Help Needed: DSpace 7.6.1 HTTPS Access Issue with Nginx Reverse Proxy - Windows 10
971 views
Skip to first unread message
Sidney Campos
Dec 9, 2023, 9:44:17 AM12/9/23
to DSpace Technical Support
Good afternoon, friends. I hope you are well.
I need help with the HTTPS access to my DSpace 7.6.1, with Tomcat 9 and Nginx as a reverse proxy on a Windows 10 server. This is my first installation of the platform, and everything went smoothly in the process. I can access the platform locally at "localhost:4000." I configured my Nginx, and when I try to access it from outside the local network, it loads the page correctly but after 2 seconds, I am redirected to a 500 error page.
This is my Nginx configuration:
server {
listen 80;
server_name fevasf-repositorio.ddns.net;
rewrite ^ https://fevasf-repositorio.ddns.net permanent;
location / {
proxy_pass http://localhost:4000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name fevasf-repositorio.ddns.net;
ssl_certificate C:/nginx-1.25.3/cert/cert.pem;
ssl_certificate_key C:/nginx-1.25.3/cert/privkey.pem;
location / {
proxy_pass http://localhost:4000;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /server {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8080/server;
}
}
This is my "config.prod.yml" configuration:
ui:
ssl: false
host: localhost
port: 4000
nameSpace: /
rateLimiter:
windowMs: 60000 # 1 minute
max: 500 # limit each IP to 500 requests per windowMs
useProxies: true
rest:
ssl: false
host: localhost
port: 8080
nameSpace: /server
This is my "local.cfg" configuration:
space.server.url = http://localhost:8080/server
dspace.ui.url = http://localhost:4000
This is my Tomcat "server.xml" configuration:
<Connector port="8080"
minSpareThreads="25"
enableLookups="false"
redirectPort="8443"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8" />
And finally, this is the error in the Nginx log:
2023/12/08 13:30:18 [error] 5856#5432: *394 connect() failed (10061: No connection could be made because the target machine actively refused it) while connecting to upstream, client: 192.241.215.42, server: fevasf-repositorio.ddns.net, request: "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1", upstream: "http://127.0.0.1:4000/autodiscover/autodiscover.json?@zdi/Powershell", host: "189.41.79.255"
I have tried various configurations without success. Can someone shed some light? I am a beginner in working with DSpace and have been trying for a week.
I need help with the HTTPS access to my DSpace 7.6.1, with Tomcat 9 and Nginx as a reverse proxy on a Windows 10 server. This is my first installation of the platform, and everything went smoothly in the process. I can access the platform locally at "localhost:4000." I configured my Nginx, and when I try to access it from outside the local network, it loads the page correctly but after 2 seconds, I am redirected to a 500 error page.
This is my Nginx configuration:
server {
listen 80;
server_name fevasf-repositorio.ddns.net;
rewrite ^ https://fevasf-repositorio.ddns.net permanent;
location / {
proxy_pass http://localhost:4000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name fevasf-repositorio.ddns.net;
ssl_certificate C:/nginx-1.25.3/cert/cert.pem;
ssl_certificate_key C:/nginx-1.25.3/cert/privkey.pem;
location / {
proxy_pass http://localhost:4000;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /server {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8080/server;
}
}
This is my "config.prod.yml" configuration:
ui:
ssl: false
host: localhost
port: 4000
nameSpace: /
rateLimiter:
windowMs: 60000 # 1 minute
max: 500 # limit each IP to 500 requests per windowMs
useProxies: true
rest:
ssl: false
host: localhost
port: 8080
nameSpace: /server
This is my "local.cfg" configuration:
space.server.url = http://localhost:8080/server
dspace.ui.url = http://localhost:4000
This is my Tomcat "server.xml" configuration:
<Connector port="8080"
minSpareThreads="25"
enableLookups="false"
redirectPort="8443"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8" />
And finally, this is the error in the Nginx log:
2023/12/08 13:30:18 [error] 5856#5432: *394 connect() failed (10061: No connection could be made because the target machine actively refused it) while connecting to upstream, client: 192.241.215.42, server: fevasf-repositorio.ddns.net, request: "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1", upstream: "http://127.0.0.1:4000/autodiscover/autodiscover.json?@zdi/Powershell", host: "189.41.79.255"
I have tried various configurations without success. Can someone shed some light? I am a beginner in working with DSpace and have been trying for a week.
DSpace Technical Support
Dec 12, 2023, 3:50:28 PM12/12/23
to DSpace Technical Support
Hi,
Your configured URLs are incorrect in the frontend & backend.
