[EP-tech] SSL (HTTPS) only for an EPrints repository
matthew at kerwin.net.au
Tue Aug 22 23:36:29 BST 2017
On 23 Aug. 2017 6:57 am, "Tomasz Neugebauer" <Tomasz.Neugebauer at concordia.ca>
Google is sending out alerts that it will soon begin to show security
warnings in Chrome for any web site that is not SSL (HTTPS).
Our EPrints repository (running 3.3.12) switches over to HTTPS when the
user authenticates, but the browse pages are available through HTTP as well.
What is the best way to get EPrints to redirect everything to HTTPS?
I think I remember this question coming up on the list before, but I can’t
seem to find any references.
All I remember is that I had to change how eprints generates the Apache
config so it added a <Location> chunk for the non-secure root (i.e. "/")
inside the :443 VirtualHost, which defined the eprints archive environment
Our repo allows both http and https access, though; if you're going
https-everywhere you'll probably have different concerns.
Oh, and see also:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Eprints-tech