Setting up DSpace on Windows Server 2022

[Andrew Purnama]

Hi there,

I followed the instruction here: https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-FrontendRequirements

I used NGinx and on frontend installation:

• step 5; used YAML configuration
• step 6: run via PM2
  

Everything went well but after finishing up the last part (step 8, add HTTPS support):

• accessing https://host.domain.com shows: 502 Bad Gateway
  can still access backend (https://host.domain.com/server)
• can't access http://localhost:4000 anymore, shows: 500 Service Unavailable
  if I revert the dspace.ui.url back to default (http://localhost:4000), it works

Also, seems like port 4000 is not accessible from different host.

Not sure where to go from here so really appreciate any help/hint/anything.

Thank you in advance.

[DSpace Technical Support]

Hi,

It sounds like your Nginx setup isn't working properly... but it's hard to say exactly *why*.  You may want to check the Nginx logs, as it could be a simple misconfiguration or similar. 

Port 4000 (or any "localhost" style URLs) won't be available from a different host.  This is why you need Nginx (or Apache) to turn that localhost URL into an actual hostname/domain (like "demo.dspace.org").  The localhost URLs will only work from the same machine that site is on... so they are really only useful for development/quick testing.

Tim

[Andrew Purnama]

Hi Tim,

I followed as per front end installation step 8.1.iii, only changed the URL to match ours.

###

# HTTPS server

server {

listen       443 ssl;
server_name repository.bionicsinstitute.org;
ssl_certificate      C:/nginx-1.25.1/cert/wildcardChain.crt;

ssl_certificate_key  C:/nginx-1.25.1/cert/domain.rsa;

# Proxy all HTTPS requests to "/server" from NGinx to Tomcat on port 8080
location /server {

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8080/server;
}

# For UI
# proxy all HTTPS requests from NGinx to PM2 on localhost, port 4000
# URL must match the "ui" settings in config.prod.yml
location / {

proxy_pass http://localhost:4000/;
}

}

###

I thought of matching the "location /" code block with the other one by adding below but no luck.

###

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;

###

I did look around in the logs folder but not sure what to look for.

attached are the 2 log files from \nginx\logs folder.

F12 on Edge shows below.

I also tried adding below (bold) in \DSpace\config\local.cfg but still no luck (found some old post about CORS issue).

At least due to the highlighted part I can access http://localhost:4000 from the server again.

###

dspace.server.url = https://repository.bionicsinstitute.org/server
dspace.ui.url = https://repository.bionicsinstitute.org

rest.cors.allowed-origins = ${dspace.ui.url}, http://localhost:4000, https://repository.bionicsinstitute.org:443
proxies.trusted.ipranges = 192.168.110.6

###

Not sure if it cause issue, I've added a manual entry in C:\Windows\System32\drivers\etc\hosts file:

###

192.168.110.6 repository.bionicsinstitute.org

###

I have yet to try Apache HTTPD, will explore that next week.

Regards,

Andrew

--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/ed8dbaa5-1704-4b32-a3aa-8fb32886b5d8n%40googlegroups.com.

[DSpace Technical Support]

Hi Andrew,

I'm not an expert with Nginx.  So, I'm hoping someone else on this list might provide some advice to you.  However, I did notice that the "error.log" you shared has a ton of errors that say:

connect() failed (10061: No connection could be made because the target machine actively refused it)

This makes me suspect that Nginx may not be able to find the DSpace user interface running on localhost:4000?  Or somehow the DSpace UI isn't running on http://localhost:4000/ (or is on a different port)?  I'm not sure offhand where the problem lies as I'm not an Nginx expert.  But I know others on this list may be able to help better than I.

Tim

[catorce_CL]

Hi Andrew, how do you solve it?

[Elaine Ding]

I have the similar issue  502 proxy error like this, it happens intermittently like one of ten tries.  I would like to know the solution too. Thanks

[Watson Anikwai]

Is anyone resolving this issue? 

[Katy Earl]

Dealing with the proxy was a beast for me, with so many moving parts. It was hard to pinpoint exactly which changes make a difference, but I'll share some of my thoughts / observations.

1. Certs. Do you have a way to ensure that your certs are good?

2. Port status. Check open ports to see that 443 is open: sudo ufw status

2. Order of clauses. I did notice a change in how Nginx behaved when I changed the order of the location clauses, with "/" coming before "/server". At least it seemed that way... I'm willing to be wrong on this...

