1) Settings in dspace.cfg or local.cfg:
dspace.server.url = https://dspace.example.org/server
dspace.ui.url = https://dspace.example.org
solr.server = http://localhost:8983/solr
2) Settings in config.prod.yml:
ui:
ssl: false
host: localhost
port: 4000
nameSpace: /
rest:
ssl: true
host: dspace.example.org
port: 443
nameSpace: /server
3) a2enmod proxy_http proxy_html ssl headers
4) a2dissite 000-default default-ssl
5) vi /etc/apache2/sites-available/dspace.conf
ServerName dspace.example.org
Redirect / https://dspace.example.org
ServerName dspace.example.org
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/dspace.example.org.error.log
CustomLog ${APACHE_LOG_DIR}/dspace.example.org.access.log combined
ProxyRequests on
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/dspace.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dspace.example.org/privkey.pem
SSLCompression off
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
AddDefaultCharset Off
Require all granted
ProxyPass /server http://localhost:8080/server
ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
6) a2ensite dspace.conf
7) ufw allow 'OpenSSH'
8) ufw allow 'Apache Full'
9) ufw enable
10) ufw status
11) systemctl restart apache2