https and handles in DSpace

[Fitchett, Deborah]

Hi all,

 

I’m taking baby steps to https everywhere and right now looking at handles in DSpace. Until now we’ve assumed an http default, so the permalink for each record has been stored/displayed as an http handle, and the handle in turn links to the record through http. I’d like to change both, so the record should link to https://hdl.handle.net, and handle.net should resolve to https://our_dspace.ac.nz .

 

My initial brainstorm of all the bases I need to cover for this is as follows – can anyone fill in any blanks or see anything I’ve missed?

                                                                                                                                                                                                                                           

 

Change the handle url generated in DSpace:

·         dspace.cfg -> handle.canonical.prefix = https://hdl.handle.net

·         dspace.cfg -> webui.resolver.2.baseurl = https://hdl.handle.net

 

Change the handle urls stored in our dc.identifier field:

·         fun-but-careful psql queries ftw

·         followed by reindexing our OAI feed

 

Change the DSpace urls sent to handle.net:

·         ? is this determined by one of dspace.baseUrl or dspace.url? or is it a setting at CNRI’s end ?

 

Change the DSpace urls already stored by handle.net

·         ? ask CNRI to update our settings on their proxy server?

 

 

 

Thanks very much!

 

Deborah Fitchett

Senior Advisor, Digital Access

Library, Teaching and Learning

 

p +64 3 423 0358

e deborah....@lincoln.ac.nz | w ltl.lincoln.ac.nz

 

Lincoln University, Te Whare Wānaka o Aoraki

New Zealand's specialist land-based university

 

---

P Please consider the environment before you print this email.
"The contents of this e-mail (including any attachments) may be confidential and/or subject to copyright. Any unauthorised use, distribution, or copying of the contents is expressly prohibited. If you have received this e-mail in error, please advise the sender by return e-mail or telephone and then delete this e-mail together with all attachments from your system."

[Tom Desair]

Hi Deborah,

• Change the handle url generated in dspace.cfg
  
• That's indeed correct

• Change the handle urls stored in our dc.identifier field
  

• A query I've used before for this is: 
• update metadatavalue set text_value = regexp_replace(text_value, 'http://hdl.handle.net', 'https://hdl.handle.net') where metadata_field_id IN (select metadata_field_id from metadatafieldregistry where element = 'identifier' and qualifier = 'uri');

• Change the DSpace urls sent to handle.net
  

• The property used by the DSpace Handle server process is "dspace.url" So if you change that one to "https" you only have to restart the handle server process (because it will still have the old value in memory). 
• To stop the handle server, execute: kill -TERM `ps -ef | grep net.handle.server.Main | grep java | awk '!/grep/ {print $2}'`
• To start it again, call the "start-handle-server" script under "bin/dspace" in your DSpace install directory

• Change the DSpace urls already stored by handle.net
  

• Handle.net does not store the URL to your DSpace repository. They ask the Handle server process on your DSpace server to translate a handle value to a full URL (see bullet point above). Then they cache the response for a few minutes but that cache will update itself in time. So after you have restarted your Handle server process, all should work well and you don't have to contact the CNRI.

I hope this helps!

Best regards,

Tom

 

Tom Desair 250-B Suite 3A, Lucius Gordon Drive, West Henrietta, NY 14586 Esperantolaan 4, Heverlee 3001, Belgium www.atmire.com

--
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscribe@googlegroups.com.
To post to this group, send email to dspac...@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[Alan Orth]

I wasn't aware that Handle.net supported HTTPS yet. This is great news, as I am a strong supporter of using HTTPS everywhere — I will look into upgrading our configuration to generate these HTTPS handles as well.

A word of caution, though, it looks like the hdl.handle.net server's HTTPS configuration requires the use of SNI (server name indication), which is not supported on old clients like Java 6, some Python 2.x, and devices like Android 2.3. You need to investigate the impact this will have on users/clients consuming your repository content. In our case, our repository itself is served with mandatory HTTPS for some years now so any clients would already have to be compliant.

Cheers,

To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.

To post to this group, send email to dspac...@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.

To post to this group, send email to dspac...@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

--

Alan Orth
alan...@gmail.com
https://englishbulgaria.net
https://alaninkenya.org
https://mjanja.ch

[Fitchett, Deborah]

Fantastic, Tom, thanks so much!

 

Deborah

 

From: Tom Desair [mailto:tom.d...@atmire.com]
Sent: Thursday, 2 February 2017 12:29 a.m.
To: Fitchett, Deborah <Deborah....@lincoln.ac.nz>
Cc: dspac...@googlegroups.com
Subject: Re: [dspace-tech] https and handles in DSpace

 

Hi Deborah,

 

• Change the handle url generated in dspace.cfg

• That's indeed correct

• Change the handle urls stored in our dc.identifier field

• A query I've used before for this is: 
• update metadatavalue set text_value = regexp_replace(text_value, 'http://hdl.handle.net', 'https://hdl.handle.net') where metadata_field_id IN (select metadata_field_id from metadatafieldregistry where element = 'identifier' and qualifier = 'uri');

• Change the DSpace urls sent to handle.net

• The property used by the DSpace Handle server process is "dspace.url" So if you change that one to "https" you only have to restart the handle server process (because it will still have the old value in memory). 
• To stop the handle server, execute: kill -TERM `ps -ef | grep net.handle.server.Main | grep java | awk '!/grep/ {print $2}'`
• To start it again, call the "start-handle-server" script under "bin/dspace" in your DSpace install directory

• Change the DSpace urls already stored by handle.net

• Handle.net does not store the URL to your DSpace repository. They ask the Handle server process on your DSpace server to translate a handle value to a full URL (see bullet point above). Then they cache the response for a few minutes but that cache will update itself in time. So after you have restarted your Handle server process, all should work well and you don't have to contact the CNRI.

I hope this helps!

 

Best regards,

Tom

 

--

To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.

[Alan Orth]

Hi,

In looking at this, it seems like there are a handful of places where "http://hdl.handle.net" is hard coded in Java and other configuration files. Are we sure replacing this won't have ill effects down the road? Check for yourself:

$ grep -rsI http://hdl.handle.net *

I was just about to update our repository to use HTTPS handles, but now I'm actually pretty sure this will break things in weird ways, when you least expect it (item update, handle update, crosswalks, RDF, etc)!

Regards,