How to update your library's EZproxy configuration

First, install an SSL certificate

Before updating your library's EZproxy configuration, you'll need an SSL certificate for your library's website.

If you don't already have an SSL certificate, use OCLC's EZproxy documentation to set one up.

If you have trouble setting up your SSL certificate, please contact OCLC Support.

Then, update your EZproxy configuration

To ensure your users can continue to access your collection through the OverDrive and Libby apps, you'll need to update the URL information in your library's EZproxy configuration file. 

  1. Open your EZproxy configuration file, config.txt.
  2. Find the config line beginning with "OverDriveSite."
    It should look something like this:
    OverDriveSite -NoTokens -URL=http://yourlibrary.lib.overdrive.com -Secret=12345-librarycode-connectionname -ILSName=connectionname -LibraryID=libraryid libraryid
  3. You'll need to make the following changes to URL:
    • Change HTTP to HTTPS
    • Replace "yourlibrary" (from the example above) with "librarycode" from the "Secret"
    • Replace "lib.overdrive" with "libraryreserve"

    This means your new URL should be structured like this: 
    https://[librarycode].libraryreserve.com.
    And the "OverDriveSite" line in the config should now look like:
    OverDriveSite -NoTokens -URL=https://librarycode.libraryreserve.com -Secret=12345-librarycode-connectionname -ILSName=connectionname -LibraryID=libraryid libraryid

  4. Save the config file and restart your EZproxy server.

If you have multiple "OverDriveSite" lines in your config file, you'll need to make this update to each one.

Updating the config file should not create an interruption in service for your users. If it does, or if you have any questions about updating the configuration file, please contact our Integration Support team using the support form in Marketplace. If your users are unable to sign in, please make sure you check the box at the bottom of the form.

If iOS users still cannot sign into Libby after updating your configuration

iOS users may still be unable to sign into your library in Libby after you've made the above configuration changes due to Apple's strict security rules. These rules are known as Application Transport Security (ATS). Typically, when an EZproxy server is not ATS-compliant, users won't be successfully redirected to your EZproxy sign-in page.

To resolve this issue, please work with your EZproxy server admin to enable the following settings:

  • Use TLS 1.2
  • Enable "Perfect Forward Secrecy" (PFS)

If your EZproxy server can't support these settings (e.g. some older versions, like 5.7.44), and you can't update your version of EZproxy, please contact our Integration Support team to discuss alternative methods of user authentication.

If your Libby for iOS users still can't sign into your library after you've updated these settings, please contact our Integration Support team so they can further troubleshoot with you.

Last Updated: 14 December 2023 12:23 PM