Page History

...

One of the easiest routes to both running DSpace on standard ports (80 and 443) as well as using HTTPS is to install install Apache HTTPDHTTP Server as your primary HTTP server, and use it to forward requests to Tomcat.

1. Install Install Apache HTTPDHTTP Server alongside your Tomcat instance

2. In your Tomcat's server.xml, ensure that the AJP Connector is UNCOMMENTED.  Usually this runs on port 8009, but you can decide to change the port if you desire

   Code Block
   <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" />

3. Choose how you'd like to redirect requests from Apache HTTPD HTTP Server to Tomcat. There are two primary options (mod_proxy OR mod_jk), just choose ONE. (NOTE: "mod_proxy" is often the easier of the two):
   
   1. OPTION 1: Use "mod_proxy" and "mod_proxy_ajp" Apache modules to redirect requests to Tomcat (via AJP Connector) - RECOMMENDED
      
      1. Install "mod_proxy" and "mod_proxy_ajp" (usually they are installed by default with Apache HTTPDHTTP Server)
      2. Enable both "mod_proxy" and "mod_proxy_ajp" modules. How you do this is often based on your operating system
         
         1. In Debian / Ubuntu, there's an "a2enmod" command that enables Apache 2 modules.  So, you can just run: sudo a2enmod proxy proxy_ajp
         2. In other operating systems, you may need to find the appropriate "LoadModule" configurations (in Apache HTTPDHTTP Server's main config) and uncomment it. You'll then need to restart Apache HTTPDHTTP Server

      3. Create a new Virtual Host in Apache HTTPD HTTP Server to represent your DSpace site. Here's a basic example of a Virtual Host responding to any port 80 requests for "my.dspace.edu":

         Code Block

         <VirtualHost *:80> # Obviously, replace the ServerName with your DSpace site URL ServerName my.dspace.edu ## Apache HTTPDHTTP Server Logging Settings - modify how you see fit ErrorLog ${APACHE_LOG_DIR}/my.dspace.edu-error.log CustomLog ${APACHE_LOG_DIR}/my.dspace.edu-access.log combined # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn # There are many more configurations available for Virtual Hosts, # see the documentation for more details # http://httpd.apache.org/docs/2.4/vhosts/ </VirtualHost>

      4. If you want your site to also respond to SSL requests, you'll need to install and enable "mod_ssl" and create a second Virtual Host to respond to port 443 requests. An example is provided below. But much more details are available in the Apache HTTD HTTP SSL Documentation and the mod_ssl documentation

         Code Block

         <VirtualHost *:443> # Obviously, replace the ServerName with your DSpace site URL ServerName my.dspace.edu # You can have SSL Apache logging settings here too (see the port 80 example above) # Configure your SSL Certificate (you must create one, obviously) # See the "keytool" instructions above for examples of creating this certificate # There are also many good guides on the web for generating SSL certificates for Apache SSLEngine on SSLCertificateChainFile /path/to/your/chainfile.crt SSLCertificateFile /path/to/your/public-cert.crt SSLCertificateKeyFile /path/to/your/private-key.key # More information on SSL configurations can be found in the mod_ssl documentation # http://httpd.apache.org/docs/2.4/mod/mod_ssl.html </VirtualHost>

         Info
         title Extra SSL Configurations for X.509 Client Certificates authentication
         If you are using X.509 Client Certificates for authentication: add these configuration options to the appropriate httpd configuration file, e.g. ssl.conf, and be sure they are in force for the virtual host and namespace locations dedicated to DSpace:  ## SSLVerifyClient can be "optional" or "require" SSLVerifyClient optional SSLVerifyDepth 10 SSLCACertificateFile /path/to/your/client-CA-certificate SSLOptions StdEnvVars ExportCertData

      5. In each of your Apache HTTPD HTTP Virtual Hosts (see above), use "ProxyPass" configurations to configure the redirects from Apache HTTPD HTTP Server to Apache Tomcat. The exact configurations depend on whether you want to redirect ALL requests to Tomcat, or just certain paths. Here's a basic example. But much more information and examples can be found in the mod_proxy documentation

         Code Block

         # These are just examples. THEY LIKELY WILL NEED MODIFICATION. # Again, remember to add these to your EXISTING <VirtualHost> settings <VirtualHost> ... (existing settings) ... # If there's a single path you do NOT want redirected, you can use ! to ignore it # In this case any requests to "/ignored_path" will be handled by Apache HTTPD and NOT forwarded to Tomcat ProxyPass /ignored_path ! # These configurations say: By default, redirect ALL requests to port 8009 # (The port MUST match the port of your Tomcat AJP Connector. By default this usually is 8009) ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ # You may also wish to provide additional "mod_proxy" configurations, # for more examples and details see the documentation at # http://httpd.apache.org/docs/2.4/mod/mod_proxy.html </VirtualHost>

   2. OPTION 2: Alternatively, use "mod_jk" Apache module to redirect requests to Tomcat (via AJP Connector).  For information on configuring mod_jk, please see the Apache Tomcat Connector documentation (specifically the "How To" on using the Tomcat Connector with Apache HTTPDHTTP Server). You may also refer to our wiki guide for installing DSpace with ModJk.
4. Finally, restart your Apache HTTPD webserver HTTP Server and test things out.
   1. If you hit any issues, it is recommended to search around for guides to running Apache HTTPD HTTP Server and Apache Tomcat using either "mod_proxy" or "mod_jk".  DSpace does not require any unique configurations with regards to this redirection from Apache to Tomcat. So, any guides that generally explain how to redirect requests from Apache to Tomcat should also work for DSpace.

...