Error 500 after enabling HTTPS in DSpace 7.4

[Matúš Formanek]

Hi!

Please, I need technical support... My Dspace 7.4 works properly on IP address (without domain name). Then, I got domain name a wanted to enable HTTPS (according to steps in Dspace manual). I used Certbot automatic HTTPS installation. Currently, I use http proxy for front-end as well as for backend, but I always get 500 error when accessing frontend ( https://repozitar.fhv.uniza.sk/ ). 

Debugging console from Chrome shows me these errors messeges:

polyfills.5216e8b00933a73e.js:1 Mixed Content: The page at 'https://repozitar.fhv.uniza.sk/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://repozitar.fhv.uniza.sk:8080/server/api'. This request has been blocked; the content must be served over HTTPS.
main.5740e328184b19c8.js:1 Error:  x {headers: h, status: 0, statusText: 'Unknown Error', url: 'http://repozitar.fhv.uniza.sk:8080/server/api', ok: false, …}
main.5740e328184b19c8.js:1 {statusCode: 0, statusText: 'Unknown Error', message: 'Http failure response for http://repozitar.fhv.uniza.sk:8080/server/api: 0 Unknown Error'}

It seems that backend (proxy to backend) works fine ( https://repozitar.fhv.uniza.sk/server ). I suppose that my frontend and backend are not correctly connected. Please, check my configuration:

dspace backend local.cfg contains:

dspace.server.url = https://repozitar.fhv.uniza.sk/server
dspace.ui.url = https://repozitar.fhv.uniza.sk

solr.server = http://localhost:8983/solr

apache2.... /sites-enabled/000-default-le-ssl.conf:

ProxyPass /server http://localhost:8080/server

ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
SSLCertificateFile /etc/letsencrypt/live/repozitar.fhv.uniza.sk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/repozitar.fhv.uniza.sk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/repozitar.fhv.uniza.sk/chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

Dspace front-end config.prod.yml contains:

ui:
  ssl: false
  host: localhost
  port: 4000
  rateLimiter:
    windowMs: 60000 # 1 minute
    max: 500 # limit each IP to 500 requests per windowMs
      # Trust X-FORWARDED-* headers from proxies (default = true)
  useProxies: true

rest:
  ssl: true
  host: repozitar.fhv.uniza.sk
  port: 443
  nameSpace: /server

 I feel consternated. ... :( Enabling HTTPS on 6.3 was much easier. 

Thank you so much for any advice on this matter. 

Matus

[Mohammad S. AlMutairi]

Hi Matus,

Your frontend is trying to reach the backend on "'http://repozitar.fhv.uniza.sk:8080/server/" which should not happen because of how you tell it to reach the backend in local.cfg. Follow the steps you see below it should fix it for you.

** Your local.cfg and config.prod.yml is O.K so don't change them.

# Only follow these steps if DSpace is the only site configured in apache in your server.
1) echo "dspace-server-private-ip repozitar.fhv.uniza.sk" >> /etc/hosts
2) a2enmod proxy_http ssl headers
3) rm -rf  /etc/apache2/sites-enabled/*.conf
4) edit /etc/apache2/sites-available/dspace.conf ... Copy and past what's in the attached file into dspace.conf.
5) a2ensite dspace.conf
6) systemctl restart apache2

# Test & Build the Frontend

1) yarn test:rest

RESPONSE: 200                                                                                          <--- You should get the 200 response for a successful connection.

Checking JSON returned for validity...
        "dspaceVersion" = DSpace 7.4
        "dspaceUI" = https://repozitar.fhv.uniza.sk                                    <--- should match dspace.ui.url in local.cfg or dspace.cfg
        "dspaceServer" = https://repozitar.fhv.uniza.sk/server                <--- should match dspace.server.url in local.cfg or dspace.cfg
        "dspaceServer" property matches UI's "rest" config? true           <--- Should be true before proceeding to the building step
        Does "/api" endpoint have HAL links ("_links" section)? true     <--- Should be true before proceeding to the building step

2) yarn start:prod

*** Make sure tomcat is running on port 8080 and SSL is not enabled in Tomcat server.xml config file. SSL termination will be done on Apache instead. 

Good luck

[Matúš Formanek]

Thank you very much for your help!  I use your dspace.conf from previous post

I have made one another mistake... I forgot to change the settings in dspace-ui.json (starting script for frontend)....config.prod.yml has been changed but json not.  Now it works!

Dátum: pondelok 6. februára 2023, čas: 16:16:12 UTC+1, odosielateľ: alo...@gmail.com