[EP-tech] SSL (HTTPS) only for an EPrints repository
matthew at kerwin.net.au
Fri Aug 25 10:39:35 BST 2017
On 25 Aug. 2017 18:51, "John Salter" <J.Salter at leeds.ac.uk> wrote:
In the non-secure virtual host, the following line will redirect all
This will redirect clients that don't honour the HSTS headers, as well as
pointing clients in the right direction in the first place.
Whilst testing, you might want to leave out the 'permanent' part.
Redirect permanent / https://your.repo/
I'm guesing you have something similar somewhere in you :80 vhost?
If not, and the HSTS headers are only sent for the :443 vhost, how does the
initial redirect work?
I've intentionally allowed existing http requests to continue the old
fashioned way, mostly because I don't trust that all the robots that
interact with the site would be able to cope with a redirect. 😒
For first-time human traffic we mostly rely on good links -- Google prefers
to serve up https links, and most (all?) of the links in the site itself
ought to be to https urls. Actually, I believe that the stylesheet and
image srcs are also https. So while you might be able to fetch a http page
once, it'd be very hard to do so a second time if your browser honours
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Eprints-tech