Versions Compared

Old Version 27

changes.mady.by.user Robin Taylor

Saved on

compared with

New Version Current

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
useradd -m dspace
gzip xzf dspace-3.x-src-release.tar.gz
createuser -U postgres -d -A -P dspace
createdb -U dspace -E UNICODE dspace
cd [dspace-source]
vi build.properties
mkdir [dspace]
chown dspace [dspace]
su - dspace
cd [dspace-source]/dspace
mvn package
cd [dspace-source]/dspace/target/dspace-<version>-build
ant fresh_install
cp -r [dspace]/webapps/* [tomcat]/webapps
/etc/init.d/tomcat start
[dspace]/bin/dspace create-administrator

Hardware Recommendations

You can install and run DSpace on most modern PC, laptop or server hardware. However, if you intend to run DSpace for a large community of potential end users, carefully review following Hardware Recommendations.

Prerequisite Software

The list below describes the third-party components and tools you'll need to run a DSpace server. These are just guidelines. Since DSpace is built on open source, standards-based tools, there are numerous other possibilities and setups.

...

Servlet Engine (Apache Tomcat 5.5 or later, Jetty, Caucho Resin or equivalent)

Note
titleTomcat 7 Version

 If you are using Tomcat 7, we recommend running Tomcat 7.0.30 or above. Tomcat 7.0.29 and lower versions suffer from a memory leak. As a result, those versions of tomcat require an unusual high amount of memory to run DSpace. This has been resolved as of Tomcat 7.0.30. More information can be found in DS-1553

  • Apache Tomcat 5.5 or later. Tomcat can be downloaded from the following location: http://tomcat.apache.org.
    • Note that DSpace will need to run as the
    Apache Tomcat 5.5 or later. Tomcat can be downloaded from the following location: http://tomcat.apache.org.
    • Note that DSpace will need to run as the same user as Tomcat, so you might want to install and run Tomcat as a user called 'dspace'. Set the environment variable TOMCAT_USER appropriately.
    • You need to ensure that Tomcat has a) enough memory to run DSpace and b) uses UTF-8 as its default file encoding for international character support. So ensure in your startup scripts (etc) that the following environment variable is set: JAVA_OPTS="-Xmx512M -Xms64M -Dfile.encoding=UTF-8"

    • Modifications in [tomcat]/conf/server.xml : You also need to alter Tomcat's default configuration to support searching and browsing of multi-byte UTF-8 correctly. You need to add a configuration option to the <Connector> element in [tomcat]/config/server.xml: URIEncoding="UTF-8"e.g. if you're using the default Tomcat config, it should read:

      Code Block
      languagehtml/xml
      <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8080"
              maxThreads="150"
              minSpareThreads="25"
	              maxSpareThreads="75"
              enableLookups="false"
              redirectPort="8443"
	              acceptCount="100"
              connectionTimeout="20000"
	              disableUploadTimeout="true"
              URIEncoding="UTF-8"/>

      You may change the port from 8080 by editing it in the file above, and by setting the variable CONNECTOR_PORT in server.xml.

  • Jetty or Caucho Resin DSpace will also run on an equivalent servlet Engine, such as Jetty (http://www.mortbay.org/jetty/index.html) or Caucho Resin (http://www.caucho.com/). Jetty and Resin are configured for correct handling of UTF-8 by default.

...

