Firewall configuration

62 views
Skip to first unread message

Jon Hurn

unread,
Apr 9, 2013, 11:19:37 PM4/9/13
to redbo...@googlegroups.com
Hello

Is there any doco on which ports need to be open for RedBox and Mint to provide services (other than the default 9000 and 9001)

We've rebuilt our test box in the DMZ with some pretty heavy firewall restrictions and are now experiencing some problems (which may or may not be related).

Any advice appreciated.

Thanks

Jon

 

Jon Hurn, Project Manager, IT Services,

University of Tasmania, PO Box 69, HOBART TAS 7001

Mob: 0427 912 992    Tel: +61 3 6226 2935    Skype: jonhurn

 

Dave Huthnance

unread,
Apr 10, 2013, 12:05:09 AM4/10/13
to redbo...@googlegroups.com
Hi,

We run Redbox and Mint behind Apache ie using mod_proxy to go to localhost:9000 and localhost:9001.

This means you only need port 80 and 22 (for ssh) open on the machine.

ie

Rules for ReDBox / Mint
ProxyPass /mint http://localhost:9001/mint
ProxyPassReverse /mint http://novatst-lb.newcastle.edu.au/mint
ProxyPass /redbox http://localhost:9000/redbox
ProxyPassReverse /redbox http://novatst-lb.newcastle.edu.au/redbox


When doing this, configure redbox and mint for the 'external' apache url in tf_env.sh.

ie
export SERVER_URL="http://novatst-lb.newcastle.edu.au/mint/"

Access as follows:

http://novatst-lb.newcastle.edu.au/redbox/default/home

Regards,

Dave


>>> Jon Hurn <jon....@gmail.com> 10/04/2013 1:19 pm >>>
--
-- Website: http://www.redboxresearchdata.com.au

You received this message because you are subscribed to the Google Groups ReDBox group. To post to this group, send email to redbo...@googlegroups.com. To unsubscribe from this group, send email to redbox-repo...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/redbox-repo?hl=en
---
You received this message because you are subscribed to the Google Groups "ReDBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redbox-repo...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



Grant Jackson

unread,
Apr 10, 2013, 12:33:00 AM4/10/13
to redbo...@googlegroups.com
Hi Jon,

Further to Dave's info, there is some additional info under "Publishing" and "Install Apache" at http://code.google.com/p/redbox-mint/wiki/RawServerBuildNotes

which means you only need to open http or https ports (80 or 443). This is the only config which I have used & is particularly convenient if using https).

To answer your direct question, I imagine you only need to open ports 9000 & 9001 if both ReDBox & Mint are on the same server (but I have not attempted this config myself). I also imagine you need to change <server.url.base> elements in pom.xml to not reference localhost.

Cheers, Grant

Sue Li

unread,
Apr 10, 2013, 12:36:14 AM4/10/13
to redbo...@googlegroups.com
Hi Dave,

Just wonder how about the local curation? Do we need to open any ports for local curations?
I saw in tf_env file, there indicates amq ports are tcp 9101 for redbox and tcp 9201 for mint.

Cheers,
Sue 

Mike Jones

unread,
Apr 10, 2013, 1:17:37 AM4/10/13
to redbo...@googlegroups.com

Hi Sue,

 

Local curation should work fine without firewall modifications as long as ReDBox and Mint are installed on the same machine - they just refer to “localhost” addresses.

 

Cheers,

Mike

 

--

Dave Huthnance

unread,
Apr 10, 2013, 1:26:38 AM4/10/13
to redbo...@googlegroups.com
Hi Sue,

If mint / redbox are on the same machine, you don't have to open them, as they are localhost to localhost .

Regards,

Dave

Dave Huthnance
eResearch Consultant,
Academic & Research Computing Support
Client Services - IT Services
The University of Newcastle
University Drive, Callaghan NSW 2308 AUSTRALIA

T: +61 2 4921 5469
F: +61 2 4921 7087
dave.hu...@newcastle.edu.au

www.newcastle.edu.au
CRICOS Provider Number: 00109J


>>> Sue Li <sue...@utas.edu.au> 10/04/2013 2:36 pm >>>

Sue Li

unread,
Apr 10, 2013, 1:31:32 AM4/10/13
to redbo...@googlegroups.com
Thank you Mike and Dave. I realized that now.
But the thing is I don't know why and what stuck the local curations because "waiting on curation" status already there for almost a week. 
And I didn't find any errors in main.log or transactionmanager.log

Cheers,
Sue

Amir Rezghian

unread,
Apr 10, 2013, 1:34:33 AM4/10/13
to redbo...@googlegroups.com

Hi Sue,

 

Which version of ReDBox did you install? It seems that it cannot transform the local ID to persistent IDs like Handle or NLA ID? Are you using Handle system? Did you enable the NLA integration?

