[EP-tech] Running EPrints under HTTPS all the time

Matthew Kerwin matthew at kerwin.net.au
Fri Jul 7 01:20:06 BST 2017


On 7 July 2017 at 09:14, Coles, Elizabeth A. (Betsy) <bcoles at caltech.edu> wrote:
>
> Has anyone set up EPrints to run under HTTPS all the time, not just for
> logins?
>
> We have a system running EPrints 3.3.10 and set up to use https for login as
> described in https://wiki.eprints.org/w/How_to_use_EPrints_with_HTTPS.  But
> what we'd really like to do is use HTTPS all the time.  Any pointers on how
> to set this up?
>
> Betsy Coles
>
> Caltech Library
>
> bcoles at caltech.edu
>

Hi Betsy,

We mostly have that set up at QUT (complicated by the fact that we
still allow cleartext HTTP access for non-secure pages.)

I do recall we had to make changes in order for EPrints's Apache httpd
config generator to add a second <Location/> block (for http_root,
when it doesn't match https_root) inside the HTTPS VirtualHost.

There are also issues in the way EPrints::URL assumes that "https" and
"secure" are the same thing, and is reluctant to put "https" at the
start of any URL that isn't "secure".

So, this is an area I definitely want to work on in the near future,
but it's not something I know how to solve immediately, I'm afraid.
Others may be of more help, though.

Cheers
-- 
  Matthew Kerwin
  http://matthew.kerwin.net.au/


More information about the Eprints-tech mailing list