  1. Create the DSpace user. This needs to be the same user that Tomcat (or Jetty etc.) will run as. e.g. as root run:

    Code Block
    useradd -m dspace
  2. Download the latest DSpace release. There are two version available with each release of DSpace: (dspace-n.x-release. and dspace-n.x-src-release.zzz); you only need to choose one. If you want a copy of all underlying Java source code, you should download the dspace-n.x-src-release.xxxWithin each version, you have a choice of compressed file format. Choose the one that best fits your environment.
    1. Alternatively, you may choose to check out the latest release from the DSpace GitHub Repository.  In this case, you'd be checking out the full Java source code.  You'd also want to be sure to checkout the appropriate tag or branch. For more information on using / developing from the GitHub Repository, see: Development with Git
  3. Unpack the DSpace software. Unpack the DSpace software. After downloading the software, based on the compression file format, choose one of the following methods to unpack your software:

    1. Zip file. If you downloaded dspace-3.x-release.zip do the following:

      Code Block
      unzip dspace-3.x-release.zip

    2. .gz file. If you downloaded dspace-3.x-release.tar.gz do the following:

      Code Block
      gunzip -c dspace-3.x-release.tar.gz | tar -xf -

    3. .bz2 file. If you downloaded _dspace-3.x-release.tar.bz do the following:

      Code Block
      bunzip2 dspace-3.x-release.tar.bz | tar -xf -

      For ease of reference, we will refer to the location of this unzipped version of the DSpace release as [dspace-source] in the remainder of these instructions. After unpacking the file, the user may which to change the ownership of the dspace-3.x-release to the 'dspace' user. (And you may need to change the group).

  4. Database Setup
    • Also see notes above
    • PostgreSQL:
      • A PostgreSQL JDBC driver is configured as part of the default DSpace build. You no longer need to copy any PostgreSQL jars to get PostgreSQL installed.

      • Create a dspace database user. This is entirely separate from the dspaceoperating-system user created above.

        Code Block
        createuser -U postgres -d -A -P dspace

        You will be prompted for the password of the PostgreSQL superuser (postgres). Then you'll be prompted (twice) for a password for the new dspace user.

      • Create a dspace database, owned by the dspace PostgreSQL user (you are still logged in at 'root'):

        Code Block
        createdb -U dspace -E UNICODE dspace

        You will be prompted for the password of the DSpace database user. (This isn't the same as the dspace user's UNIX password.)

    • Oracle:

      • Setting up DSpace to use Oracle is a bit different now. You will need still need to get a copy of the Oracle JDBC driver, but instead of copying it into a lib directory you will need to install it into your local Maven repository. (You'll need to download it first from this location: http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html.) Run the following command (all on one line):

        Code Block
        mvn install:install-file
    -Dfile=ojdbc6.jar
    -DgroupId=com.oracle
    -DartifactId=ojdbc6
    -Dversion=11.2.0.3.0
    -Dpackaging=jar
    -DgeneratePom=true

      • You need to compile DSpace with an Oracle driver (ojdbc6.jar) corresponding to your Oracle version - update the version in [dspace-source]/pom.xmlE.g.:

        Code Block
        languagehtml/xml
        <dependency>
  <groupId>com.oracle</groupId>
  <artifactId>ojdbc6</artifactId>
  <version>11.2.0.3<3.0</version>
</dependency>
      • Create a database for DSpace. Make sure that the character set is one of the Unicode character sets. DSpace uses UTF-8 natively, and it is required that the Oracle database use the same character set. Create a user account for DSpace (e.g. dspace,) and ensure that it has permissions to add and remove tables in the database.

      • Edit the Uncomment and edit the Oracle database settings in [dspace-source]/dspace/config/dspace.cfgdatabase settings:build.properties (see below for more information on the build.properties file):

        Code Blockcode
        db.name   = oracle
db.driver = oracle.jdbc.OracleDriver
db.url = jdbc:oracle:thin:@host:port/SID

        Where SID is the SID of your database defined in tnsnames.ora, default Oracle port is 1521.
        Alternatively, you can use a full SID definition, e.g.:

        Code Block
        db.url = jdbc:oracle:thin:@(description=(address_list=(address=(protocol=TCP)(host=localhost)(port=1521)))(connect_data=(service_name=DSPACE)))

      • Later, during the Maven build step, don't forget to specify mvn -Ddb.name=oracle package

