<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@SimSun";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
code
        {mso-style-priority:99;
        font-family:"Courier New";}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:"Courier New";
        mso-fareast-language:EN-GB;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:"Calibri",sans-serif;}
span.EmailStyle23
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.EmailStyle24
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.EmailStyle25
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.EmailStyle26
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:64685557;
        mso-list-type:hybrid;
        mso-list-template-ids:1942358496 269025281 269025283 269025285 269025281 269025283 269025285 269025281 269025283 269025285;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1
        {mso-list-id:431124570;
        mso-list-type:hybrid;
        mso-list-template-ids:-523608494 269025295 269025305 269025307 269025295 269025305 269025307 269025295 269025305 269025307;}
@list l1:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l1:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l1:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l1:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l1:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l1:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l1:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l1:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l1:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l2
        {mso-list-id:1685786201;
        mso-list-type:hybrid;
        mso-list-template-ids:313301216 269025281 269025283 269025285 269025281 269025283 269025285 269025281 269025283 269025285;}
@list l2:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:72.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:108.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:144.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:180.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:216.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:252.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:288.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:324.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:360.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l3
        {mso-list-id:1993020884;
        mso-list-type:hybrid;
        mso-list-template-ids:1159597068 269025281 269025283 269025285 269025281 269025283 269025285 269025281 269025283 269025285;}
@list l3:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:54.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l3:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:90.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l3:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:126.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l3:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:162.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l3:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:198.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l3:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:234.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l3:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:270.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l3:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:306.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l3:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:342.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-CA" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoPlainText">I was asked to add this information to the wiki, so I have added a new page here:<o:p></o:p></p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText"><a href="https://wiki.eprints.org/w/HTTPS-only_and_HSTS">https://wiki.eprints.org/w/HTTPS-only_and_HSTS</a><o:p></o:p></p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">Please feel free to modify/add/delete as needed.<o:p></o:p></p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">Best wishes,<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Tomasz<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk]
<b>On Behalf Of </b>Tomasz Neugebauer<br>
<b>Sent:</b> September-26-17 2:56 PM<br>
<b>To:</b> eprints-tech@ecs.soton.ac.uk<br>
<b>Subject:</b> Re: [EP-tech] SSL (HTTPS) only for an EPrints repository<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Thanks to Matthew and John for your help.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">I thought I would report back to the list about this, now that I got all of this working on our repository:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">HSTS Headers on HTTPS<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Fixed “Mixed Content” warnings/errors<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">All ‘internal’ links point to HTTPS locations<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">301 Redirects from HTTP to HTTPS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">That follows the best practice specified here, by Google:
</span><a href="https://support.google.com/webmasters/answer/6073543?hl=en&amp;ref_topic=6001951"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">https://support.google.com/webmasters/answer/6073543?hl=en&amp;ref_topic=6001951</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">To make that happen, I had to do the following:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo4"><![if !supportLists]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><span style="mso-list:Ignore">1.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Changes to /cfg.d/10_core.pl:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Initialize the following two variables to be the https URL (i.e.,
</span><a href="https://spectrum.library.concordia.ca"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">https://spectrum.library.concordia.ca</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">)