3. Localhost. I seemed to have better success with the proxy when I proxy_passed internal IP instead of localhost. Try this out in Nginx: before making the jump to https, try out http, listen 80, but with your internal IP address in the location clauses (examples below).

4. Yarn first. Try running your UI with just yarn start (which will pull config from config.prod.yml and any .env overrides, from within your dspace-angular install/build directory) and don't do the PM2 yet. See if you can get your Nginx proxy to work with that. I found that PM2 added another layer of problems that were difficult to sort out. Once you have Nginx and the yarn server (UI) working together nicely, then add in PM2 and see if you can get that working.

5. Be reboot-friendly. I found too that sometimes when playing around with config.prod.yml and .env and rebuilding and restarting yarn or PM2, the system wouldn't fully take the new settings. Not sure what I am missing there. Safest thing to do was to reboot the system after changing stuff in those files and retry "yarn start". Sometimes it made the difference.

6. Deployment location. PM2 works and doesn't cause CORS problems when I run it using a dspace-ui.json file in the dspace-angular install build directory. However, when I run PM2 from a dspace-ui.json file in a dspace-ui-deploy directory that has dist and config.prod.yml copied to it (as per the Lyrasis installation suggestions), the UI has CORS issues. Not sure what I am missing yet... maybe some environment variables??

So many moving parts that all have to talk exactly in the right way. Here are mine, for reference. With these settings I am able to access the server remotely with my proper URL (I substituted it with "myfqdn.com" below) and I can log in, do administration stuff, etc. Hope it is useful for your troubleshooting.

---

Pertinent stuff from local.cfg

dspace.dir=/opt/dspace-7/server
dspace.server.url = http://myfqdn.com/server
dspace.ui.url = http://myfqdn.com
rest.cors.allowed-origins = ${dspace.ui.url}, "http://10.10.10.177:4000", "http://localhost:4000", "http://127.0.0.1:4000"


Pertinent stuff from /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
index index.html index.htm index.nginx-debian.html;
server_name myfqdn.com;
 
location / {
                proxy_set_header X-Forwarded-Proto http;
                proxy_set_header X-Forwarded-Host $host;
                proxy_pass http://10.10.10.177:4000;
        }
 
location /server {
                proxy_set_header X-Forwarded-Proto http;
                proxy_set_header X-Forwarded-Host $host;
                proxy_pass http://10.10.10.177:8080/server;
        }

location ~ /\.ht {
                deny all;
        }
}

Pertinent stuff from /opt/dspace-7-angular/config/config.prod.yml   (Note that port #s are commented out)
ui:
  ssl: false
  host: myfqdn.com
  #port: 4000
  nameSpace: /
  rateLimiter:
    windowMs: 60000 # 1 minute
    max: 500 # limit each IP to 500 requests per windowMs
  useProxies: true

rest:
  ssl: false
  host: myfqdn.com
  #port: 8080
  nameSpace: /server


(Aside: This .env file really was necessary for yarn and the proxy to work!!! There may be other places to put the data, but this worked for me.
I'm not sure of the role of .env when using PM2? Does PM2 see it? Anyone have insight on that? )
/opt/dspace-7-angular/.env    (Note I am using DSpace v.7.6.1, for which I think the environment variables are a little different from earlier versions of DSpace)
"DSPACE_HOST": "myfqdn.com"
"DSPACE_PORT": "80"
"DSPACE_NAMESPACE": "/"
"DSPACE_SSL": "false"

---

ADDING IN PM2:

With the above settings, I can run "yarn start" from /opt/dspace-7-angular with no issues.

When I switch to running PM2 from /opt/dspace-7-angular, these settings in dspace-ui.json worked for me there. However, I could not get dspace-ui.json (with the tweaked cwd) and PM2 to work properly when I tried running it from a separate deployment folder. I'm hoping I'll find an answer to that later....

/opt/dspace-7-angular/dspace-ui.json

{
    "apps": [
        {
           "name": "dspace-ui",
           "cwd": "/opt/dspace-7-angular",
           "script": "dist/server/main.js",
           "instances": "max",
           "exec_mode": "cluster",
           "env": {
              "NODE_ENV": "production"
           }
        }
    ]
}


I'll be trying to change this over to HTTPS soon, have some cert stuff to sort out, but perhaps I'll share successful settings when I get there. These proxy / CORS issues with the DSpace UI seem to be common, and it is a challenge to sort out.

May the odds be ever in your favor.

Katy