[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] empty c->{'host'} in Eprints 3.3.XX
Hi Yuri,
It is worth noting (and I should have mentioned earlier) that there is
not a good reason not to set $c->{host} in 3.3.x, as the simplified
HTTPS configuration for HTTPS only with HTTP->HTTPS redirects only works
on 3.4.2+.? To implement this required changes to generate_apacheconf to
recognise when $c->{securehost} is set but $c->{host} is not, that the
Apache configuration should create an HTTP->HTTPS redirect for the
primary hostname.
I am not planning to backport the changes I made to generate_apacheconf
and related files to support simplified HTTPS configuration on 3.3.x.?
As there have been sufficient changes between versions, such backported
changes may have unintended consequences.? The best way to configure
HTTPS only configuration on 3.3.x is to create a redirect inside the
archive's cfg/apachevhost.conf, something like:
|RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*)
https://%{HTTP_HOST}%{REQUEST_URI}|
Regards
David Newman
On 20/09/2022 15:09, Yuri via Eprints-tech wrote:
> *CAUTION:* This e-mail originated outside the University of Southampton.
>
> config->("host") is used also in
>
> perl_lib/EPrints/DataObj/LoginTicket.pm
>
> to name the cookie with the host
>
> and in
>
> perl_lib/EPrints/OpenArchives.pm
>
> to get the oai_id
>
> and in
>
> perl_lib/EPrints/URL.pm
>
> used to print the request url (quite complex, you should get it from
> the request itself)
>
> In all these file, just replace host with securehost.
>
>
> Il 16/09/22 12:54, Yuri via Eprints-tech ha scritto:
>> *CAUTION:* This e-mail originated outside the University of Southampton.
>>
>> Automatic redirect from http to https cannot be done directly in
>> Apache because of the Apache::Rewrite module. To enable the automatic
>> redirection, just edit perl_lib/EPrints/Apache/Rewrite.pm and modify to:
>>
>> ??????? if( $secure )
>> ??????? {
>> ??????????????? $urlpath = $repository->get_conf( "https_root" );
>> ??????????????? $cgipath = $repository->get_conf( "https_cgiroot" );
>> ??????? }
>> ??????? else
>> ??????? {
>> ??????????????? # $urlpath = $repository->get_conf( "http_root" );
>> ??????????????? # $cgipath = $repository->get_conf( "http_cgiroot" );
>> ??????????????? return redir( $r, "<mysitehttpsurl>".$uri.$args );
>>
>>
>> ??????? }
>>
>> (useful if you started from an http site)
>>
>> Il 05/09/22 15:30, Yuri via Eprints-tech ha scritto:
>>> *CAUTION:* This e-mail originated outside the University of
>>> Southampton.
>>>
>>> Hi!
>>>
>>> ?I've found 2 more places we had to overcome the missing c->{host}:
>>>
>>> ?in the repository config, cfg.d/misc.pl:
>>>
>>> change
>>>
>>> $c->{cookie_domain} = $c->{host};
>>>
>>> to
>>>
>>> $c->{cookie_domain} = $c->{securehost};
>>>
>>> If you've the DOI plugin:
>>>
>>> in cfg.d/z_datacitedoi.pl
>>>
>>> change
>>>
>>> $c->{datacitedoi}{repoid} = $c->{host};
>>>
>>> to
>>>
>>> $c->{datacitedoi}{repoid} = $c->{securehost};
>>>
>>>
>>> The only other part where c->{host} is used is:
>>>
>>> perl_lib/EPrints/Repository.pm:??? ??? scheme => ($config->{host} ?
>>> "http" : "https"), (but this should be ok because it will default to
>>> https)
>>>
>>> and Sword which I don't use.
>>>
>>>
>>> also there's
>>>
>>> perl_lib/EPrints/URL.pm:??? $opts{host} = "" unless defined $opts{host};
>>>
>>> But I think that opts{host} will be set to https by the caller.
>>>
>>>
>>> Thanks!
>>>
>>> Il 08/08/22 10:34, Yuri via Eprints-tech ha scritto:
>>>> *CAUTION:* This e-mail originated outside the University of
>>>> Southampton.
>>>>
>>>>
>>>> Il 08/08/22 09:54, David R Newman ha scritto:
>>>>>
>>>>> Hi Yuri,
>>>>>
>>>>> If you were in EPrints 3.4.1 onwards then you could just unset
>>>>> $c->{host}.? However, there are some Bazaar plugins that rely on
>>>>> $c->{host} being set, so you would need to check to make sure
>>>>> $c->{host} was not used directly anywhere and update appropriately
>>>>> to use $c->{securehost}.