  5. Initial Configuration: Edit [dspace-source]/build.properties.  This properties file contains the basic settings necessary to actually build/install DSpace for the first time (see build.properties Configuration for more detail).  In particular you'll need to set these properties, examples or defaults are provided in the file:
    • dspace.install.dir - must be set to the [dspace] (installation) directory  (On Windows be sure to use forward slashes for the directory path!  For example: "C:/dspace" is a valid path for Windows.)
    • dspace.hostname - fully-qualified domain name of web server.
    • dspace.baseUrl - complete URL of this server's DSpace home page but without any context eg. /xmlui, /oai, etc.
    • dspace.name - "Proper" name of your server, e.g. "My Digital Library".
    • solr.server - complete URL of the Solr server. DSpace makes use of Solr http://lucene.apache.org/solr/ for indexing purposes.  
    • default.language 
    • db.name - postgres or oracle
    • db.driver
    • db.url
    • db.username - the database password used in the previous step
    • db.password - the database password used in the previous step.
    • mail.server - fully-qualified domain name of your outgoing mail server.
    • mail.from.address - the "From:" address to put on email sent by DSpace.
    • mail.feedback.recipient - mailbox for feedback mail.
    • mail.admin - mailbox for DSpace site administrator.
    • mail.alert.recipient - mailbox for server errors/alerts (not essential but very useful!)

    • mail.registration.notify- mailbox for emails when new users register (optional)

      Info

      The "build.properties" file is provided as a convenient method of setting only those configurations necessary to install/upgrade DSpace. Any settings changed in this file, will be automatically copied over to the full "dspace.cfg" file (which is held in [dspace-source]/dspace/config/dspace.cfg).  Refer to the General Configuration section for a fuller explanation.

      It is also worth noting that you may choose to copy/rename the "build.properties" under a different name for different environments (e.g. "development.properties", "test.properties", and "production.properties").  You can choose which properties file you want to build DSpace with by passing a "-Denv" (environment) flag to the "mvn package" command (e.g. "mvn package -Denv=test" would build using "test.properties).  See General Configuration section for more details.

      Warning
      titleDo not remove or comment out settings in build.properties

      When you edit the "build.properties" file (or a custom *.properties file), take care not to remove or comment out any settings.  Doing so, may cause your final "dspace.cfg" file to be misconfigured with regards to that particular setting.  Instead, if you wish to remove/disable a particular setting, just clear out its value.  For example, if you don't want to be notified of new user registrations, ensure the "mail.registration.notify" setting has no value, e.g.

      mail.registration.notify=

  6. DSpace Directory: Create the directory for the DSpace installation (i.e. [dspace]). As root (or a user with appropriate permissions), run:

    Code Block
    mkdir [dspace]
chown dspace [dspace]

    (Assuming the dspace UNIX username.)

  7. Build the Installation Package: As the dspace UNIX user, generate the DSpace installation package.

    Code Block
    cd [dspace-source]/dspace/
mvn package
    Info
    titleDefaults to PostgreSQL settings

    Without any extra arguments, the DSpace installation package is initialized for PostgreSQL. If you want to use Oracle instead, you should build the DSpace installation package as follows:
    mvn -Ddb.name=oracle package

    Info
    titleDefaults to building installation package with settings from "build.properties"

    Without any extra arguments, the DSpace installation package will be initialized using the settings in the [dspace-source]/build.properties file.  However, if you want it to build using a custom properties file, you may specify the "-Denv" (environment) flag as follows:

    mvn -Denv=test package   (would build the installation package using a custom [dspace-source]/test.properties file)

    mvn -Denv=local package   (would build the installation package using a custom [dspace-source]/local.properties file)

    See General Configuration section for more details.

  8. Install DSpace and Initialize Database: As the dspace UNIX user, initialize the DSpace database and install DSpace to [dspace]_:

    Code Block
    cd [dspace-source]/dspace/target/dspace-[version]-build
ant fresh_install
    Info

    To see a complete list of build targets, run: ant help The most likely thing to go wrong here is the database connection. See the Common Problems Section.

