Page History

...

Ant can be downloaded from the following location: http://ant.apache.org

Relational Database

...

(PostgreSQL or Oracle)

• PostgreSQL 8.3 to 8.4 PostgreSQL can be downloaded from the following location: http://www.postgresql.org/ . It is highly recommended that you try to work with Postgres 8.4 or greater, however 8.3 should still work. Unicode (specifically UTF-8) support must be enabled. This is enabled by default in 8.0+. Once installed, you need to enable TCP/IP connections (DSpace uses JDBC). In postgresql.conf: uncomment the line starting: listen_addresses = 'localhost'. Then tighten up security a bit by editing pg_hba.conf and adding this line: host dspace dspace 127.0.0.1 255.255.255.255 md5. Then restart PostgreSQL.
• Oracle 10g or greater Details on acquiring Oracle can be downloaded from the following location: http://www.oracle.com/database/. You will need to create a database for DSpace. Make sure that the character set is one of the Unicode character sets. DSpace uses UTF-8 natively, and it is suggested that the Oracle database use the same character set. You will also need to create a user account for DSpace (e.g. dspace) and ensure that it has permissions to add and remove tables in the database. Refer to the Quick Installation for more details.
  • NOTE: If the database server is not on the same machine as DSpace, you must install the Oracle client to the DSpace server and point tnsnames.ora and listener.ora files to the database the Oracle server.
  • NOTE: DSpace uses sequences to generate unique object IDs — beware Oracle sequences, which are said to lose their values when doing a database export/import, say restoring from a backup. Be sure to run the script etc/update-sequences.sql after importing.
  • For people interested in switching from Postgres to Oracle, I know of no tools that would do this automatically. You will need to recreate the community, collection, and eperson structure in the Oracle system, and then use the item export and import tools to move your content over.

Servlet Engine

...

(Apache Tomcat 5.5 or 6, Jetty, Caucho Resin or equivalent).

• Apache Tomcat 5.5 or later. Tomcat can be downloaded from the following location: http://tomcat.apache.org.
  • Note that DSpace will need to run as the same user as Tomcat, so you might want to install and run Tomcat as a user called 'dspace'. Set the environment variable TOMCAT_USER appropriately.
  • You need to ensure that Tomcat has a) enough memory to run DSpace and b) uses UTF-8 as its default file encoding for international character support. So ensure in your startup scripts (etc) that the following environment variable is set: JAVA_OPTS="-Xmx512M -Xms64M -Dfile.encoding=UTF-8"

  • Wiki Markup
    *Modifications in* *_\[tomcat\]/conf/server.xml{_}*: You also need to alter Tomcat's default configuration to support searching and browsing of multi-byte UTF-8 correctly. You need to add a configuration option to the _<Connector>_ element in _\[tomcat\]/config/server.xml_: _URIEncoding="UTF-8"_ e.g. if you're using the default Tomcat config, it should read:

    Code Block
    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>

    You may change the port from 8080 by editing it in the file above, and by setting the variable CONNECTOR_PORT in server.xml.
    
• Jetty or Caucho Resin DSpace will also run on an equivalent servlet Engine, such as Jetty (http://www.mortbay.org/jetty/index.html) or Caucho Resin (http://www.caucho.com/). Jetty and Resin are configured for correct handling of UTF-8 by default.

...

1. Create the DSpace user. This needs to be the same user that Tomcat (or Jetty etc.) will run as. e.g. as root run:

   Code Block
   useradd -m dspace

2. Download the latest DSpace release There are two version available with each release of DSpace: (dspace-1.x-release. and dspace-1.x-src-release.xxx); you only need to choose one. If you want a copy of all underlying Java source code, you should download the dspace-1.x-src-release.xxx Within each version, you have a choice of compressed file format. Choose the one that best fits your environment.
3. Unpack the DSpace software. After downloading the software, based on the compression file format, choose one of the following methods to unpack your software:
   1. Zip file. If you downloaded dspace-1.8-release.zip do the following:

      Code Block
      unzip dspace-1.8-release.zip

   2. .gz file. If you downloaded dspace-1.8-release.tar.gz do the following:

      Code Block
      gunzip -c dspace-1.8-release.tar.gz | tar -xf -

   3. .bz2 file. If you downloaded _dspace-1.8-release.tar.bz2_do the following:

      Code Block
      bunzip2 dspace-1.8-release.tar.bz | tar -xf -

      Wiki Markup
      For ease of reference, we will refer to the location of this unzipped version of the DSpace release as _\[dspace-source\]_ in the remainder of these instructions. After unpacking the file, the user may which to change the ownership of the _dspace-1.6-release_ to the 'dspace' user. (And you may need to change the group).

