Enabling SSL on Dspace Frontend
Roberto Greiner
I need some help with enabling SSL/Proxy on DSpace 8.0
I've followed the installation instruction in https://subratiitk.wordpress.com/install-dspace-7-2-on-ubuntu-22-04-lts/ to make it work in my Ubuntu 24.04 install.
Opening a browser in http://localhost:4000 works, and I'm able to login properly.
Then, I followed the instructions in https://repozitar.fhv.uniza.sk/items/5b8d7e58-8e9c-4280-85d3-9d7c4b49b4d7 to enable SSL, using Apache as proxy.
The page works but when I try to login with the admin user, it keeps showing the 'loading' animation and ends with a timeout after a couple of minutes. I've searched the logs in /root/.pm2/logs/dspace-ui-error.log, /root/.pm2/logs/dspace-ui-out.log, /dspace/log/dspace.log, /var/log/apache2/access.log and /var/log/tomcat10/catalina.out, but couldn't find a relevant message.
Since it worked properly without the apache/proxy config, something is missing in my setup where Apache is unable to open the admin/user page. Does anyone know where I should look?
Thank you,
Roberto
PS: This is my setup:
Ubuntu 24.04
DSpace 8.0
full /dspace/config/local.cfg file (grep -vE "^#|^$" /dspace/config/local.cfg):
dspace.dir=/dspace
dspace.server.url = https://dspace.fundunesp.org.br/server
dspace.ui.url = https://dspace.fundunesp.org.br
dspace.name = DSpace at Fundunesp
solr.server = http://localhost:8983/solr
db.url = jdbc:postgresql://localhost:5432/dspace
db.username = dspace
db.password = <some password>
server.error.include-stacktrace = always
ldn.enabled = true
/home/dspace/dspace-angular-dspace-8.0/config/config.prod.yml file:
ui:
ssl: false
host: localhost
port: 4000
# NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript
nameSpace: /
# The rateLimiter settings limit each IP to a 'max' of 500 requests per 'windowMs' (1 minute).
rateLimiter:
windowMs: 60000 # 1 minute
max: 500 # limit each IP to 500 requests per windowMs
# Trust X-FORWARDED-* headers from proxies (default = true)
useProxies: true
universal:
# Whether to inline "critical" styles into the server-side rendered HTML.
# Determining which styles are critical is a relatively expensive operation;
# this option can be disabled to boost server performance at the expense of
# loading smoothness.
inlineCriticalCss: true
# The REST API server settings
# NOTE: these settings define which (publicly available) REST API to use. They are usually
# 'synced' with the 'dspace.server.url' setting in your backend's local.cfg.
rest:
ssl: true
host: dspace.fundunesp.org.br
port: 443
# NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript
nameSpace: /server
(the rest is untouched).....
/home/dspace/dspace-angular-dspace-8.0/dspace-ui.json file:
{
"apps": [
{
"name": "dspace-ui",
"cwd": "/home/dspace/dspace-angular-dspace-8.0/",
"script": "dist/server/main.js",
"env": {
"NODE_ENV": "production",
"DSPACE_REST_SSL": "true",
"DSPACE_REST_HOST": "dspace.fundunesp.org.br",
"DSPACE_REST_PORT": "443",
"DSPACE_REST_NAMESPACE": "/server"
}
}
]
}
Apache site definition file:
<VirtualHost *:443>
......
# I place all the SSL entries in the following Include file to unclutter my site definition file
Include /etc/apache2/sites-available/ssl-fundunesp.org.br
ServerName dspace.fundunesp.org.br
LogLevel warn
ProxyPass /server http://localhost:8080/server
ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
</VirtualHost>
Andrew K
# I place all the SSL entries in the following Include file to unclutter my site definition file
Roberto Greiner
I've tried following the instructions in https://wiki.lyrasis.org/display/DSDOC8x/Installing+DSpace, but still the same error.
Guess the best way might be restarting from the snapshot of the empty VM and redo the installation following only this tutorial.
Thanks.
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to a topic in the Google Groups "DSpace Technical Support" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dspace-tech/QeXXjQGmA3M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/17dbbccc-9a3e-423d-a273-64ae84424f7en%40googlegroups.com.
--
-----------------------------------------------------
Marcos Roberto Greiner
Os otimistas acham que estamos no melhor dos mundos
Os pessimistas tem medo de que isto seja verdade
James Branch Cabell
-----------------------------------------------------
Roberto Greiner
Ok. I decided to try and redo the install following only the instructions on https://wiki.lyrasis.org/display/DSDOC8x/Installing+DSpace.
I'm running on a similar problem, but noted that I had implemented a fix to another problem I was seeing. On the logs, dspace kept complaining the following:
2|dspace-ui | The response for
'http://dspace.fundunesp.org.br/server/api/discover/browses/dateissued/items?sort=default,ASC&page=0&size=20'
has the self link
'http://dspace.fundunesp.org.br/server/api/discover/browses/dateissued/items?sort=default,ASC&page=0&size=20&embed=thumbnail'.
These don't match. This could mean there's an issue with the REST
endpoint
The problem here is that this search is pointing to http://dspace (http, without the s....). I had configured my apache server to rewrite all http connections to https, but this seems to have masqueraded the real problem, so I decided to dig a little deeper. In https://dspace.fundunesp.org.br/server/#/server/api found something curious in the following line of the "response body" section:
....
},
"self": {
"href": "http://dspace.fundunesp.org.br/server/api"
},
"site
.....
For some reason,the "self" definition is without the ssl. All the other entries in the "response body" section are correctly set to https. I couldn't find where I set this definition. Does somebody know how I fix this (as in, correct this 'self' definition to https)? I suspect that this is the root of the problems I'm seeing.
Thanks,
Roberto
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to a topic in the Google Groups "DSpace Technical Support" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dspace-tech/QeXXjQGmA3M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/17dbbccc-9a3e-423d-a273-64ae84424f7en%40googlegroups.com.
Roberto Greiner
There where other minor problems, but I found what the main error was!
When I created the apache config, I neglected to copy those two lines:
ProxyPreserveHost
On RequestHeader
set X-Forwarded-Proto https
Fixing that corrected the problem and now
the login is working and I have my production setup.
Thanks.
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to a topic in the Google Groups "DSpace Technical Support" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dspace-tech/QeXXjQGmA3M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/17dbbccc-9a3e-423d-a273-64ae84424f7en%40googlegroups.com.