  9. Deploy Web Applications:
    Anchor
    deployment
    deployment
    Please note that in the first instance you should refer to the appropriate documentation for your Web Server of choice, the following instructions are meant as a handy guide. You have two choices or techniques for having Tomcat/Jetty/Resin serve up your web applications:

    • Technique A. Simple and complete. You copy only (or all) of the DSpace Web application(s) you wish to use from the [dspace]/webapps directory to the appropriate directory in your Tomcat/Jetty/Resin installation. For example:
      cp -R [dspace]/webapps/* [tomcat]/webapps* (This will copy all the web applications to Tomcat).
      cp -R [dspace]/webapps/jspui [tomcat]/webapps* (This will copy only the jspui web application to Tomcat.)

    • Technique B. Tell your Tomcat/Jetty/Resin installation where to find your DSpace web application(s). As an example, in the <Host> section of your [tomcat]/conf/server.xml you could add lines similar to the following (but replace [dspace]with your installation location):

      Code Block
      languagehtml/xml
      <!-- Define the default virtual host
	Note:  XML Schema validation will not work with Xerces 2.2.
	-->
	<Host name="localhost"  appBase="[dspace]/webapps"
	....

      Alternatively...

      Code Block
      languagehtml/xml
      <!-- DEFINE A CONTEXT PATH FOR DSpace XML User Interface  -->
<Context path="/xmlui" docBase="[dspace]/webapps/xmlui" debug="0"
	reloadable="true" cachingAllowed="false"
	allowLinking="true"/>

<!-- DEFINE A CONTEXT PATH FOR DSpace JSP User Interface  -->
<Context path="/jspui" docBase="[dspace]/webapps/jspui" debug="0"
	reloadable="true" cachingAllowed="false"
	allowLinking="true"/>

<!-- DEFINE A CONTEXT PATH FOR DSpace OAI User Interface  -->
<Context path="/oai" docBase="[dspace]/webapps/oai" debug="0"
	reloadable="true" cachingAllowed="false"
	allowLinking="true"/>

<!-- DEFINE ADDITIONAL CONTEXT PATHS FOR OTHER DSPACE WEB APPLICATIONS (SOLR, SWORD, LNI, etc.).
     CHANGE THE VALUE OF "[app]" FOR EACH APPLICATION YOU WISH TO ADD -->
<Context path="/[app]" docbase="[dspace]/webapps/[app]" debug="0"
	reloadable="true" cachingAllowed="false"
	allowLinking="true"/>

  10. Administrator Account:Create an initial administrator account:

    Code Block
    [dspace]/bin/dspace create-administrator
  11. Initial Startup!Now the moment of truth! Start up (or restart) Tomcat/Jetty/Resin. Visit the base URL(s) of your server, depending on which DSpace web applications you want to use. You should see the DSpace home page. Congratulations! Base URLs of DSpace Web Applications:

In order to set up some communities and collections, you'll need to login as your DSpace Administrator (which you created with create-administrator above) and access the administration UI in either the JSP or XML user interface.

Advanced Installation

    • Note
      titleTomcat Context Settings in Production

      The above Tomcat Context Settings show adding the following to each <Context> element:

      reloadable="true" cachingAllowed="false"

      These settings are extremely useful to have when you are first getting started with DSpace, as they let you tweak the DSpace XMLUI (XSLTs or CSS) or JSPUI (JSPs) and see your changes get automatically reloaded by Tomcat (without having to restart Tomcat).   However, it is worth noting that the Apache Tomcat documentation recommends Production sites leave the default values in place (reloadable="false" cachingAllowed="true"), as allowing Tomcat to automatically reload all changes may result in "significant runtime overhead". 