 

Regards,

Amir Rezghian

 

Online Services Coordinator

Library Systems

University of Western Sydney

Locked Bag 1797

Penrith South NSW 2751   AUSTRALIA

Phone:  02 9852 5027

Mobile:  0450 625 186

a.rez...@uws.edu.au

http://library.uws.edu.au

 

 

 

 

 

From: redbo...@googlegroups.com [mailto:redbo...@googlegroups.com] On Behalf Of Sue Li
Sent: Wednesday, 10 April 2013 3:32 PM
To: redbo...@googlegroups.com
Subject: Re: [ReDBox] Firewall configuration

 

Thank you Mike and Dave. I realized that now.

--

Dave Huthnance

unread,
Apr 10, 2013, 1:35:11 AM4/10/13
to redbo...@googlegroups.com
Hi,

Do you have the firewall open to the NLA so they can harvest, and process the nla id? Any people records won't curate until that happens.

Regards,

Dave

>>> Sue Li <sue...@utas.edu.au> 10/04/2013 3:31 pm >>>

Sue Li

unread,
Apr 10, 2013, 1:40:53 AM4/10/13
to redbo...@googlegroups.com
Hi,

Amir:  I am using 1.5.2.2 installed on windows server, and I enabled NLA harvest. And we are not using handle system.
Dave: I opened the firewall port for NLA harvesting, but in Mint "published objects" we can't see any records, that means even NLA can access our MINT but will get nothing. 

Thank you!

Cheers,
Sue

Amir Rezghian

unread,
Apr 10, 2013, 1:43:10 AM4/10/13
to redbo...@googlegroups.com

Hi Sue,

 

You need to match published records in NLA TROVE for assigning NLA IDs. I think it can be problem not finishing the curation. As soon as the NLA ID be ready, the MINT queries again and finishes the curation.

 

Regards,

Amir Rezghian

 

Online Services Coordinator

Library Systems

University of Western Sydney

Locked Bag 1797

Penrith South NSW 2751   AUSTRALIA

Phone:  02 9852 5027

Mobile:  0450 625 186

a.rez...@uws.edu.au

http://library.uws.edu.au

 

 

 

From: redbo...@googlegroups.com [mailto:redbo...@googlegroups.com] On Behalf Of Sue Li
Sent: Wednesday, 10 April 2013 3:41 PM
To: redbo...@googlegroups.com
Subject: Re: [ReDBox] Firewall configuration

 

Hi,

--

Mike Jones

unread,
Apr 10, 2013, 1:51:20 AM4/10/13
to redbo...@googlegroups.com

Hi Sue,

 

You need to direct NLA to harvest from a different URL to that which shows the published records, i.e.  http://YOUR_SERVER/mint/NLA_Harvest/feed/oai

 

To see which records will be exposed to NLA, you can go to:  http://YOUR_SERVER/mint/NLA_Harvest/feed/oai?verb=ListRecords&metadataPrefix=eac-cpf

 

(obviously, replace YOUR_SERVER with your server’s address in the above)

 

Cheers,

Mike

 

 

From: redbo...@googlegroups.com [mailto:redbo...@googlegroups.com] On Behalf Of Sue Li
Sent: Wednesday, 10 April 2013 3:11 PM
To: redbo...@googlegroups.com
Subject: Re: [ReDBox] Firewall configuration

 

Hi,

--

Dave Huthnance

unread,
Apr 10, 2013, 1:57:38 AM4/10/13
to redbo...@googlegroups.com
Hi,

They won't be in published objects queue until they get the nla id. NLA harvests should point to the NLA_Harvest view. eg. In the form:

http://novatst-lb.newcastle.edu.au/mint/NLA_Harvest/feed/oai?verb=ListRecords&metadataPrefix=eac-cpf

Once the nla id is found, returned and put into the object it will go into the published queue.

