EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #10159

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Ask about upload error and https

CAUTION: This e-mail originated outside the University of Southampton.

You said previously about the SSL happening at a Load Balancer (LB) – where is that directing traffic on to, as that might be contributing to a redirect loop?

i.e.

 

Browser -> LB port 443 -> repo port 80 , redirects to port 443 which hits the LB and comes back to port 80 again ?

 

Alan

 

From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> on behalf of David R Newman <drn@ecs.soton.ac.uk>
Date: Wednesday, 25 June 2025 at 14:51
To: Agung Prasetyo W. <prazetyo@gmail.com>
Cc: eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>
Subject: Re: [EP-tech] Ask about upload error and https

Hi Agung PW,

What version of EPrints are you running?  There is a likelihood that even if you made those changes to template_core.pl they may not help depending on what version of EPrints you are on.  

If you only made the changes I suggested to a copied to archive version of template_core.pl, then I cannot see how you would have got stuck in a redirect loop.  Did you make sure that the file you copied has exactly the same name in your archive's cfg/cfg.d as it does in lib/cfg.d/.  Otherwise, having the two dynamic trigger templates could possibly cause a redirect loop.

Regards

David Newman

On 25/06/2025 12:41, Agung Prasetyo W. wrote:

CAUTION: This e-mail originated outside the University of Southampton.

Hi David,

 

I already added template_core.pl into cfg/cfg.d, but still

var eprints_http_root = "http://repository.domain.edu";
var eprints_http_cgiroot = "http://repository.domain.edu";

Then when I edited the 10_core.pl file and added host to

$c->{securehost} = 'repository.domain.edu';

 

and run generate_static, epadmin reload and restart apache, the view source has changed to:

var eprints_http_root = "https://repository.domain.edu";
var eprints_http_cgiroot = "https://repository.domain.edu";

but when I click manage deposits, an error appears:

 

When I using Developer tools, there is an error when upload items, like screenshot below

There a message :

auto-3.4.1.js:1736 Mixed Content: The page at 'https://repositori.domain.edu/cgi/users/home?screen=EPrint::Edit&eprintid=33078&stage=files#t' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://repositori.domain.edu/users/ajax/upload_progress?progressid=C15E8EE3DBE34373ACB3A7CF64123EBF'. This request has been blocked; the content must be served over HTTPS.

 

Thank you

 

Regards,

Agung PW

 

On Wed, 25 Jun 2025 at 15:13, David R Newman <drn@ecs.soton.ac.uk> wrote:

Hi Agung PW,

The code that actually generates the _javascript_ in you screenshot is in lib/cfg.d/template_core.pl.  This then call EPrints::Repository->current_url and that calls EPrints::URL->new and then get on the new URL object created.  Looking at the EPrints::URL->get method (for 3.4.6) as the EPrints::Repository->current_url  in template_core.pl has not specified a scheme it will default to https if $c->{securehost} is defined in your archive's cfg/cfg.d/10_core.pl or another alphanumerically later file in this directory.  Therefore, these two should be set to https. 

However, if you are running an earlier version of EPrints 3.4, this may not be the case, as we have been teasing out issues where HTTP is still used when really HTTPS is the correct choice.  In that case, you are best copying lib/cfg.d/template_core.pl to you archive's cfg/cfg.d/ directory and where you have the following two lines:
 
                $repo->current_url( host => 1, path => 'static' ),
                $repo->current_url( host => 1, path => 'cgi' ),

Changing them to

                $repo->current_url( host => 1, path => 'static', scheme => 'https' ),
                $repo->current_url( host => 1, path => 'cgi', scheme => 'https' ),

It may be worth running bin/generate_static on you archive but if this is a problem when uploading this issue is probably a dynamic management page, so will automatically be updated when you reload Apache.  If you already have a template_core.pl in your archive's cfg/cfg.d/ directory, you will likely need to make a similar amendment.

Regards

David Newman

On 25/06/2025 8:41 am, Agung Prasetyo W. wrote:

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Hi,

 

How to change 2 urls (eprints_http_root and eprints_http_cgiroot) from http to https? As I listed in the screenshot.

 



I have tried changing the configuration in 10_core.pl and 20_baseurls.pl, but it still doesn't work. For your information, SSL is not installed on the server directly, but on the LB (load balancer), so I can't apply the method in https://wiki.eprints.org/w/How_to_use_EPrints_with_HTTPS to the server. Because when I try to restart apache, an error appears:

[Wed Jun 25 11:17:55.714301 2025] [ssl:emerg] [pid 124977] AH02572: Failed to configure at least one certificate and key for repository.domain.edu:443
[Wed Jun 25 11:17:55.714332 2025] [ssl:emerg] [pid 124977] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned

Please help, what steps should be taken if in a condition like this.

According to my understanding, this https is what causes the error of the unsuccessful upload process as in the screenshot below.

upload error 01

 

upload error 02

 

delete error screenshot

 

Thank you

 

Regards,

Agung PW

 



*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/