      It is entirely up to you whether to keep these Tomcat settings in place.  We just recommend beginning with them, so that you can more easily customize your site without having to require a Tomcat restart.  Smaller DSpace sites may not notice any performance issues with keeping these settings in place in Production.  Larger DSpace sites may wish to ensure that Tomcat performance is more streamlined.

  2. Administrator Account:Create an initial administrator account:

    Code Block
    [dspace]/bin/dspace create-administrator
  3. Initial Startup!Now the moment of truth! Start up (or restart) Tomcat/Jetty/Resin. Visit the base URL(s) of your server, depending on which DSpace web applications you want to use. You should see the DSpace home page. Congratulations! Base URLs of DSpace Web Applications:

In order to set up some communities and collections, you'll need to login as your DSpace Administrator (which you created with create-administrator above) and access the administration UI in either the JSP or XML user interface.

Advanced Installation

The above installation steps are sufficient to set up a test server to play around with, but there are The above installation steps are sufficient to set up a test server to play around with, but there are a few other steps and options you should probably consider before deploying a DSpace production site.

...

A couple of DSpace features require that a script is run regularly – the e-mail subscription feature that alerts users of new items being deposited, and the new 'media filter' tool, that generates thumbnails of images and extracts the full-text of documents for indexing.

To set these up, you just need to run the following command as the dspace UNIX user:

Code Block
crontab -e

Then add the following lines:

Code Block
# Send out subscription e-mails at 01:00 every day
0 1 * * *  [dspace]/bin/dspace sub-daily
# Run the media filter at 02:00 every day
0 2 * * *  [dspace]/bin/dspace filter-media
# Run the checksum checker at 03:00
0 3 * * *  [dspace]/bin/dspace checker -lp
# Mail the results to the sysadmin at 04:00
0 4 * * *  [dspace]/bin/dspace checker-emailer -c

Naturally you should change the frequencies to suit your environment.

PostgreSQL also benefits from regular 'vacuuming', which optimizes the indexes and clears out any deleted data. Become the postgres UNIX user, run crontab -e and add (for example):

Code Block
# Clean up the database nightly at 4.20am
20 4 * * * vacuumdb --analyze dspace > /dev/null 2>&1

In order that statistical reports are generated regularly and thus kept up to date you should set up the following cron jobs:

documents for indexing.

To set these up, you just need to run the following command as the dspace UNIX user:

Code Block
crontab -e

Then add the following lines:

Code Block
# Send out subscription e-mails at 01:00 every day
Code Block
# Run stat analysis
0 1 * * *  [dspace]/bin/dspace stat-generalsub-daily
# Run the media filter at 02:00 every day
0 12 * * *  [dspace]/bin/dspace stat-monthlyfilter-media
# Run the checksum checker at 03:00
0 23 * * *  [dspace]/bin/dspace checker stat-report-general-lp
# Mail the results to the sysadmin at 04:00
0 24 * * *  [dspace]/bin/dspace statchecker-reportemailer -monthlyc

Obviously, Naturally you should choose execution times which are most useful to you, and you should ensure that the report scripts run a short while after the analysis scripts to give them time to complete (a run of around 8 months worth of logs can take around 25 seconds to complete); the resulting reports will let you know how long analysis took and you can adjust your cron times accordingly.change the frequencies to suit your environment.

PostgreSQL also benefits from regular 'vacuuming', which optimizes the indexes and clears out any deleted data. Become the postgres UNIX user, run crontab -e and add (for example):

Code Block
# Clean up the database nightly at 4.20am
20 4 * * * vacuumdb --analyze dspace > /dev/null 2>&1

 

Multilingual Installation

...

  1. For Production use: Follow this procedure to set up SSL on your server. Using a "real" server certificate ensures your users' browsers will accept it without complaints. In the examples below, $CATALINA_BASEis the directory under which your Tomcat is installed.

