[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] SSL (HTTPS) only for an EPrints repository

On 23 Aug. 2017 6:57 am, "Tomasz Neugebauer" <Tomasz.Neugebauer at concordia.ca>

Google is sending out alerts that it will soon begin to show security
warnings in Chrome for any web site that is not SSL (HTTPS).

Our EPrints repository (running 3.3.12) switches over to HTTPS when the
user authenticates, but the browse pages are available through HTTP as well.

What is the best way to get EPrints to redirect everything to HTTPS?

I think I remember this question coming up on the list before, but I can?t
seem to find any references.



All I remember is that I had to change how eprints generates the Apache
config so it added a <Location> chunk for the non-secure root (i.e. "/")
inside the :443 VirtualHost, which defined the eprints archive environment

Our repo allows both http and https access, though; if you're going
https-everywhere you'll probably have different concerns.

Oh, and see also:

Matthew Kerwin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20170823/bcf131de/attachment.html