>>>>>
>>>>> If you are still on 3.3.x, then the best plan is to manually set
>>>>> various URLs through configuration:
>>>>>
>>>>> $c->{http_url} = $c->{base_url};
>>>>>
>>>>> $c->{http_cgiurl} = $c->{perl_url};
>>>>>
>>>>
>>>> It is Eprints 3.3.15.
>>>>
>>>> What happen if I don't set these? It seems to work, only
>>>> c->{'frontpage'} is set only from http_url, the other uses ||= to
>>>> get the value from other variables.
>>>>
>>>> But I agree it is better to set them!
>>>>
>>>>
>>>>> I think you should have a cfg/cfg.d/20_baseurls.pl in you archive,
>>>>> if so just add these links after the lines that set the
>>>>> $c->{base_url} and $c->{perl_url} variables.? However, this will
>>>>> only work if you have a recent version of 20_baseurls.pl, which
>>>>> prioritises HTTPS over HTTP:
>>>>>
>>>>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fblob%2F3.3%2Flib%2Fdefaultcfg%2Fcfg.d%2F20_baseurls.pl&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dPZIqF0q08O0VO890gEk%2B6igmej9OYVaGRLLQZY3454%3D&reserved=0
>>>>>
>>>> Yes, it is. I'll do this.
>>>>
>>>>
>>>>> Also, using a copy of 20_baseurls.pl above with the changes I
>>>>> suggested will also only work if $c->{securehost} is set in a file
>>>>> that is loaded before 20_baseurls.pl (e.g. 10_core.pl).
>>>>>
>>>> It is set in 10_core.pl so it should be ok.
>>>>
>>>>
>>>>> If you have $c->{securehost} defined in https.pl, (which seems
>>>>> quite common), you are best renaming this to 15_https.pl.? Once
>>>>> you have got the appropriate changes in place, it is probably
>>>>> worth running generate_apacheconf and generate_static, although I
>>>>> don't think the former should be needed. Then when you are happy
>>>>> that static pages no longer have any HTTP URLs, (by testing in
>>>>> your web browser), it is worth running "epadmin refresh_abstracts"
>>>>> and "epadmin refresh_views" to clear HTTP URLs from those pages as
>>>>> well.
>>>>>
>>>>> Regards
>>>>>
>>>>> David Newman
>>>>>
>>>>>
>>>>> On 08/08/2022 8:02 am, Yuri via Eprints-tech wrote:
>>>>>> CAUTION: This e-mail originated outside the University of Southampton.
>>>>>>
>>>>>> Hi!
>>>>>>
>>>>>> I would like to totally switch to https. I've managed most of the
>>>>>> redirects at apache level and it works but, for example, the export for
>>>>>> in views (/cgi/exportview) still point to http, as various backend urls.
>>>>>> Redirects are not perfect because when cgi is involved the browser will
>>>>>> prompt a secure warning because the form will go in http (before
>>>>>> redirect). Looking at the code, seems possible to have only securehost
>>>>>> set and c->{'host'} commented. Will this work or there will be any issue?
>>>>>>
>>>>>>
>>>>>> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>>>>>> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pnSdgpBLKEoakMOv8gMfbV3EBwF8jxcXprYLSry1cFs%3D&reserved=0
>>>>>> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=03axS2g0irLtj8I%2BTVzhKAKr%2FBVdC27x0jbWWTfxsI0%3D&reserved=0
>>>>
>>>> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>>>> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pnSdgpBLKEoakMOv8gMfbV3EBwF8jxcXprYLSry1cFs%3D&reserved=0
>>>> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=03axS2g0irLtj8I%2BTVzhKAKr%2FBVdC27x0jbWWTfxsI0%3D&reserved=0
>>>
>>> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>>> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pnSdgpBLKEoakMOv8gMfbV3EBwF8jxcXprYLSry1cFs%3D&reserved=0
>>> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=03axS2g0irLtj8I%2BTVzhKAKr%2FBVdC27x0jbWWTfxsI0%3D&reserved=0
>>
>> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pnSdgpBLKEoakMOv8gMfbV3EBwF8jxcXprYLSry1cFs%3D&reserved=0
>> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=03axS2g0irLtj8I%2BTVzhKAKr%2FBVdC27x0jbWWTfxsI0%3D&reserved=0
>
> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pnSdgpBLKEoakMOv8gMfbV3EBwF8jxcXprYLSry1cFs%3D&reserved=0
> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C38389e46f4e34a0a074a08da9b186edf%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637992826477006240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=03axS2g0irLtj8I%2BTVzhKAKr%2FBVdC27x0jbWWTfxsI0%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20220920/2db7515e/attachment-0001.html