[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Running EPrints under HTTPS all the time

On 7 July 2017 at 09:14, Coles, Elizabeth A. (Betsy) <bcoles at caltech.edu> wrote:
> Has anyone set up EPrints to run under HTTPS all the time, not just for
> logins?
> We have a system running EPrints 3.3.10 and set up to use https for login as
> described in https://wiki.eprints.org/w/How_to_use_EPrints_with_HTTPS.  But
> what we'd really like to do is use HTTPS all the time.  Any pointers on how
> to set this up?
> Betsy Coles
> Caltech Library
> bcoles at caltech.edu

Hi Betsy,

We mostly have that set up at QUT (complicated by the fact that we
still allow cleartext HTTP access for non-secure pages.)

I do recall we had to make changes in order for EPrints's Apache httpd
config generator to add a second <Location/> block (for http_root,
when it doesn't match https_root) inside the HTTPS VirtualHost.

There are also issues in the way EPrints::URL assumes that "https" and
"secure" are the same thing, and is reluctant to put "https" at the
start of any URL that isn't "secure".

So, this is an area I definitely want to work on in the near future,
but it's not something I know how to solve immediately, I'm afraid.
Others may be of more help, though.

  Matthew Kerwin