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">$c-&gt;{http_url}<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">$c-&gt;{http_cgiurl}<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">$c-&gt;{base_url}<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo4"><![if !supportLists]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><span style="mso-list:Ignore">2.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Changes to /cfg/lang/en/templates/default.xml, and /cfg/lang/en/static .XPAGE files<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="margin-left:54.0pt;text-indent:-18.0pt;mso-list:l3 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Remove any hard coded links to HTTP<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:54.0pt;text-indent:-18.0pt;mso-list:l3 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">We have Google Search included here as XPAGE files calling on the Google API which I needed to switch to HTTPS<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo4"><![if !supportLists]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><span style="mso-list:Ignore">3.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Add a new include apache-ssl CONF file to /repoid/cfg/ that has the HSTS header:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l2 level1 lfo8">
<![if !supportLists]><span lang="EN-GB" style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span lang="EN-GB" style="font-family:&quot;Courier New&quot;">Header set Strict-Transport-Security &quot;max-age=15780000&quot;<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:18.0pt"><span lang="EN-GB" style="font-family:&quot;Courier New&quot;"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l2 level1 lfo8">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Include this file from the core apache declaration.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">I consulted this page (thanks to Justin):
</span><a href="https://wiki.eprints.org/w/Setting_up_HTTPS_using_Let%27s_Encrypt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">https://wiki.eprints.org/w/Setting_up_HTTPS_using_Let%27s_Encrypt</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">
 , which was helpful in making me realize I need a new conf file. &nbsp;A new file was required because /bin/generate_apacheconf (</span><a href="https://wiki.eprints.org/w/API:bin/generate_apacheconf"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">https://wiki.eprints.org/w/API:bin/generate_apacheconf</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">)
 overwrites any of the conf files that were already being included, and I was trying to avoid modifying this script.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo4"><![if !supportLists]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><span style="mso-list:Ignore">4.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Modify the default port 80 response in the apache config to redirect all port 80 (HTTP) requests to port 443 (HTTPS), using the same redirect suggested
 by John.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">I ended up doing this in one of the conf files that is generated by /bin/generate_apacheconf, which means that I will have to re-apply
 this redirect if/when I need to re-run this script.&nbsp; This is not ideal, but it was the simplest solution I could find, given the structure of the files generated by /generate_apacheconf.&nbsp; &nbsp;I think that this script (generate_apacheconf) should have some new
 flags, something like “--sslonly” and “--hsts” , which would generate the correct apache config files for a repository that follows the Google best practice of HTTPS-only with HSTS.&nbsp;
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">To summarize how HSTS works, if a browser (Chrome, Firefix, IE) sees the HSTS header in the response, and there are no certificate errors or mixed content warnings
 or anything (if it is green), then <i>the next time </i>a user of that browser requests the HTTP page of that site, the browser will modify the request to a HTTPS request and will not issue the HTTP request.&nbsp;&nbsp; The browser will remember that setting for as
 long as you specify “max-age” to be.&nbsp; This means that even with HSTS, it is still possible to request and receive content over HTTP.&nbsp; To close that down, a server redirect is necessary, so those browsers that haven’t seen the HSTS header in the past that happen
 to try to go to HTTP will get that initial redirect to HTTPS.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Let me know if you have any thoughts or ideas to share about any of that; I hope this information ends up being helpful for others.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Tomasz<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:8.0pt;font-family:&quot;Courier New&quot;;color:#A6A6A6;mso-fareast-language:EN-CA">________________________________________________<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:17.85pt">
<span lang="FR-CA" style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:black">Tomasz Neugebauer<span style="background:white"><br>
</span>Digital Projects &amp; Systems Development Librarian / Bibliothécaire des Projets Numériques &amp; Développement de Systèmes<span style="background:white"><br>
</span>Library / Bibliothèque<br>
Concordia University / Université Concordia</span><i><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:black"><o:p></o:p></span></i></p>
<p class="MsoNormal" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:17.85pt">
<span lang="FR-CA" style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:black">Tel. / Tél. 514-848-2424 ext. / poste 7738<br>
Email / courriel: </span><a href="mailto:tomasz.neugebauer@concordia.ca"><span lang="FR-CA" style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif">tomasz.neugebauer@concordia.ca</span></a><span style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:black">
</span><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:17.85pt">
<span lang="FR-CA" style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:black">Mailing address / adresse postale:&nbsp;1455 De Maisonneuve Blvd. W.,&nbsp;LB-540-03, Montreal, Quebec H3G 1M8<br>
Street address / adresse municipale: 1400&nbsp;De Maisonneuve Blvd. W.,&nbsp;LB-540-03, Montreal, Quebec H3G 1M8<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:17.85pt">
<a href="http://library.concordia.ca/"><span lang="FR-CA" style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif">http://library.concordia.ca</span></a><span lang="FR-CA" style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:black;background:white"><br>
</span><a href="http://www.concordia.ca/faculty/tomasz-neugebauer.html"><span lang="FR-CA" style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif">http://www.concordia.ca/faculty/tomasz-neugebauer.html</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">
<i><span lang="FR-CA" style="color:black"><o:p></o:p></span></i></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><i><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></i></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal" style="margin-left:18.0pt"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">