    1. Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -v -storepass changeit
	-keystore $CATALINA_BASE/conf/keystore -alias tomcat -file
	myserver.pem

    2. Install the CA (Certifying Authority) certificate for the CA that granted your server cert, if necessary. This assumes the server CA certificate is in ca.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -storepass changeit
	-trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias ServerCA
	-file ca.pem

    3. Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -storepass changeit
	-trustcacerts -keystore $CATALINA_BASE/conf/keystore  -alias client1
	-file client1.pem

    4. Now add another Connector tag to your server.xmlTomcat configuration file, like the example below. The parts affecting or specific to SSL are shown in bold. (You may wish to change some details such as the port, pathnames, and keystore password)

      Code Block
      languagehtml/xml
      <Connector port="8443"
               maxThreads="150" minSpareThreads="25"
	              maxSpareThreads="75"
               enableLookups="false"
	              disableUploadTimeout="true"
               acceptCount="100" debug="0"
              scheme="https" secure="true" sslProtocol="TLS"
	              keystoreFile="conf/keystore" keystorePass="changeit" clientAuth="true" - ONLY if using client X.509 certs for authentication!
	              truststoreFile="conf/keystore" trustedstorePass="changeit" />

      Also, check that the default Connector is set up to redirect "secure" requests to the same port as your SSL connector, e.g.:

      code
      Code Block
      languagehtml/xml
      <Connector port="8080"
                 maxThreads="150" minSpareThreads="25"
	              maxSpareThreads="75"
                 enableLookups="false"
	              redirectPort="8443"
                 acceptCount="100" debug="0"  	/>
  2. Quick-and-dirty Procedure for Testing: If you are just setting up a DSpace server for testing, or to experiment with HTTPS, then you don't need to get a real server certificate. You can create a "self-signed" certificate for testing; web browsers will issue warnings before accepting it but they will function exactly the same after that as with a "real" certificate. In the examples below, $CATALINA_BASEis the directory under which your Tomcat is installed.
    1. Optional – ONLY if you don't already have a server certificate. Follow this sub-procedure to request a new, signed server certificate from your Certifying Authority (CA):

      • Create a new key pair under the alias name "tomcat". When generating your key, give the Distinguished Name fields the appropriate values for your server and institution. CN should be the fully-qualified domain name of your server host. Here is an example:

        Code Block
        $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize
	1024 \
  -keystore $CATALINA_BASE/conf/keystore -storepass changeit
	-validity 365 \
  -dname 'CN=dspace.myuni.edu, OU=MIT Libraries, O=Massachusetts
	Institute of Technology, L=Cambridge, S=MA, C=US'

      • Then, create a CSR (Certificate Signing Request) and send it to your Certifying Authority. They will send you back a signed Server Certificate. This example command creates a CSR in the file tomcat.csr.csr

        Code Block
        $JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore \
  -storepass changeit \
  -certreq -alias tomcat -v -file tomcat.csr

      • Before importing the signed certificate, you must have the CA's certificate in your keystore as a trusted certificate. Get their certificate, and import it with a command like this (for the example mitCA.pem):

        Code Block
        $JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore \
	-storepass changeit \
   -certreqimport -alias tomcatmitCA -vtrustcacerts -file tomcatmitCA.csrpem

      • Before importing the signed certificateFinally, when you must have the CA's certificate in your keystore as a trusted certificate. Get their certificate, and import it get the signed certificate from your CA, import it into the keystore with a command like this (for the example mitCAthe following example: (cert is in the file signed-cert.pem):

        Code Block
        $JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore \
	  -storepass changeit \
     -import -alias mitCAtomcat -trustcacerts -file mitCAsigned-cert.pem
        Finally, when you get the signed certificate from your CA, import it into the keystore with a command like the following example: (cert is in the file signed-cert.pem)

        Since you now have a signed server certificate in your keystore, you can, obviously, skip the next steps of installing a signed server certificate and the server CA's certificate.