If you are using the test TROVE make sure you change the urls in the two nla python scripts.

Regards,

Dave

>>> Sue Li <sue...@utas.edu.au> 10/04/2013 3:40 pm >>>

Sue Li

unread,
Apr 10, 2013, 2:03:56 AM4/10/13
to redbo...@googlegroups.com
Hi Mike,

I understand what you said, but the issue is from the oai feed there is "noRecordsMatch". 
In the main log there is no any NLA sru related errors.
I did modify the nla.py and nlalookup.py to connect the SRUClient http://www-test.nla.gov.au/apps/srw/search/peopleaustralia

Cheers,
Sue

Mike Jones

unread,
Apr 10, 2013, 2:24:44 AM4/10/13
to redbo...@googlegroups.com

Hi Sue,

 

OK, I think we might be getting to the cause of your problem… just need to know a few more things first:

 

-        Can you tell me what URL you’re using to get the “noRecordsMatch” message?

-        When you say you’ve opened up the firewall for NLA traffic – can you confirm that you’ve allowed for both:

o   Outgoing traffic to nla.gov.au on port 80

o   Incoming traffic from nla.gov.au to your exposed Mint port

 

Cheers,

Mike

 

 

From: redbo...@googlegroups.com [mailto:redbo...@googlegroups.com] On Behalf Of Sue Li
Sent: Wednesday, 10 April 2013 3:34 PM
To: redbo...@googlegroups.com
Subject: Re: [ReDBox] Firewall configuration

 

Hi Mike,

--

Dave Huthnance

unread,
Apr 10, 2013, 2:36:52 AM4/10/13
to redbo...@googlegroups.com
Hi,

When you look on the Mint objects page for the party you are curating
and click on ATTACHMENTS are the eac-cpf.xml and rif-cs.xml
datastreams there?

Regards,

Dave

>>> Mike Jones <mike....@innodev.com.au> 10/04/2013 4:24 pm >>>
Hi Sue,

OK, I think we might be getting to the cause of your problem* just need
to know a few more things first:


- Can you tell me what URL you*re using to get the
*noRecordsMatch* message?

- When you say you*ve opened up the firewall for NLA traffic
* can you confirm that you*ve allowed for both:

o Outgoing traffic to nla.gov.au on port 80

o Incoming traffic from nla.gov.au to your exposed Mint port

Cheers,
Mike


From: redbo...@googlegroups.com
[mailto:redbo...@googlegroups.com] On Behalf Of Sue Li
Sent: Wednesday, 10 April 2013 3:34 PM
To: redbo...@googlegroups.com
Subject: Re: [ReDBox] Firewall configuration

Hi Mike,

I understand what you said, but the issue is from the oai feed there is
"noRecordsMatch".
In the main log there is no any NLA sru related errors.
I did modify the nla.py and nlalookup.py to connect the SRUClient
http://www-test.nla.gov.au/apps/srw/search/peopleaustralia

Cheers,
Sue
--
-- Website: http://www.redboxresearchdata.com.au

You received this message because you are subscribed to the Google
Groups ReDBox group. To post to this group, send email to
redbo...@googlegroups.com<mailto:redbo...@googlegroups.com>. To
unsubscribe from this group, send email to
redbox-repo...@googlegroups.com<mailto:redbox-repo...@googlegroups.com>.
For more options, visit this group at
https://groups.google.com/d/forum/redbox-repo?hl=en
---
You received this message because you are subscribed to the Google
Groups "ReDBox" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to
redbox-repo...@googlegroups.com<mailto:redbox-repo...@googlegroups.com>.

Sue Li

unread,
Apr 10, 2013, 3:21:53 AM4/10/13
to redbo...@googlegroups.com

Hi,

Mike: The link that I get the "noRecordsMatch" is from our mint-oai feed : http://local-server:9001/mint/published/feed/oai?verb=ListRecords&metadataPrefix=eac-cpf
 And NLA support staff told me they can access our oai-pmh but can't harvest any records. 

Dave: I can see the eac-cpf.xml and rif.xml in the attachments of the Mint party records.

Thank you!

Cheers,
Sue

Mike Jones

unread,
Apr 10, 2013, 3:28:16 AM4/10/13
to redbo...@googlegroups.com

Hi Sue,

 

You need to replace the word “published” with “NLA_Harvest” in the URL. That should give you the Party records that are to be curated. (You need to ask NLA to use this URL also.)

