EPrints Technical Mailing List Archive

Message: #08971


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Enable SSL on new server


CAUTION: This e-mail originated outside the University of Southampton.
Hi David,

Thanks for the advice; I think you're correct. It looks like my headers module isn't enabled. I had been on a bit of an adventure with it yesterday because I think ssl wasn't enabled and then I had to install openssl and Crypt::SSLeay. The latter not being particularly straightforward.

I'm stuck on one final thing that I can't work out. The URL for the EPrints abstracts seem to have ":443" sandwiched in between the base url and eprints id wherever they're linked to in views or search results. Any idea what I've done?

As an example, a url that should be: http://datacat.liverpool.ac.uk/1640/


Which generates an error along the lines of "Bad Request. Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please."


I've reindexed, regenerated static, regenerated abstracts and regenerated views so it's something related to the present set-up.

Thanks,
James


On Mon, May 30, 2022 at 8:25 PM David R Newman <drn@ecs.soton.ac.uk> wrote:

Hi James,

Assuming removing that line was the only thing to change between when it wasn't working to when it was, I can only think that you did not have the Headers module enabled.  I am not sure what Linux OS you are running.  I can see that RHEL-based Linux looks to have this Headers module enabled by default but on Ubuntu Linux this looks to be available but disabled by default.  Assuming you are running Ubuntu or some other Debian based Linux, you can enable the Headers module with the command:

a2enmod headers

Once you have done this, you should be able to add the Header line back in.  However, I would have expected either the configuration to report as broken if you tested this before reloading or if you did reload/restart Apache this should have failed, as the command would not have been recognised.

If this advice does not help you fix the issue, please tell me what Linux OS and version you are running, as that may help me get a better idea what is wrong.

Regards

David Newman

On 30/05/2022 8:06 pm, James Kerwin wrote:
CAUTION: This e-mail originated outside the University of Southampton.
Hi David,

Thanks for your response and checking it. In all my messing about I've done something that's fixed it. The last line I removed from my secure config file within the last hour was:

Header always set Strict-Transport-Security "max-age=15768000"

and that's enabled the "http with internal https" by the looks of it.(option 2 https://wiki.eprints.org/w/Simplified_HTTPS_Configuration#HTTPS_When_You_Login)

Although that is currently in the config of another server with our eprints repository on so I don't think it shouldn't be there. I think I'm happy with it for today, I've been trying to fix this one thing since 9am!

Thanks,
James

On Mon, May 30, 2022 at 7:48 PM David R Newman <drn@ecs.soton.ac.uk> wrote:

Hi James,

Exactly which "EPrints pages" are you referring?  I have just clicking on the link on the homepage (both on HTTP and HTTPS) to take me to https://datacat.liverpool.ac.uk/view and it looks to be working fine in FireFox and Chrome (latest versions for Windows 10).  Have you managed to fix things?  If not, my best guess is your browser is caching and giving you the 404 error page.

Regards

David Newman

On 30/05/2022 6:42 pm, James Kerwin via Eprints-tech wrote:
CAUTION: This e-mail originated outside the University of Southampton.
Hi,

I'm in the very final stages of a server rebuild/upgrade (and I can't wait to hand it back to the owners). Got an eprints repository for our data sets up and running. I am really struggling with getting SSL to work. I've followed the instructions available through the EPrints pages, but it just isn't working.

At the moment if I click on a https link (https://datacat.liverpool.ac.uk/view) I get:
"404 page not found on this server".

In Chrome it does indicate that there is a valid certificate. It's the same security certificate as on the previous server, but all the server details are the same. Plus I'd expect to be told there is a problem with the certificate if they weren't working.

Going to the https of the homepage I receive the default apache index page:

https://datacat.liverpool.ac.uk/

Clicking on links, they automatically take me to https, but it 404s.

Any advice for what I've missed? I'm in developer mode for now, but I am being careful to restart apache and regenerate static pages after making changes. It's eprints 3.4, apache and Ubuntu 20.

Thanks,
James

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/