EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #09697

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Eprints over NGINX

CAUTION: This e-mail originated outside the University of Southampton.
Good day!

We are done with setting Eprints to use only HTTPS and it also works with our NGINX set up, but the problem is the upload limit ( only accept upload up to 128 kb, more than that gives an error.)

i can share our NGINX configuration here, for someone that knows how to fix it. 

here is the NGINX config


worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
       worker_connections 768;
       # multi_accept on;

http {

       # Basic Settings
       sendfile on;
       tcp_nopush on;
       types_hash_max_size 2048;
       client_max_body_size 500M;
       # server_tokens off;

       # server_names_hash_bucket_size 64;
       # server_name_in_redirect off;

       include /etc/nginx/mime.types;
       default_type application/octet-stream;

       # SSL Settings

       ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
       ssl_prefer_server_ciphers on;

       # Logging Settings

       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/error.log;

       # Gzip Settings

       gzip_vary on;

       # gzip_vary on;
       # gzip_proxied any;
       # gzip_comp_level 6;
       # gzip_buffers 16 8k;
       # gzip_http_version 1.1;
       # gzip_types text/plain text/css application/json application/_javascript_ text/xml application/xml application/xml+rss text/_javascript_;

       # Virtual Host Configs

       include /etc/nginx/conf.d/*.conf;
       include /etc/nginx/sites-enabled/*;


server {
   server_name test.edu.ph;

   location / {
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       client_max_body_size 500M;

   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/test.edu.ph/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/test.edu.ph/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
   client_max_body_size 500M;


server {
   if ($host = test.edu.ph) {
       return 301 https://$host$request_uri;
   } # managed by Certbot

   listen 80;
   server_name test.edu.ph;
   return 404; # managed by Certbot
   client_max_body_size 500M;

wish someone can help us solve this problem.

On Wed, Apr 17, 2024 at 6:33 PM David R Newman <drn@ecs.soton.ac.uk> wrote:

Hi Zen,

No I have not specifically.  However, I would advise that if you use a proxy that will serve pages over HTTPS you still configure EPrints to use HTTPS not HTTP.  Usually your load balancer / reverse policy will allow you to use a self-signed certificate and not care about the expiry date (or if it does, set one way in the future).  

If you configure EPrints as HTTP only and the proxy serves pages over HTTPS you will likely get issues.  This is because historically (and still in use) EPrints content gets embedded in other websites, so URLs used in this context need to be full URLs rather that just paths.  Having an HTTPS proxy with EPrints running as HTTP only has led to things like the search form in the template not working as it is submits to an HTTP URL whilst the page served by the proxy is on HTTPS and browsers legitimately do not like this.  

There are ways to modify configuration to resolve most of these issues, (e.g. manually setting $c->{http_url}, $c->{http_cgiurl}, $c->{base_url} and $c->{perl_url} to https rather than http).  Howevver, my experience from trying to help others who have done this is there are still a few places where this does not fix the problem or by hacking the config like this creates new problems.  Therefore, making sure EPrints is setup for HTTPS is the more reliable option.


David Newman

On 17/04/2024 11:21, zen zenitram wrote:
CAUTION: This e-mail originated outside the University of Southampton.
CAUTION: This e-mail originated outside the University of Southampton.
Good day!

Anyone here tried to install Eprints and use NGINX as load balancer or reverse proxy?

Thank you!

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
*** Archive: https://www.eprints.org/tech.php/
*** EPrints community wiki: https://wiki.eprints.org/