Deploy Dspace 7.4 with Add HTTPS support

[Мухаметали Кусайынов]

Hello everyone! I really need your help. I can't deploy the website. Please help me! My settings below:

Server OS:

Ubuntu server without GUI

Ip address server - 10.17.0.12

I installed browsh - is  text-based browser. Dspace was running at localhost:4000

Frontend directory location:

~/dspace-angular-dspace-7.4

Backend directory location:

/dspace

SSL crt. location:

/dspace/ssl

I have included ajp connector in tomcat9 server.xml:

  <Connector port="8080" protocol="HTTP/1.1"
               minSpareThreads="25"
               enableLookups="false"
               redirectPort="8443"
               connectionTimeout="20000"
               disableUploadTimeout="true"
               URIEncoding="UTF-8"/>

   

 <Connector protocol="AJP/1.3"
               address="::1"
               port="8009"
               redirectPort="8443"
               URIEncoding="UTF-8" />

local.cfg location:

/dspace/config$

Local.cfg configuration

dspace.dir=/dspace

dspace.server.url = https://repository.kaznu.kz/server

dspace.ui.url = https://repository.kaznu.kz

dspace.name = DSpace KazNU

Config.prod.yml configuration

config.prod.yml location:

~/dspace-angular-dspace-7.4/config$ 

ui:
  ssl: false
  host: localhost
  port: 4000
  nameSpace: /

rest:
  ssl: true
  host: repository.kaznu.kz
  port: 443
  nameSpace: /server

Next, I will describe in detail how I tried to create a VirtualHost for Dspace.

I copied the default-ssl.conf and created the repository_kaznu_kz.conf  in /etc/apache2/sites-available directory.

VirtualHost apache2 located:

/etc/apache2/sites-available/repository_kaznu_kz.conf

Did I write the configuration file VirtualHosts correctly?

It seems to me that somewhere I could be mistaken. If I'm wrong, can you show me how to correctly write the VirtualHost configuration? Complete VirtualHost Configuration:

VirtualHost setting

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
               
    ServerName repository.kaznu.kz
               
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
         
        SSLEngine on
                SSLCertificateFile      /dspace/ssl/STAR_kaznu_kz.crt
                SSLCertificateKeyFile /dspace/ssl/STAR_kaznu_kz.key

         # Proxy all HTTPS requests to "/server" from Apache to Tomcat via AJP connector
                ProxyPass /server ajp://localhost:8009/server
                ProxyPassReverse /server ajp://localhost:8009/server

        # Proxy all HTTPS requests from Apache to PM2 on localhost, port 4000
                ProxyPass / http://localhost:4000/
                ProxyPassReverse / http://localhost:4000/

         #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
       </VirtualHost>
</IfModule>

Next, I wrote the command - sudo a2ensite repository_kaznu_kz.conf

And then, I wrote the command - sudo systemctl restart apache2

Status apache2:

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-01-10 09:58:56 UTC; 13min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 950 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 1081 (apache2)
      Tasks: 55 (limit: 9442)
     Memory: 11.1M
     CGroup: /system.slice/apache2.service
             ├─1081 /usr/sbin/apache2 -k start
             ├─1082 /usr/sbin/apache2 -k start
             └─1083 /usr/sbin/apache2 -k start

Jan 10 09:58:54 dspace7 systemd[1]: Starting The Apache HTTP Server...
Jan 10 09:58:56 dspace7 apachectl[1010]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerNam>
Jan 10 09:58:56 dspace7 systemd[1]: Started The Apache HTTP Server.

I also opened port 443:

sudo ufw enable

sudo ufw allow ssh

sudo ufw allow 443

As a result it shows:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
Apache Full                ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
Apache Full (v6)           ALLOW       Anywhere (v6)

After this setup, when I again type localhost:4000 again in browsh, my site stops working and throws the following error:

500

Service Unavailable

The server is temporarily unable to service your request due to maintenanse downtime or capasity problems. Please try again later.

I deployed the repository for the first time and I can't fully understand what I'm doing wrong. I've been trying to do this for two months and already despaired. Can you describe step by step how to properly deploy Dspace 7.4? Please. Sincerely, Kusainov M.

[Мухаметали Кусайынов]

I type IP adress in google chrome 10.17.0.12  Apache works

вторник, 10 января 2023 г. в 16:20:24 UTC+6, Мухаметали Кусайынов:

[Мухаметали Кусайынов]

I type IP adress in google chrome 10.17.0.12  Apache works

вторник, 10 января 2023 г. в 16:32:21 UTC+6, Мухаметали Кусайынов:

[Mohammad S. AlMutairi]

I'm posting it here in a hope it will help someone else who might need clues what should be changed.

1. echo "10.17.0.12  repository.kaznu.kz" >> /etc/hosts
   
2. a2enmod proxy_http proxy_html ssl headers
   
3. a2dissite 000-default default-ssl
   
4. Overwrite /etc/tomcat9/server.xml with the attached file (server.xml).
   
5. Overwrite /etc/apache2/sites-available/repository_kaznu_kz.conf with the attached file (repository_kaznu_kz.conf).
   
6. a2ensite repository_kaznu_kz.conf
   
7. systemctl restart apache2.service
   
8. systemctl restart tomcat9.service
   
9. test the frontend (yarn test:rest)
10. build the frontend
11. access your backend by visiting https://repository.kaznu.kz/server
12. access the frontend by visiting https://repository.kaznu.kz

Cheers

[Мухаметали Кусайынов]

Thank you very much Sir Muhammad. Everything works great. Thanks again!

