Archives for My Lazy and Forgetful Mind

Fix EPrints 3.4.7 cgi HTTPS Redirect Loop (Certbot + Apache)

Contents1 Fix: EPrints 3.4.7 /cgi HTTPS Redirect Loop (Certbot + Apache)1.1 Problem1.2 Root Cause1.3 Correct Reference1.4 Fix1.4.1 Update <Location> block1.5 Optional Improvement1.6 Required EPrints Config (10_core.pl)1.7 Why This Works1.8 Verification1.9 Notes1.10 Summary1.11 Key Takeaway Fix: EPrints 3.4.7 /cgi HTTPS Redirect Loop (Certbot + Apache) Problem When enabling HTTPS using Certbot, EPrints /cgi endpoints (e.g. /cgi/users/login) […]

Manual Rsync Backup from VPS to Local (with Exclusions)

Contents1 Rsync Backup from VPS to Local (with Exclusions)1.1 Command1.2 Explanation1.2.1 Basic flags1.2.2 Excluded folders/files1.3 Notes1.3.1 Why exclude dependencies1.3.2 About .env1.4 Result Rsync Backup from VPS to Local (with Exclusions) Command rsync -avz -e "ssh -p 2222" \ --exclude='node_modules' \ --exclude='vendor' \ --exclude='.env' \ user@vps:/path/app/ /home/youruser/backup/app/ Explanation Basic flags -a → archive mode (preserve permissions, […]

VPS First-Time Setup

Contents1 VPS First-Time Setup2 1. Initial Login3 2. Create Non-Root User4 3. Setup SSH Key (Recommended)5 Disable root SSH login5.0.1 Disable root SSH login (Ubuntu)5.0.2 Important6 4. Configure Firewall (Before Changing SSH Port)7 5. Change SSH Port8 6. Test New SSH Port (Critical Step)9 7. Remove Default Port 22 From Firewall10 8. Install Fail2Ban11 9. […]

How to Make Vite Build Work on Filament Page

Contents1 How to Make Vite Build Work on Filament Page1.1 Overview1.2 Problem Statement1.3 Solution Architecture1.4 Step-by-Step Implementation1.4.1 Step 1: Create FilamentServiceProvider1.4.2 Step 2: Register Service Provider1.4.3 Step 3: Create Asset Files (If Not Exists)1.4.4 Step 4: Configure Vite1.4.5 Step 5: Build Assets1.4.6 Step 6: Use in Filament Pages1.5 Advanced Usage1.5.1 Multiple Asset Bundles1.5.2 Conditional Registration1.5.3 […]

Repair Git Broken Object / EntryNotFound (WSL / VS Code)

Contents1 ✅ Repair Git Broken Object / EntryNotFound (WSL / VS Code)1.1 1️⃣ Backup working tree1.2 2️⃣ Fetch remote state1.3 3️⃣ Create clean branch from remote1.4 4️⃣ Restore file content from broken branch1.5 5️⃣ Rebuild objects1.6 6️⃣ Replace broken main1.7 7️⃣ Cleanup dangling / corrupted objects1.8 8️⃣ Verify1.9 9️⃣ Push2 ✅ What you learned (important)3 […]

Setting Persistent IPv4 DNS for Ubuntu 20.xx

Contents1 Prefer IPv4 for DNS & Connections on Ubuntu (Keep IPv6 Enabled)1.1 🎯 Goal1.2 1) Set IPv4 DNS with systemd-resolved1.3 2) Prefer IPv4 over IPv6 for connections1.4 3) Test1.5 ✅ Result1.6 🧠 Notes1.7 🔁 Revert Prefer IPv4 for DNS & Connections on Ubuntu (Keep IPv6 Enabled) On Ubuntu 20.04+, systemd-resolved and the network stack prefer […]

Deploying Web App with Docker + Apache Reverse Proxy

Deploying Web App with Docker + Apache Reverse Proxy Contents1 1) Apache as Reverse Proxy2 2) Enable Required Apache Modules3 3) Allow .htaccess4 4) HTTPS with Certbot5 5) Fix Base URL in Docker (CodeIgniter)6 6) Redirect HTTP → HTTPS7 7) Debugging8 8) Ownership / Permissions 1) Apache as Reverse Proxy Use Apache on host to […]

Fixing Expo + npm ERR_INVALID_URL and Permission Issues on WSL

Contents1 Fixing Expo + npm ERR_INVALID_URL and Permission Issues on WSL1.0.1 Problem Summary1.0.2 Fix Instructions1.0.2.1 1. Use WSL Terminal1.0.2.2 2. Ensure Node and npm are Linux-native1.0.2.3 3. Keep project inside WSL filesystem1.0.2.4 4. Fix missing executable permission1.0.2.5 5. Clean reinstall deps1.0.2.6 6. Run Expo1.0.3 Notes Fixing Expo + npm ERR_INVALID_URL and Permission Issues on WSL […]

