

 

  # CGI configuration

  ScriptAlias /cgi/ "/opt/eprints3/cgi/"

  <Directory "/opt/eprints3/cgi">

      Options +ExecCGI

      SetHandler perl-script

      PerlResponseHandler ModPerl::Registry

      PerlOptions +ParseHeaders

      Require all granted

  </Directory>

 

  <Directory "/opt/eprints3/archives/arcom/html">

    Options Indexes FollowSymLinks

    AllowOverride All

    Require all granted

    DirectoryIndex index.xpage index.html

  </Directory>

 

  # EPrints-specific

  <Location "">

      PerlSetVar EPrints_ArchiveID arcom

      PerlSetVar EPrints_Secure yes

      Options +ExecCGI

      Require all granted

  </Location>

 

  # IE workarounds

  SetEnvIf User-Agent ".*MSIE.*" \

    nokeepalive ssl-unclean-shutdown \

    downgrade-1.0 force-response-1.0

 

  # Logging

  ErrorLog logs/ssl_error_log

  TransferLog logs/ssl_access_log

  LogLevel warn

  CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

 

 

 

 

From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> On Behalf Of Will Hughes
Sent: 04 April 2025 12:40
To: David R Newman <drn@ecs.soton.ac.uk>; eprints-tech@ecs.soton.ac.uk
Subject: Re: [EP-tech] HTTPS-only

 

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

David

 

Thank you for these suggestions. I shall try these and also check the configuration of SSL Certificates with my website host.

 

Best wishes 

 

Will

____

---

From: David R Newman <drn@ecs.soton.ac.uk>
Sent: Thursday, April 3, 2025 2:08:49 PM
To: eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>; Will Hughes <w.p.hughes@reading.ac.uk>
Subject: Re: [EP-tech] HTTPS-only

 

Hi Will,

You probably want to run:

journalctl -xeu apache2.service

as the root user or using sudo.  That may give you a useful error message.  Otherwise checking the error log for the webserver (typically /var/log/apache2/error.log) on Ubuntu.  Running the following command (as root or with sudo):

apache2ctl configtest

may also give you a clue to where the issue is.  This error message you do have does not look like it has anything to do with EPrints from a core codebase perspective.  It may be that the Apache configuration that EPrints has generated is somehow invalid.  One further thing to try, is regenerating this by running (as the eprints user):

EPRINTS_PATH/bin/generate_apacheconf --system --replace

Then try restarting Apache again (possible trying apache2ctl configtest again before restarting).  It may be your changes to try to setup HTTPS mean the generated Apache config from EPrints need updating.

Regards

David Newman

On 03/04/2025 13:50, Will Hughes wrote:

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Hi

 

I wonder whether anyone has experience of switching their site to HTTPS-only. I have followed the steps in the manual and double-checked everything, but my site is not working properly, generating an error: SSL handshake failed Error code 525

 

I have checked through all the documentation I can find, and when I run: /etc/init.d/apache2 restart I get an error message:

 

Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service failed because the control process exited with error code.

See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details.

 

Unfortunately, I so not understand what is happening here and I am not sure what aspect of the suggested commands to copy here. Can anyone help, please?

 

Best wishes

 

Will   

 

Will Hughes

Emeritus Professor of Construction Management and Economics

School of the Built Environment     

University of Reading, PO Box 219, Whiteknights

Reading, RG6 6DF, UK

 

 

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List

*** Archive: https://www.eprints.org/tech.php/

*** EPrints community wiki: https://wiki.eprints.org/

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List

*** Archive: https://www.eprints.org/tech.php/

*** EPrints community wiki: https://wiki.eprints.org/