EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #10084


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Hi and help


CAUTION: This e-mail originated outside the University of Southampton.
Hi David.

Many, many thanks!!
With EPrints config it works perfectly.

I tried the new instructions from the wiki page for login-only access
  •  - Disabled all EPrints login_required_XXX options

  •  - Ran bin/generate_static to create archives/ARCHIVEID/cfg/apachevhost.conf (edited with my archive ID and my site URL)

  •  - Restarted Apache

  • Result:  The homepage is not found, but the rest of the site can be accessed without login

    It seems that apachevhost.conf is not automatically included in the Apache configurations, so I tried the following (restarting Apache after each change):

    • Added Include /opt/eprints3/archives/ARCHIVEID/cfg/apachevhost.conf to /etc/httpd/conf.d/eprints.conf → homepage shows login request, rest of the site can be accessed without login

    • Added it to /opt/eprints3/archives/ARCHIVEID/ssl/securevhost.conf (yes, I'm using wiki.eprints.org/W/Simplified_HTTPS_Configuration) → Internal Server Error on all pages, with this message in my ssl_error_log:

    [Sat Apr 19 13:14:07.808897 2025] [core:error] [pid 35627:tid 35627] [client xx.xx.xx.xx:13182] AH00027: No authentication done but request not allowed without authentication for /cgi/users/login. Authentication not configured?

    So I go back to EPrints config for now.

    I spent days researching and testing a lot of things about Apache mod_auth and mod_authz... I couldn't figure it out.

    Maybe the problem is my Apache configuration and/or my EPrints upgrade.

    At some point (hopefully not too far away) I'll try to do a clean install test of EPrints 3.4.6 and try the login-only with Apache configurations.

    If you'd like me to test anything else, please don’t hesitate to let me know.

    Thanks again for your help!

    Regards.
    Fernando Hdez.


    El vie, 18 abr 2025 a las 19:48, David R Newman (<drn@ecs.soton.ac.uk>) escribió:
    Hi,

    From a purely Apache 2.4.x perspective, you will need to modify the configuration in various places from:

    order allow,deny
    allow from all
    satisfy any

     
    to:

    require all granted

    I have updated the wiki page to that effect but I have not tested it, so it would be useful to get your feedback. 

    The login_required_for_XXX configuration settings you have not got quite right.  Instead of:

    $c->{login_required_for_cgi_enable} = 1;
    $c->{login_required_for_eprints_enable} = 1;
    $c->{login_required_for_views_enable} = 1;


    they should be:

    $c->{login_required_for_cgi}->{enable} = 1;
    $c->{login_required_for_eprints}->{enable} = 1;
    $c->{login_required_for_views}->{enable} = 1;

    Also you want to make sure you also include the following two lines of configuration.  First to add some exception to CGI URLs that can be accessed as you might cause redirect loops otherwise and second to specify what URL to use for logins (it won't revert to the standard login URL, so you need to set it, I shall update the miscellaneous configuration wiki page to reflect this):

    $c->{login_required_for_cgi}->{exceptions} = [ "users/login", "handle_404" ];
    $c->{login_required_url} = "/cgi/users/login";

    I don't think you need both Apache configuration and EPrints configuration.  However, if there may be extra things you want to hide from those not logged in like static pages (e.g. /information.html) or possibly even the homepage.  Then you may need to make some modifications to the Apache configuration to hide those as well.

    Regards

    David Newman

    On 18/04/2025 1:25 pm, kralizeck@gmail.com wrote:
    CAUTION: This e-mail originated outside the University of Southampton.
    CAUTION: This e-mail originated outside the University of Southampton.

    Hi everyone.
    Greetings to all.

    I'm relatively new to EPrints, and I'm currently in the process of migrating a login-only site:

    • OLD site: EPrints 3.3.12, Ubuntu 12, Apache 2.2.22

    • NEW site: EPrints 3.4.6, AlmaLinux 9.5, Apache 2.4.62

    The old site used the instructions from https://wiki.eprints.org/w/Login-Only_Repository (last edited on 2010), and it worked well. However, those instructions no longer seem to work with the newer Apache version.

    After many attempts and trial-and-error testing, I haven't been able to make it work as it did before.

    I found new configuration options (like login_required...),  but they don’t seem to have any effect — or I might not be using them correctly:
    https://wiki.eprints.org/w/Miscellaneous_Config_Options#L

    I created the file archives/myrepo/cfg/cfg.d/z_login_required.pl with the following content:

    $c->{login_required_for_cgi_enable} = 1;
    $c->{login_required_for_eprints_enable} = 1;
    $c->{login_required_for_views_enable} = 1;

    Then I restarted Apache and regenerated statics, views, abstracts, etc., but no luck. The site is still not login-only like it was before.

    Any suggestions would be greatly appreciated.

    Thanks and best regards.


    *** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List
    *** Archive: https://www.eprints.org/tech.php/
    *** EPrints community wiki: https://wiki.eprints.org/