вторник, 10 января 2023 г. в 22:01:03 UTC+6, alo...@gmail.com:

[Vinicio Gramkow]

Hello everyone! I have the same problem, I performed all the steps above and I am having the following error when trying to access dspace:

ERR_TOO_MANY_REDIRECTS


dspace.cfg

dspace.server.url = https://mydomain.com/server
dspace.ui.url = https://mydomain.com

config.yml

rest:
   ssl: true
   host: mydomain.com
   port: 443
   nameSpace: /server

ui:
   ssl: false
   host: localhost
   port: 4000
   nameSpace: /

When I use yarn test:rest I get http code 200 correctly.

apache configuration file

<VirtualHost *:80>
      ServerName mydomain.com
      Redirect / https://mydomain.com/
</VirtualHost>

<VirtualHost *:443>
      ServerName mydomain.com
      LogLevel warn
      ErrorLog ${APACHE_LOG_DIR}/mydomain.com.error.log
      CustomLog ${APACHE_LOG_DIR}/mydomain.com.access.log combined
      ProxyRequests on
      SSLEngine on
      SSLProxyEngine on
      SSLCertificateFile /etc/ssl/certs/server.crt
      SSLCertificateKeyFile /etc/ssl/private/server.key
      SSLCompression off
      SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
      SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM> SSLHonorCipherOrder off
      SSLSessionTickets off
      ProxyPreserveHost on
      RequestHeader set X-Forwarded-Proto https

    <Proxy*>
        AddDefaultCharset Off
        Require all granted
    </proxy>

      ProxyPass /server http://localhost:8080/server
      ProxyPassReverse /server http://localhost:8080/server

      ProxyPass / http://localhost:4000/
      ProxyPassReverse / http://localhost:4000/

</VirtualHost>

What could I be doing wrong? I've been trying to do this for two weeks. Grateful if anyone can help me.

[Mohammad S. AlMutairi]

Hi Vinicio,

Never seen that redirection error happening in DSpace but in Wordpress long time ago. You need to provide more information about your dspace version and setup because everything seems right. Try the redirects.sh script you see here https://www.liquidweb.com/kb/troubleshooting-too-many-redirects/ ... it should give you some hints what causing the redirection.

[Vinicio Gramkow]

Hi, my DSpace version is 7.4 and is running on the following configurations: 

Ubuntu 22.04.1LTS 

Apache 2.4.52 

Node 12.22.9 

Tomcat 9.0.68 

The certificate is a self-signed one generated using openssl. 

I have in my hosts file the IP pointed to the domain.  

  From what I've observed, it could be something related to the DNS server redirection, but I'm not sure why this is happening, and if this is really the case.

[Mohammad S. AlMutairi]

Hi Vinicio,

I don't think it has to do with the DNS. You can easily take the DNS out of the equation (override it) by adding an entry for dspace server into the /etc/hosts file in the server itself and in the workstation where you are accessing dspace server from (In Windows - C:\Windows\System32\drivers\etc\hosts). I'm suspecting it has to do with the config.yml you used or the apache webserver configuration so try the steps you see below and keep us updated in the list.

1. apt-get --purge remove apache2 -y (remove all old configuration)
   
2. apt install apache2 -y
   
3. a2enmod proxy_http ssl headers
   
4. a2dissite 000-default default-ssl
   
5. edit /etc/apache2/sites-available/dspace.conf and copy and past what's in the attached file into  /etc/apache2/sites-available/dspace.conf
6. openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -sha256 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt -subj "/CN=mydomain.com" -addext "subjectAltName=DNS:mydomain.com,DNS:dspace.mydomain.com"
7. echo "dspace-server-IP mydomain.com" >> /etc/hosts
8. Open a Windows elevated command prompt on the Client/Workstation and execute ( echo  dspace-server-IP  mydomain.com >> C:\Windows\System32\drivers\etc\hosts )
9. a2ensite dspace.conf
10. systemctl enable apache2
11. systemctl restart apache2
    
12. systemctl status apache2
13. Make sure tomcat is running on port 8080 (  journalctl -u tomcat9 --boot | grep "Initializing ProtocolHandler" )

*** [dspace]/config/dspace.cfg or local.cfg

dspace.server.url = https://mydomain.com/server
dspace.ui.url = https://mydomain.com

solr.server = http://localhost:8983/solr

*** [dspace-angular]/config/config.prod.yml

1) cp  [dspace-angular]/config/config.example.yml  [dspace-angular]/config/config.prod.yml

2) edit [dspace-angular]/config/config.prod.yml

ui:

  ssl: false
  host: localhost
  port: 4000

rest:
  ssl: true
  host: mydomain.com
  port: 443
  nameSpace: /server

3) yarn test:rest

4) yarn start:prod

I Hope that help you.

[Mohammad S. AlMutairi]

Definitely you need to execute these two commands before you execute yarn test:rest in my previous post.

• echo "export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/server.crt" >> /etc/environment
•  export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/server.crt

####################### Running DSpace Frontend service using systemd #######################
1) Copy and paste into putty while logged in as root and hit enter.
cat << EOF > /lib/systemd/system/dspace-angular.service
[Unit]
Description=DSpace Frontend Server
After=tomcat9.service

[Service]
ExecStart=/usr/bin/node dist/server/main
WorkingDirectory=/opt/dspace-angular
Restart=always
RestartSec=10
User=www-data
Group=www-data
Environment="NODE_ENV=production"

Environment="NODE_EXTRA_CA_CERTS=/etc/ssl/certs/server.crt"

[Install]
WantedBy=multi-user.target
EOF

2) chown -R www-data:www-data /opt/dspace-angular/
3) systemctl daemon-reload
4) systemctl enable dspace-angular
5) systemctl restart dspace-angular
6) systemctl status dspace-angular
####################### End of Running DSpace Frontend service using systemd #######################

Cheers