 

Mike

 

 

From: redbo...@googlegroups.com [mailto:redbo...@googlegroups.com] On Behalf Of Sue Li
Sent: Wednesday, 10 April 2013 4:52 PM
To: redbo...@googlegroups.com
Subject: Re: [ReDBox] Firewall configuration

 

 

Hi,

--

Sue Li

unread,
Apr 10, 2013, 6:48:37 PM4/10/13
to redbo...@googlegroups.com
Hi Mike,


It is the same says "noRecordsMatch" if I change the "published" to "NLA_Harvest".
Thank you!

Cheers,
Sue

Dave Huthnance

unread,
Apr 10, 2013, 7:06:29 PM4/10/13
to redbo...@googlegroups.com
Hi,

Check the view for NLA_Harvest. ie. Go to mint, click on 'Views' and select 'National Library Harvest'. If they are in the view, they will be available for oai if you have the correct URL. If they are not in the view, it means that for some reason the ready_for_nla flag hasn't been set to ready. You can check that in the TF-OBJ-META file under the ATTACHMENTS on the object page for the party you are trying to process.

Regards,

Dave



Dave Huthnance
eResearch Consultant,
Academic & Research Computing Support
Client Services - IT Services
The University of Newcastle
University Drive, Callaghan NSW 2308 AUSTRALIA

T: +61 2 4921 5469
F: +61 2 4921 7087
dave.hu...@newcastle.edu.au

www.newcastle.edu.au
CRICOS Provider Number: 00109J


>>> Sue Li <sue...@utas.edu.au> 11/04/2013 8:48 am >>>

Sue Li

unread,
Apr 10, 2013, 7:13:04 PM4/10/13
to redbo...@googlegroups.com
Hi Dave,

There is no records under "National Library Harvest" and there is no "ready_for_nla" flag, only "ready_for_publish" flag as "ready". Just don't know why they are missing the "ready_for_nla". Do you have any idea? Thank you!

Cheers,
Sue

Duncan Dickinson

unread,
Apr 10, 2013, 7:24:03 PM4/10/13
to ReDBox User List
Hi Sue,

Sorry, this may have been covered but have you enabled NLA integration in your Mint system-config.json file? Look for the following section and edit as needed:

"curation": {
        "curationEmailAddress": "${admin.email}",
        "curationRequiresConfirmation": false,
        "pidProperty": "localPid",
        "nlaIntegration": {
            "enabled": false,
            "pidProperty": "nlaPid",
            "agencyCode": "TO-DO",
            "agencyName": "The University of Examples, Australia",
            "includeTest": {
                "repository.name": "People"
            }
        }
    },

If that's all set up you should be able to login to Mint as admin/admin, go to a person record and hit "Curate Now" and see that record come up in the NLA View.



Cheers,
Sue

--
-- Website: http://www.redboxresearchdata.com.au
 
You received this message because you are subscribed to the Google Groups ReDBox group. To post to this group, send email to redbo...@googlegroups.com. To unsubscribe from this group, send email to redbox-repo...@googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/redbox-repo?hl=en
---
You received this message because you are subscribed to the Google Groups "ReDBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redbox-repo...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Cheers,


Duncan


Duncan Dickinson
QCIF Project Manager 
Central Queensland University

Contact me:
monday to thursday
ph: 07 3138 2084
m: 0432 402 511
skype: de.dickinson

website | calendar | LinkedIn

Sue Li

unread,
Apr 10, 2013, 7:52:11 PM4/10/13
to redbo...@googlegroups.com
Hi Duncan,


Yes in the Mint system-config.json I did change the nlaIntegration enabled=> "true" 

    "curation": {
        "curationEmailAddress": "${admin.email}",
        "curationRequiresConfirmation": false,
        "pidProperty": "localPid",
        "nlaIntegration": {
            "enabled": true,
            "pidProperty": "nlaPid",
            "agencyCode": "AU-TU",
            "agencyName": "University of Tasmania",
            "includeTest": {
                "repository.name": "People"
            }
        }
    },


And also I clicked "curate now" button my party_people record, the record has the "is member of" tag, as attached image.



Thank you!

Cheers,
Sue

Reply all
Reply to author
Forward
0 new messages