...
| Panel |
|---|
<Connector port="8080" protocol="HTTP/1.1" |
| Panel |
|---|
<!-- Define an AJP 1.3 Connector on port 8009 --> |
Once again i found more reasonable not to copy (or symlink) webapps to tomcat appBase dir as suggests dspace official documentation. Instead i'm changin tomcat appBase to point to dspace webapps. Also put tomcat logs with other www/apache logs. Original lines are commented out and my lines marked bold.
| Panel |
|---|
<!-- <Host name="localhost" appBase="webapps" --> |
...
Some lines are omitted from output. Also configure "apache22/extra/httpd-mpm.conf" and "httpd-default.conf" to suit You. Also don't forget apache certificates.
| Panel | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
{HTTP_HOST}%{REQUEST_URI} (. *)/forgot(. *) RewriteRule) https://% ]{HTTP_HOST}%{REQUEST_URI} # CustomLog "\|/usr/
-l /var/log/apache2/dspace.example.com-access-%Y-%m-%d.log 86400" combined ErrorLogcombined
|
4 Install Dspace
| Panel |
|---|
tcsh# mkdir /data/dspace |
...
Open /data/dspace-1.8.1-src-release/dspace/config/dspace.cfg and make Your changes:
| Panel |
|---|
| Code Block |
dspace.dir = /data/dspace
dspace.hostname = dspace.example.com
dspace.baseUrl = [http://dspace.example.com]
dspace.url = ${dspace.baseUrl}/xmlui
dspace.name = Dspace at Example.Com
db.name = postgres
db.url = jdbc:postgresql://localhost:5432/dspacedb
db.driver = org.postgresql.Driver
db.username = dspace
db.password = s0mepw
db.maxconnections = 30
db.maxwait = 5000
db.maxidle = \-1
db.statementpool = true
mail.server = smtp.example.com
mail.server.port = 25
mail.from.address = dspace-noreply@example.com
feedback.recipient = dspace-help@example.com
mail.admin = dspace-help@example.com
alert.recipient = postmaster@example.com
registration.notify = dspace-help@example.com
mail.charset = UTF-8
mail.allowed.referrers = localhost,dspace.example.com
mail.server.disabled = false
default.language = en_US
assetstore.dir = ${dspace.dir}/assetstore
log.init.config = ${dspace.dir}/config/log4j.properties
log.dir = /var/log/apache2/
search.dir = ${dspace.dir}/search
/*/
handle.canonical.prefix = [http://hdl.handle.net/]
handle.prefix = 12345
handle.dir = ${dspace.dir}/handle-server
/*/
upload.max = 536870912
default.locale = en
xmlui.supported.locales = en
xmlui.force.ssl = true
xmlui.user.registration=false
|
Configure LDAP module. As i'm writing its not possible to configure multiple ldap servers in order to achieve failover (eg. ldap://ldapserver1 ldapserver2/?blah?blah).
| Panelcode |
|---|
*tcsh# egrep \-v "#\|"^$ modules/authentication-ldap.cfg * enable = true autoregister = true provider_url = ldaps://myldap.example.com/ id_field = uid object_context = ou=people,dc=example,dc=com search_context = ou=people,dc=example,dc=com email_field = mail surname_field = sn givenname_field = givenName phone_field = telephoneNumber search_scope = 2 search.user = cn=ldap-bind,cn=Users,dc=example,dc=com search.password = s0mepw2 netid_email_domain = @example.com |
As You can see, i'm using LDAPS. We'll be back to it later on.
Following command fetches software from internet in order to build dspace. This soft will be placed under $HOME/.m2/ directory. In my case /root/.m2/. If You want to, You can build dspace as "www" user. I'm doing it as root.
| Panelcode |
|---|
*tcsh# /data/dspace-1.8.1-src-release * *tcsh# mvn package * *tcsh# cd /data/dspace-1.8.1-src-release/dspace/target/dspace-1.8.1-build/ * *tcsh# ant fresh_install* |
As looking from my notes there was an issue with creating PostgreSQL database (PL/pgSQL related). Seems that following helped out. However - i can't verify or confirm it at the moment.
| Panelcode |
|---|
_tcsh# dropdb \-U pgsql dspacedb _ _tcsh# createdb \-U pgsql \-O dspace \-E UNICODE dspacedb _ _tcsh# psql \-h localhost \-U dspace \-f /data/dspace-1.8.1-src-release/dspace/etc/postgres/database_schema.sql dspacedb_ |
And finally set proper permissons:
| Panelcode |
|---|
*tcsh# chown \-R www:www /data/dspace* |
Just in case verify /data/dspace/config/log4j.properties doesn't bug You. Remove unneeded "/" There may be 3 erratic lines like this one:
| Panelcode |
|---|
/var/log/apache2/*/*cocoon.log |
Also verify that /data/dspace/config/modules/authentication.cfg and authentication-ldap.cfg are correct.