</span><a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">eprints-tech-bounces@ecs.soton.ac.uk</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">
 [</span><a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">mailto:eprints-tech-bounces@ecs.soton.ac.uk</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">]
<b>On Behalf Of </b>John Salter<br>
<b>Sent:</b> August-25-17 4:35 AM<br>
<b>To:</b> </span><a href="mailto:eprints-tech@ecs.soton.ac.uk"><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">eprints-tech@ecs.soton.ac.uk</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><br>
<b>Subject:</b> Re: [EP-tech] SSL (HTTPS) only for an EPrints repository<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi Tomasz,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">In the non-secure virtual host, the following line will redirect all traffic.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">This will redirect clients that don't honour the HSTS headers, as well as pointing clients in the right direction in the
 first place.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">Whilst testing, you might want to leave out the 'permanent' part.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:&quot;Courier New&quot;">&lt;VirtualHost *:80&gt;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:&quot;Courier New&quot;">...<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:&quot;Courier New&quot;">&nbsp;&nbsp; Redirect permanent /
</span><a href="https://your.repo/"><span lang="EN-GB" style="font-size:10.0pt;font-family:&quot;Courier New&quot;">https://your.repo/</span></a><span lang="EN-GB" style="font-size:10.0pt;font-family:&quot;Courier New&quot;"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:&quot;Courier New&quot;">&lt;/VirtualHost&gt;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">Matthew,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">I'm guesing you have something similar somewhere in you :80 vhost?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">If not, and the HSTS headers are only sent for the :443 vhost, how does the initial redirect work?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US">John<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">
</span><a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">eprints-tech-bounces@ecs.soton.ac.uk</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">
 [</span><a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">mailto:eprints-tech-bounces@ecs.soton.ac.uk</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">]
<b>On Behalf Of </b>Matthew Kerwin<br>
<b>Sent:</b> 25 August 2017 00:59<br>
<b>To:</b> </span><a href="mailto:eprints-tech@ecs.soton.ac.uk"><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">eprints-tech@ecs.soton.ac.uk</span></a><span lang="EN-US" style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><br>
<b>Subject:</b> Re: [EP-tech] SSL (HTTPS) only for an EPrints repository<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p>&nbsp;</o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"><br>
On 25 August 2017 at 06:30, Tomasz Neugebauer &lt;</span><a href="mailto:Tomasz.Neugebauer@concordia.ca"><span lang="EN-GB">Tomasz.Neugebauer@concordia.ca</span></a><span lang="EN-GB">&gt; wrote:<br>
&gt; Thank you, Matthew!&nbsp; We have HTTPS working, with the apache config, but the<br>
&gt; repository allows users to access “browse/abstract” pages with HTTP as well.<br>
&gt; Since we have a search box in our header, Chrome will soon start warning<br>
&gt; that inputting any text on an HTTP connection is not secure.<br>
&gt;<br>
&gt;<br>
&gt; I was looking at this Google page which recommends HSTS as well:<br>
&gt; </span><a href="https://support.google.com/webmasters/answer/6073543?hl=en&amp;ref_topic=6001951"><span lang="EN-GB">https://support.google.com/webmasters/answer/6073543?hl=en&amp;ref_topic=6001951</span></a><span lang="EN-GB"><br>
&gt;<br>
&gt; I think that is what we need to implement, I’m just not sure how to do that<br>
&gt; yet.<br>
&gt;<br>
&gt; I noticed that when I try to access a QUT ePrints page with HTTP, it<br>
&gt; switches over to HTTPS, for example, going here :<br>
&gt; </span><a href="http://eprints.qut.edu.au/view/thesis/phd/"><span lang="EN-GB">http://eprints.qut.edu.au/view/thesis/phd/</span></a><span lang="EN-GB"> , you end up<br>
&gt; </span><a href="https://eprints.qut.edu.au/view/thesis/phd/"><span lang="EN-GB">https://eprints.qut.edu.au/view/thesis/phd/</span></a><span lang="EN-GB"><br>
&gt;<br>
&gt; Does that mean that QUT ePrints is supporting HSTS?<br>
&gt;<br>
<br>
Yep, if you look at the response for a HTTPS request you'll see a header like:<br>
<br>
~~~<br>
Strict-Transport-Security: max-age=2419200<br>
~~~<br>
<br>
I'm not sure how other sites have their .confs organised, but we have in /etc/httpd/conf.d/ a core 'eprints.conf' which sets up the modperl environment (PerlModule,PerlSwitches,etc.), and then repo-specific configs which we keep in version control.<br>
<br>
The one for QUT ePrints looks like this:<br>
<br>
~~~<br>
</span><span lang="EN-GB" style="font-family:&quot;Courier New&quot;"># &lt;VirtualHost :80/&gt; is generated by bin/generate_apacheconf<br>
Include /opt/eprints3/cfg/apache/quteprints.conf<br>
<br>
&lt;VirtualHost <span style="color:#1F497D">[</span><b>IP</b><span style="color:#1F497D">]:</span>443&gt;<br>
&nbsp; ServerName ...<br>
&nbsp; # ...etc...<br>
<br>
&nbsp; SSLCertificateFile ...</span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:&quot;Courier New&quot;">&nbsp; # ...etc...<br>
<br>
&nbsp; # EPrints configuration created by bin/generate_apacheconf<br>
&nbsp; PerlTransHandler &#43;EPrints::Apache::Rewrite<br>
&nbsp; Include /opt/eprints3/cfg/apache_ssl/quteprints.conf<br>
<br>
&nbsp; # Include additional archive-specific configuration<br>
&nbsp; Include /opt/eprints3/archives/quteprints/cfg/apachevhost_ssl.conf<br>
<br>
&nbsp; # All future navigation to the site should be to </span><a href="https://"><span lang="EN-GB" style="font-family:&quot;Courier New&quot;">https://</span></a><span lang="EN-GB" style="font-family:&quot;Courier New&quot;"><br>
&nbsp; # Times: 31536000 = 365 days<br>
&nbsp; # &nbsp; &nbsp; &nbsp; &nbsp; 2419200 = 28 days<br>
&nbsp; Header set Strict-Transport-Security &quot;max-age=2419200&quot;<br>
&lt;/VirtualHost&gt;</span><span lang="EN-GB"><br>
~~~<br>
<br>
It's a pretty broad stroke, but it gets it done.<br>
<br>
HTH<br>
-- <br>
&nbsp; Matthew Kerwin<br>
&nbsp; </span><a href="http://matthew.kerwin.net.au/"><span lang="EN-GB">http://matthew.kerwin.net.au/</span></a><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
</div>
</body>
</html>