Your configured URLs are incorrect in the frontend & backend.
In the backend (local.cfg), these URLs **must** be public URLs and NOT "localhost". If you have them set at localhost, only people on that same machine can access the site.
# Not sure if these are correct for your setup, but should be something like this:
dspace.server.url = https://fevasf-repositorio.ddns.net/server/
dspace.ui.url = = https://fevasf-repositorio.ddns.net/
On the Frontend (config.prod.yml), your "rest" URL MUST also be a public ULR (not "localhost") and should match what you have in "dspace.server.url". LIkely should be this:
In the end, the *only* "localhost" URL should be the "ui" settings in the Frontend (config.prod.yml)
For more details on either of these, take a closer look at the Installation Documentation examples. https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace Pay close attention to the last step for both the Frontend and Backend install, as it explains how to configure DSpace for HTTPS/Production (with examples for Nginx).
Good luck!
Tim
Sidney Campos
Dec 13, 2023, 3:21:40 PM12/13/23
to DSpace Technical Support
Hello DSpace Technical Support,
I'm thrilled with your prompt response. I've reinstalled the DSpace 7.6.1 front-end to ensure that all steps were followed accurately. With the original settings, I successfully regained local access at localhost:4000, and running 'yarn test:rest' returned a status code of 200.
I've implemented the configurations you suggested, carefully read the documentation, and ensured that the settings are correctly in place. Currently, the configurations are as follows:
server.xml:
<Connector port="8080"
minSpareThreads="25"
enableLookups="false"
redirectPort="8443"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8" />
ui:
ssl: false
host: localhost
port: 4000
nameSpace: /
server {
listen 80;
server_name fevasf-repositorio.ddns.net;
rewrite ^ https://fevasf-repositorio.ddns.net permanent;
}
ssl_certificate C:/nginx-1.25.3/cert/cert.pem;
ssl_certificate_key C:/nginx-1.25.3/cert/privkey.pem;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
I'm thrilled with your prompt response. I've reinstalled the DSpace 7.6.1 front-end to ensure that all steps were followed accurately. With the original settings, I successfully regained local access at localhost:4000, and running 'yarn test:rest' returned a status code of 200.
I've implemented the configurations you suggested, carefully read the documentation, and ensured that the settings are correctly in place. Currently, the configurations are as follows:
server.xml:
<Connector port="8080"
minSpareThreads="25"
enableLookups="false"
redirectPort="8443"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8" />
Local.cfg:
bash
Copy code
dspace.dir=C:/dspace
dspace.server.url = https://fevasf-repositorio.ddns.net/server
dspace.ui.url = https://fevasf-repositorio.ddns.net
dspace.name = Fevasf Repositório
solr.server = http://localhost:8983/solr
bash
Copy code
dspace.dir=C:/dspace
dspace.server.url = https://fevasf-repositorio.ddns.net/server
dspace.ui.url = https://fevasf-repositorio.ddns.net
dspace.name = Fevasf Repositório
solr.server = http://localhost:8983/solr
config.prod.yml:
ui:
ssl: false
host: localhost
port: 4000
nameSpace: /
Applying these configurations, 'yarn test:rest' presents the following error:
ERROR connecting to REST API
Error: connect ETIMEDOUT 186.210.149.18:443
Done in 23.25s.
ERROR connecting to REST API
Error: connect ETIMEDOUT 186.210.149.18:443
Done in 23.25s.
I also noticed that when accessing localhost:8080/server, the displayed configurations are different from the current configuration:
{
"dspaceUI": "http://localhost:4000",
"dspaceName": "Fevasf Repositório",
"dspaceServer": "http://localhost:8080/server",
"dspaceVersion": "DSpace 7.6.1",
"type": "root"
}
{
"dspaceUI": "http://localhost:4000",
"dspaceName": "Fevasf Repositório",
"dspaceServer": "http://localhost:8080/server",
"dspaceVersion": "DSpace 7.6.1",
"type": "root"
}
Different from the current configuration.
Outside the local network, I can access https://fevasf-repositorio.ddns.net/server, but I cannot access https://fevasf-repositorio.ddns.net.
The current Nginx configuration is as follows:
Outside the local network, I can access https://fevasf-repositorio.ddns.net/server, but I cannot access https://fevasf-repositorio.ddns.net.