    2. Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:

      Code Block
      $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore \
  $CATALINA_BASE/conf/keystore
       -storepass changeit
      \ -import -alias tomcat -trustcacerts -file signed-cert.pem

      Since you now have a signed server certificate in your keystore, you can, obviously, skip the next steps of installing a signed server certificate and the server CA's certificate.

      When answering the questions to identify the certificate, be sure to respond to "First and last name" with the fully-qualified domain name of your server (e.g. test-dspace.myuni.edu). The other questions are not important.

    3. Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -genkeynoprompt -alias tomcatstorepass changeit \
  -keyalgtrustcacerts RSA -keystore
	 $CATALINA_BASE/conf/keystore -storepassalias client1 changeit

      When answering the questions to identify the certificate, be sure to respond to "First and last name" with the fully-qualified domain name of your server (e.g. test-dspace.myuni.edu). The other questions are not important.

    4. Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -storepass changeit
	-trustcacerts -keystore $CATALINA_BASE/conf/keystore  -alias client1
	-file client1.pem
    5. Follow the procedure in the section above to add another Connector tag, for the HTTPS port, to your server.xml file.

...

    1. \
  -file client1.pem
    2. Follow the procedure in the section above to add another Connector tag, for the HTTPS port, to your server.xml file.

Using SSL on Apache HTTPD with mod_jk

Warning

When using Apache 2.4.2 (and lower) in front of a DSpace webapp deployed in Tomcat, mod_proxy_ajp and possibly mod_proxy_http breaks the connection to the back end (Tomcat) prematurely leading to response mixups. This is reported as bug CVE-2012-3502 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3502) of Apache and fixed in Apache 2.4.3 (see http://www.apache.org/dist/httpd/CHANGES_2.4). The 2.2.x branch hasn't shown this problem only the 2.4.x branch has.

If you choose Apache HTTPD as your primary HTTP server, you can have it forward requests to the Tomcat servlet container via Apache Jakarta Tomcat Connector. This can be configured to work over SSL as well. First, you must configure Apache for SSL; for Apache 2.0 see Apache SSL/TLS Encryption for information about using mod_ssl.

...

A Handle server runs as a separate process that receives TCP requests from other Handle servers, and issues resolution requests to a global server or servers if a Handle entered locally does not correspond to some local content. The Handle protocol is based on TCP, so it will need to be installed on a server that can broadcast and receive TCP on port 2641. If your DSpace server sits behind a firewall, also ensure that port 2641 is opened on your firewall as well, both for udp and tcp traffic.

  1. To configure your DSpace installation to run the handle server, run the following command:

    Code Block
    [dspace]/bin/dspace make-handle-config [dspace]/handle-server

    Ensure that [dspace]/handle-server matches whatever you have in dspace.cfg for the handle.dir property.

  2. Edit the resulting [dspace]/handle-server/config.dct file to include the following lines in the "server_config"clause:

    Code Block
    "storage_type" = "CUSTOM"
"storage_class" = "org.dspace.handle.HandlePlugin"

    This tells the Handle server to get information about individual Handles from the DSpace code.

  3. Once the configuration file has been generated, you will need to go to http://hdl.handle.net/4263537/5014 to upload the generated sitebndl.zip file. The upload page will ask you for your contact information. An administrator will then create the naming authority/prefix on the root service (known as the Global Handle Registry), and notify you when this has been completed. You will not be able to continue the handle server installation until you receive further information concerning your naming authority.
  4. When CNRI has sent you your naming authority prefix, you will need to edit the config.dct file. The file will be found in /[dspace]/handle-server. Look for "300:0.NA/YOUR_NAMING_AUTHORITY". Replace YOUR_NAMING_AUTHORITY with the assigned naming authority prefix sent to you.

  5. Now start your handle server (as the dspace user):

    Code Block
    [dspace]/bin/start-handle-server

    Note that since the DSpace code manages individual Handles, administrative operations such as Handle creation and modification aren't supported by DSpace's Handle server.

...