Since i like to keep all dspace related things in one place and i have pretty small /usr/local:
| Panelcode |
|---|
*tcsh# mkdir \-p /data/dspace/tc-webinf/work/upload-dir * *tcsh# mkdir \-p /data/dspace/tc-webinf/work/cache-dir * *tcsh# chown \-R www:www /data/dspace/tc-webinf * *tcsh# grep dspace /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties * org.apache.cocoon.uploads.directory=/data/dspace/tc-webinf/work/upload-dir org.apache.cocoon.cache.directory=/data/dspace/tc-webinf/work/cache-dir org.apache.cocoon.work.directory=/data/dspace/tc-webinf/work/ |
Don't forget thisone if You upgraded Your dspace - cocoon may fill /usr/local.
If needed, configure OAI also: /data/dspace/config/oaicat.properties:
| Panelcode |
|---|
/*/ Crosswalks.mods=org.dspace.app.oai.PluginCrosswalk Crosswalks.mets=org.dspace.app.oai.PluginCrosswalk Crosswalks.qdc=org.dspace.app.oai.PluginCrosswalk |
Set up crontabs. PATH is required.
...
Now install certificates required to use LDAPS. Make sure that You have JAVA_HOME set:
| Code Block | |
|---|---|
| |
| Panel | |
| Wiki Markup | *tcsh# set JAVA_HOME=/usr/local/openjdk6* *tcsh# echo $JAVA_HOME* /usr/local/openjdk6 *tcsh# keytool \-import \-file /tmp/myldap-clients.example.com.crt \-alias myldap.example.com \-keystore $JAVA_HOME/jre/lib/security/cacerts* Enter keystore password: 'changeit' <\- by default without '-es\! /*/ Trust this certificate? \[no\]: *yes* Certificate was added to keystore *tcsh# keytool \-list \-keystore $JAVA_HOME/jre/lib/security/cacerts* *tcsh# rm \-f /tmp/olp-wild-clients.example.com.crt* |
5 Handle
If You are using "handle" also, then:
...
Create /usr/local/etc/rc.d/handle with following content. This script runs handle service as "www" user.
| Panel | |||
|---|---|---|---|
|
\ # \!/bin/sh \
PROVIDE: handle \
REQUIRE: NETWORKING tomcat7 \
KEYWORD: shutdown \
handle_server_enable="YES" \
. /etc/rc.subr name="handle_server"
_start"
_stop"
command="/data/dspace/bin/start-handle-server"
handle_server_enable=${handle_server_enable:-"NO"}
"${name}" run_rc_command "$1" |
6 Clean up and daemons startup
| Panelcode |
|---|
*tcsh# cd /data/dspace-1.8.1-src-release * *tcsh# mvn clean * *tcsh# rm \-r /root/.m2* |
Enable all required services at startup - /etc/rc.conf. Once again pay attention to UTF and make sure that "-Xmx" and "-Xms" are at least 512M and both do have same values!
| Panelcode |
|---|
apache22_enable="YES" tomcat7_enable="YES" tomcat7_java_opts="-Xmx512M \-Xms512M \-XX:MaxPermSize=128M \-Dfile.encoding=UTF-8" tomcat7_catalina_log=">> /var/log/apache2/-`date \+%Y-%m-%d`.log 2>&1" tomcat7_catalina_tmpdir="/tmp" handle_server_enable="YES" postgresql_enable="YES" postgresql_data="/data/pgsql" |
| Panelcode |
|---|
*tcsh# sync; sync; reboot* |
7 Final notes
- If You should later on upgrade "openjdk", then You need to import LDAP certificate again - you'll lose it!
- If You should upgrade mod_jk port, then dont forget to uncomment "#LoadModule jk_module.... " line!
- Implement backups and monitoring!
- Implement firewall. If using pf:
| Panel | |
|---|---|
| Wiki Markup | WEB_PORTS="{ 80, 443 }"
2641, 8000 }" \
www
in log quick on $EXT_IF proto tcp from any to port $WEB_PORTS \
dspace handle service
in log quick on $EXT_IF proto tcp from any to port $HANDLE_PORTS |
Maybe You need SSH too, but in general keep blocking.
- Please read carefully dspace documentation.