HTTPS not working with REST OAI SWORD

[Chin U. Kim]

Hello All,

We recently installed a SSL certificate on our instance of Dspace.

Everything seems to work for via the web browser but when making connection via Elements using rest and sword, we get Internal Error 500 401

We're using Apache for the SSL and then forwarding to Tomcat.

I've followed the outline provided at https://wiki.duraspace.org/display/DSDOC6x/Installing+DSpace#InstallingDSpace-UsingSSLonApacheHTTPDinfrontofTomcat(runningonports80and443)

AJP 1.3 is defined in the tomcat server.xml

AJP proxypass and proxypassreverse setup in virtualhost :443

and a Redirect permanent to https in virtualhost : 80

Security Constraint was enabled in webapps/rest/

What am I missing?

Dspace version 6.3

Apache version 2.4.6

Tomcat version 7.x

Thanks in advance for any assistance.

Best,

Chin

[George Peterson 4th]

Hi Did you check Tomcat and Apache error logs? Your 500 should be nicely explained there 

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/5c3f3557-cbe2-47f0-afdb-0c2a4d41c4ca%40googlegroups.com.

[Gabriel Galson]

George- 

I work with Chin.  Chiming in to post the error.  What does this indicate to you?  Again, this is an error we recieve when attempting to import directly from Symplectic Elements through Rest/SWORDv2.  We also recently switched from http to https and set up an SSL cert; prior to this the Elements process was working.  Any insight or help this group can provide would be appreciated!  

here's the error:  

"

INFO: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:136)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1000)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
"

-Gabe

On Wednesday, June 5, 2019 at 6:21:15 AM UTC-4, George Peterson 4th wrote:

Hi Did you check Tomcat and Apache error logs? Your 500 should be nicely explained there 

On Tue, Jun 4, 2019 at 5:20 PM Chin U. Kim <tud1...@temple.edu> wrote:

Hello All,

We recently installed a SSL certificate on our instance of Dspace.

Everything seems to work for via the web browser but when making connection via Elements using rest and sword, we get Internal Error 500 401

We're using Apache for the SSL and then forwarding to Tomcat.

I've followed the outline provided at https://wiki.duraspace.org/display/DSDOC6x/Installing+DSpace#InstallingDSpace-UsingSSLonApacheHTTPDinfrontofTomcat(runningonports80and443)

AJP 1.3 is defined in the tomcat server.xml

AJP proxypass and proxypassreverse setup in virtualhost :443

and a Redirect permanent to https in virtualhost : 80

Security Constraint was enabled in webapps/rest/

What am I missing?

Dspace version 6.3

Apache version 2.4.6

Tomcat version 7.x

Thanks in advance for any assistance.

Best,

Chin

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dspac...@googlegroups.com.

[Mark H. Wood]

On Wed, Jun 05, 2019 at 05:53:35AM -0700, Gabriel Galson wrote:
> George-
>
> I work with Chin. Chiming in to post the error. What does this indicate
> to you? Again, this is an error we recieve when attempting to import
> directly from Symplectic Elements through Rest/SWORDv2. We also recently
> switched from http to https and set up an SSL cert; prior to this the
> Elements process was working. Any insight or help this group can provide
> would be appreciated!
>
> here's the error:
> "
> INFO: Error parsing HTTP request header
> Note: further occurrences of HTTP header parsing errors will be logged at
> DEBUG level.
> java.lang.IllegalArgumentException: Invalid character found in method name.
> HTTP method names must be tokens

When I see something like that, my first thought is that the client
sent HTTPS but the server interpreted it as HTTP. I'd check which
port the client is configured to use, and anything else which could
result in such confusion.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

[Anne Lawrence]

I would first test Swordv2 like

curl -i https://vtechworks.lib.vt.edu/swordv2/servicedocument --user "elemen...@vt.edu

Then I would test REST. Note HTTP/HTTPS issue, https://wiki.duraspace.org/display/DSDOC6x/REST+API#RESTAPI-DisablingSSL.

curl -H "Content-Type: application/json" -H "Accept: application/json" https://vtechworks.lib.vt.edu/rest/test

Anne

[Chin U. Kim]

in HTTPD;

virtualhost :80

I have redirect permanent to https

virtualhost :443

I have proxypass and proxypassreverse set to ajp://servername:8009/

in Server.xml

<Connector port="8009" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8" redirectPort="8443" />

<Connector port="8443" protocol="HTTP/1.1" proxyPort="443"

               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

 <Connector executor="tomcatThreadPool"

               port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8080" />

 <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8080"

               URIEncoding="UTF-8" />

Does anything seem off or incorrect?

[George Peterson 4th]

Hi I have slightly different settings

first, my Apache and Tomcat run on the same machine so i have ajp://localhost:8009

then, i have configured the SSL cert only in Apache so all traffic between Apache and Tomcat goes unencrypted (it's localhost, so no purpose). This way i dont have <Connector port="8443" part enabled. Similarly i do not have Connector executor="tomcatThreadPool", im not sure it's needed 

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/46edcf77-0124-4feb-8835-6f8eb015ccee%40googlegroups.com.