Filament and vite integration

Integrating Filament 4 with Vite this article maybe incomplete because this information is compiled from my memory debugging my project. But the core information is here. I will add more when i stumbled accross this problem again on next project Filament 4 uses Laravel’s modern frontend tooling, and you can integrate it with Vite for […]

Running Qwen Code in a Sidecar Docker Container

Contents1 Running Qwen Code in a Sidecar Docker Container1.1 1. Why Sidecar?1.2 2. Dockerfile1.3 3. docker-compose.yml1.4 4. Environment Variables1.5 5. Wrapper Script1.6 6. Usage1.7 7. Notes Running Qwen Code in a Sidecar Docker Container 1. Why Sidecar? Instead of installing Qwen Code on your host, you can run it in its own container. Keeps API […]

Fix EPrints 3.4.7 cgi HTTPS Redirect Loop (Certbot + Apache)

13 April 2026 / by akozan / 0 Comments

Contents

1 Fix: EPrints 3.4.7 /cgi HTTPS Redirect Loop (Certbot + Apache)

Fix: EPrints 3.4.7 `/cgi` HTTPS Redirect Loop (Certbot + Apache)

Problem

When enabling HTTPS using Certbot, EPrints /cgi endpoints (e.g. /cgi/users/login) return:

302 → same URL (infinite redirect)

Main site works, but only /cgi loops.

Root Cause

Certbot generates its own SSL vhost:

/opt/eprints3/cfg/apache/{repoid}-le-ssl.conf

However, it omits required EPrints directives, specifically:

PerlSetVar EPrints_Secure yes

Without this:

EPrints does not recognize request as secure
Session/login handler fails
Results in infinite redirect loop on /cgi

Correct Reference

Check original EPrints SSL template:

/opt/eprints3/cfg/apache_ssl/{repoid}.conf

It contains:

<Location "">
  PerlSetVar EPrints_ArchiveID {repoid}
  PerlSetVar EPrints_Secure yes

  Options +ExecCGI
  Require all granted
</Location>

👉 This is the missing piece

Fix

Edit Certbot-generated SSL config:

/opt/eprints3/cfg/apache/{repoid}-le-ssl.conf

Update `<Location>` block

<Location "">
  PerlSetVar EPrints_ArchiveID {repoid}
  PerlSetVar EPrints_Secure yes

  Options +ExecCGI
  Require all granted
</Location>

Optional Improvement

You may scope it more safely:

<Location "/cgi">
  PerlSetVar EPrints_ArchiveID {repoid}
  PerlSetVar EPrints_Secure yes

  Options +ExecCGI
  Require all granted
</Location>

Required EPrints Config (10_core.pl)

Ensure consistency:

$c->{host} = 'repository.domain.ac.id';
$c->{port} = 80;

$c->{securehost} = 'repository.domain.ac.id';
$c->{secureport} = 443;

$c->{secure_cookies} = 0;
$c->{session_cookie_secure} = 0;

$c->{cookie_path} = "/";
$c->{cookie_domain} = "repository.domain.ac.id";

$c->{https_only} = 0;

$c->{http_url} = 'https://repository.domain.ac.id';
$c->{http_cgiurl} = 'https://repository.domain.ac.id/cgi';
$c->{base_url} = "https://$c->{host}";

$c->{session_driver} = 'File';
$c->{session_path} = '/opt/eprints3/var/session';

Why This Works

EPrints relies on:

PerlSetVar EPrints_Secure yes

to determine:

request is HTTPS
enable secure session handling
avoid redirect loop in login flow

Without it:

/cgi/users/login → redirect → same URL → loop

Verification

curl -IL https://repository.domain.ac.id/cgi/users/login

Expected:

200 OK
Set-Cookie: ...

Notes

Certbot does not understand EPrints internals

Always compare with:

/opt/eprints3/cfg/apache_ssl/{repoid}.conf

Do not rely solely on auto-generated SSL config

Summary

Issue	Cause	Fix
`/cgi` redirect loop	Missing `EPrints_Secure`	Add `PerlSetVar EPrints_Secure yes`
Works on HTTP, fails on HTTPS	Certbot incomplete config	Patch SSL vhost
No session cookie	EPrints not in secure mode	Enable secure flag

Key Takeaway

When using Certbot with EPrints 3.4.x, always manually restore missing EPrints-specific directives in SSL vhost.