dspace ssl with apache proxy
Nico Lambrechts
ssl: false
host: localhost
port: 4000
nameSpace: /
ssl: false
host: localhost
port: 8080
nameSpace: /server
# Add your domain here. We've added "my.dspace.edu" as an example
ServerName dspace.domain
#.. setup your host how you want, including log settings...
# Most installs will need these options enabled to ensure DSpace knows its hostname and scheme (http or https)
# Also required to ensure correct sitemap URLs appear in /robots.txt for User Interface.
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto https
SSLEngine on
SSLCertificateFile /etc/ssl/certs/Cert2024.pem
SSLCertificateKeyFile /etc/ssl/private/Cert2024.key
SSLHonorCipherOrder off
SSLSessionTickets off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
<Proxy>
AddDefaultCharset Off
Require all granted
</proxy>
ProxyPass /server http://localhost:8080/server
ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
</VirtualHost>
Daan Lessing
ProxyPass /server http://xxxxxxx:8080/server
ProxyPassReverse /server http://xxxxxxx:8080/server
#Angular UI
ProxyPass / http:xxxxxxx:4000/
ProxyPassReverse / http://xxxxxxx:4000/
#solr
ProxyPass /solr http://127.0.0.1:8983/solr
ProxyPassReverse /solr http://127.0.0.1:8983/solr
Hope this helps,
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/1e0cd92c-5236-4643-adf3-f00c1eda62acn%40googlegroups.com.
|
Sender notified by Mailtrack | 25/05/24, 10:28:39 |
lambrec...@gmail.com
Good day,
Thank you for your earlier response, however,
I have made the suggested changes to my local.cfg (attached).
However, from a network connected pc;
https://libdspace.ufh.ac.za does not open.
https://libdspace.ufh.ac.za/server opens
https://libdspace.ufh.ac.za/solr does not open
from the dspace server;
https://libdspace.ufh.ac.za does not open.
http://localhost:4000 does not open
https://libdspace.ufh.ac.za/server opens
http://localhost:8080/server opens
https://libdspace.ufh.ac.za/solr does not open
https://localhost:4000 does not open
root@dspace:/dspace/config# sudo lsof -i -P -n | grep LISTEN
systemd-r 778 systemd-resolve 14u IPv4 20806 0t0 TCP 127.0.0.53:53 (LISTEN)
cupsd 860 root 6u IPv6 21339 0t0 TCP [::1]:631 (LISTEN)
cupsd 860 root 7u IPv4 21340 0t0 TCP 127.0.0.1:631 (LISTEN)
java 893 tomcat 37u IPv6 24241 0t0 TCP *:8080 (LISTEN)
postgres 959 postgres 5u IPv4 23627 0t0 TCP 127.0.0.1:5432 (LISTEN)
sshd 965 root 3u IPv4 22280 0t0 TCP *:22 (LISTEN)
sshd 965 root 4u IPv6 22282 0t0 TCP *:22 (LISTEN)
apache2 1078 root 4u IPv6 23641 0t0 TCP *:80 (LISTEN)
apache2 1078 root 6u IPv6 23645 0t0 TCP *:443 (LISTEN)
apache2 1083 www-data 4u IPv6 23641 0t0 TCP *:80 (LISTEN)
apache2 1083 www-data 6u IPv6 23645 0t0 TCP *:443 (LISTEN)
apache2 1084 www-data 4u IPv6 23641 0t0 TCP *:80 (LISTEN)
apache2 1084 www-data 6u IPv6 23645 0t0 TCP *:443 (LISTEN)
java 1085 solr 46u IPv6 25192 0t0 TCP 127.0.0.1:7983 (LISTEN)
java 1085 solr 167u IPv6 26754 0t0 TCP *:8983 (LISTEN)
sshd 1888 dspace 7u IPv6 28048 0t0 TCP [::1]:6010 (LISTEN)
sshd 1888 dspace 9u IPv4 28049 0t0 TCP 127.0.0.1:6010 (LISTEN)
PM2\x20v5 2188 root 20u IPv4 31449 0t0 TCP 127.0.0.1:4000 (LISTEN)
Please help?
It is my goal to access this server (single server) using https://dspace.domain/
Michael Plate
Am 24.05.24 um 23:00 schrieb Nico Lambrechts:
> this will be a production server running ssl, so i have installed apache
> to proxy.
>
> from a network computer, I access https://dspace.domain, the site open
> with error 500.
> I access https://dspace.domain/server, the /server/api site open with no
> problem.
>
> from the server i access http://localhost:4000 and the site open with no
> problem.
> http://localhost:8080/server and the site open with no problem.
>
> my config below:
> local.cfg:
> dspace.server.url = http://localhost:8080/server
> dspace.ui.url = http://localhost:4000
dspace.server.url = https://dspace.domain/server
dspace.ui.url = https://dspace.domain
>
> config.prod.yml:
> ui:
> ssl: false
> host: localhost
> port: 4000
> nameSpace: /
>
> rest:
> ssl: false
> host: localhost
just the hostname, means "dspace.domain" .
> port: 8080
port: 443
check your apache config and ssl correctness with openssl before going
on to dspace:
openssl s_client -connect dspace.domain:443
you should have complete cert chain and verify returns 0.
CU
Michael