The current Nginx configuration is as follows:
server {
listen 80;
server_name fevasf-repositorio.ddns.net;
rewrite ^ https://fevasf-repositorio.ddns.net permanent;
}
server {
listen 443 ssl;
listen 443 ssl;
ssl_certificate C:/nginx-1.25.3/cert/cert.pem;
ssl_certificate_key C:/nginx-1.25.3/cert/privkey.pem;
location /server {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8080/server;
}
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8080/server;
}
location / {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
I've tried various combinations of configurations without success. I even added the following configuration in local.cfg:
rest.cors.allowed-origins = ${dspace.ui.url}, https://fevasf-repositorio.ddns.net, https://fevasf-repositorio.ddns.net/server, http://127.0.0.1:4000, https://localhost:4000, http://localhost:4000
'yarn test:rest' simply times out when I change the URLs in local.cfg.
Is there any missing configuration? Thank you in advance for your assistance.
rest.cors.allowed-origins = ${dspace.ui.url}, https://fevasf-repositorio.ddns.net, https://fevasf-repositorio.ddns.net/server, http://127.0.0.1:4000, https://localhost:4000, http://localhost:4000
'yarn test:rest' simply times out when I change the URLs in local.cfg.
Is there any missing configuration? Thank you in advance for your assistance.
DSpace Technical Support
Dec 14, 2023, 4:15:35 PM12/14/23
to DSpace Technical Support
Hi,
It's difficult to diagnose the issue in this situation. While sometimes issues are obvious in configurations, nothing jumps out at me from what you have shared.
It's difficult to diagnose the issue in this situation. While sometimes issues are obvious in configurations, nothing jumps out at me from what you have shared.
However, since `yarn test:rest` is timing out, that implies that the machine where the frontend is running *cannot connect* to the backend via the "rest" settings in your `config.prod.yml`. That may mean either those settings are *not* correct, or maybe your Tomcat or Apache is erroring out (check the logs for both for errors), or some other error may be occurring. You may want to use the Troubleshooting guide to look for errors on the backend. https://wiki.lyrasis.org/display/DSPACE/Troubleshoot+an+error#Troubleshootanerror-DSpace7.x(orabove)
Another option: Since you've found a way to get the backend running, you could try to *temporarily* run the frontend from http://localhost:4000/ and see if you can get it to communicate with the backend running at https://fevasf-repositorio.ddns.net/server This would require you to test the frontend from the same machine where it is running (as localhost URLs will only work from the same machine). That might provide you with clues as to whether the issue is in the DSpace configuration, or if the issue is in your configuration of the Apache proxy or similar. If the frontend runs fine on localhost:4000, that'd imply your DSpace configs are OK. But, if it doesn't work there, then you may need to figure out how to get "yarn test:rest" to work and see if there's a networking issue causing the frontend to not be able to communicate with the backend.
Tim
Sidney Campos
Dec 15, 2023, 11:39:19 AM12/15/23
to DSpace Technical Support
Thank you very much!
Your responses were instrumental in resolving 80% of my issue. I now have DSpace up and running on my local server, utilizing Windows 10, Nginx, and a free domain! The remaining 20% of success, I attribute to this valuable response:
I thoroughly read through the installation documentation and conducted error troubleshooting. I noticed that it lacks some guidance for Windows installation. To enable HTTPS functionality, it is crucial to add the domain in Windows "hosts file"
127.0.0.1 <YOUR DOMAIN>
Only then will the application succeed with "yarn test:rest." Another troubleshooting tip is to use the command pm2 start angular.json --no-daemon. It's excellent for checking communication errors. Also, keep an eye on the Nginx logs.
Wishing you a Merry Christmas!
Bizuayehu Hussien
Jan 16, 2024, 8:37:44 AM1/16/24
to DSpace Technical Support
my dspace configuration on localhost it works properly without any error but i change the localhost to LAN static ip it faces the error like 500 Service Unavailable within 2 seconds.what is the solution.
suresh patil
Jul 29, 2024, 12:54:26 AM7/29/24
to DSpace Technical Support
>>my dspace configuration on localhost it works properly without any error but i change the localhost to LAN static ip it faces the error like 500 Service Unavailable within 2 seconds.what is the solution. : I ALSO NEED THE SOLUTION FOR THIS.
DSpace Technical Support
Aug 5, 2024, 12:04:39 PM8/5/24
to DSpace Technical Support
Hi,
A "500 Service Unavailable" message after installation (or changes in configuration) usually means the frontend is no longer able to communicate with the backend. It could be that you made a change to the frontend configs that means a similar change also needs to be made to the backend configs (or visa versa).
We have a guide for how to solve this problem in our "Common Installation Issues": https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-%22500ServiceUnavailable%22fromtheUserInterface
Tim
Reply all
Reply to author
Forward
0 new messages