EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #09731

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Repository Server Upgrade SSL

CAUTION: This e-mail originated outside the University of Southampton.
Have you got any other vhosts defined?

If you do:
apachectl -S
it should list them.

(Feel free to take this off-list if you prefer)


From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> on behalf of James Kerwin <jkerwin2101@gmail.com>
Sent: 14 June 2024 06:10
To: eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>
Subject: [EP-tech] Repository Server Upgrade SSL

CAUTION: External Message. Use caution opening links and attachments.

CAUTION: This e-mail originated outside the University of Southampton.
CAUTION: This e-mail originated outside the University of Southampton.
Hi All,

I did the big switchover to my new repository server yesterday.

Had a number of problems with getting SSL to work. I'm now at the point where I can go to the url:


But it loads the default Apache page. This feels like a step forwards as yesterday Apache was telling me my certificate files didn't exist.

Can anybody please advise me?

In /etc/apache2/sites-enabled/eprints.conf I have:

Include /opt/eprints3/cfg/apache.conf
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from localhost

In /opt/eprints3/cfg/apache.conf I have:

# Load the perl modules & repository configurations
PerlSwitches -I/opt/eprints3/perl_lib
Include /opt/eprints3/cfg/perl_module_isolation.conf

# Load the per-repository apache configuration
Include /opt/eprints3/cfg/apache/*.conf
Include /opt/eprints3/cfg/apache_ssl/*.conf

In /opt/eprints3/cfg/apache_ssl/uolrepo.conf I have what looks to be the correct conf based on it being similar in structure to that I use on the Data Catalogue. I think it's safe enough to share the below.

If anyone can help I would be eternally grateful and forever in your debt.

<VirtualHost *:443>
  ServerName livrepository.liverpool.ac.uk

  ServerAdmin jkerwin@liverpool.ac.uk
  SSLEngine On
  #SSLCertificateFile /var/tmp/270324-ssl-certs/repo-live_liv_ac_uk_cert.cer
  #SSLCertificateKeyFile /var/tmp/270324-ssl-certs/liv-repo-live.key
  #SSLCertificateChainFile /var/tmp/270324-ssl-certs/repo-live_liv_ac_uk_interm.cer
  SSLCertificateFile /opt/eprints3/certs/repo-live_liv_ac_uk_cert.cer
  SSLCertificateKeyFile /opt/eprints3/certs/liv-repo-live.key
  SSLCertificateChainFile /opt/eprints3/certs/repo-live_liv_ac_uk_interm.cer
  Header always set Strict-Transport-Security "max-age=15768000"  
  SSLProtocol             all -SSLv3
  SSLHonorCipherOrder     on
  SSLCompression          off
  <Location "">
    PerlSetVar EPrints_ArchiveID uolrepo
    PerlSetVar EPrints_Secure yes

    Options +ExecCGI
    <IfModule mod_authz_core.c>
       Require all granted
    <IfModule !mod_authz_core.c>
       Order allow,deny
       Allow from all