4. Database Setup
   • Also see notes above
   • PostgreSQL:
     • A PostgreSQL JDBC driver is configured as part of the default DSpace build. You no longer need to copy any PostgreSQL jars to get PostgreSQL installed.
     • Create a dspace database user. This is entirely separate from the dspace operating-system user created above.

       Code Block
       createuser -U postgres -d -A -P dspace

       You will be prompted for the password of the PostgreSQL superuser (postgres). Then you'll be prompted (twice) for a password for the new dspace user.
     • Create a dspace database, owned by the dspace PostgreSQL user (you are still logged in at 'root'):

       Code Block
       createdb -U dspace -E UNICODE dspace

       You will be prompted for the password of the DSpace database user. (This isn't the same as the dspace user's UNIX password.)
   • Oracle:
     • Setting up DSpace to use Oracle is a bit different now. You will need still need to get a copy of the Oracle JDBC driver, but instead of copying it into the lib directory you will need to install it into your local Maven repository. (You'll need to download it first from this location: http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html.) Run the following command (all on one line):

       Code Block
       mvn install:install-file -Dfile=ojdbc6.jar -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.2.0 -Dpackaging=jar -DgeneratePom=true

     • Wiki Markup
       You need to compile DSpace with an Oracle driver (ojdbc6.jar) corresponding to your Oracle version - update the version in _\[dspace-source\]/pom.xml_ E.g.:

       Code Block
       <dependency> <groupId>com.oracle</groupId> <artifactId>ojdbc6</artifactId> <version>11.2.0.3</version> </dependency>

     • Create a database for DSpace. Make sure that the character set is one of the Unicode character sets. DSpace uses UTF-8 natively, and it is required that the Oracle database use the same character set. Create a user account for DSpace (e.g. dspace,) and ensure that it has permissions to add and remove tables in the database.

     • Wiki Markup
       Edit the _\[dspace-source\]/dspace/config/dspace.cfg_ database settings:

       Code Block
       db.name = oracle db.driver = oracle.jdbc.OracleDriver db.url = jdbc:oracle:thin:@host:port/SID

       Where SID is the SID of your database defined in tnsnames.ora, default Oracle port is 1521.
       Alternatively, you can use a full SID definition, e.g.:

       Code Block
       db.url = jdbc:oracle:thin:@(description=(address_list=(address=(protocol=TCP)(host=localhost)(port=1521)))(connect_data=(service_name=DSPACE)))

       Also set the username and password of the database you created in step 3:

       Code Block
       db.username = your_oracle_username db.password = your_oracle_password

5. Wiki Markup
   *Initial Configuration:* Edit {{\[dspace-source\]/dspace/config/dspace.cfg}}, in particular you'll need to set these properties:

   • Wiki Markup
     {{dspace.dir}} \- must be set to the _\[dspace\]_ (installation) directory.

   • dspace.url - complete URL of this server's DSpace home page.
   • dspace.hostname - fully-qualified domain name of web server.
   • dspace.name - "Proper" name of your server, e.g. "My Digital Library".
   • db.password - the database password you entered in the previous step.
   • mail.server - fully-qualified domain name of your outgoing mail server.
   • mail.from.address - the "From:" address to put on email sent by DSpace.
   • feedback.recipient - mailbox for feedback mail.
   • mail.admin - mailbox for DSpace site administrator.
   • alert.recipient - mailbox for server errors/alerts (not essential but very useful!)
   • registration.notify - mailbox for emails when new users register (optional)

     Info
     You can interpolate the value of one configuration variable in the value of another one. For example, to set feedback.recipient to the same value as mail.admin, the line would look like: feedback.recipient = ${mail.admin} Refer to the General Configuration section for details and examples of the above.

6. Wiki Markup
   *DSpace Directory:* Create the directory for the DSpace installation (i.e. {{\[dspace\]}}). As _root_ (or a user with appropriate permissions), run:

   Code Block
   mkdir [dspace] chown dspace [dspace]

   (Assuming the dspace UNIX username.)
7. Installation Package: As the dspace UNIX user, generate the DSpace installation package.

   Code Block
   cd [dspace-source]/dspace/ mvn package

   Info
   title Defaults to PostgreSQL settings
   Without any extra arguments, the DSpace installation package is initialized for PostgreSQL. If you want to use Oracle instead, you should build the DSpace installation package as follows: mvn -Ddb.name=oracle package

8. Wiki Markup
   *Build DSpace and Initialize Database:* As the _dspace_ UNIX user, initialize the DSpace database and install DSpace to {{\[dspace\]\_}}:

   Code Block
   cd [dspace-source]/dspace/target/dspace-[version]-build ant fresh_install

   Info
   To see a complete list of build targets, run: ant help The most likely thing to go wrong here is the database connection. See the Common Problems Section.

9. Deploy Web Applications:

   Anchor
   deployment deployment

   You have two choices or techniques for having Tomcat/Jetty/Resin serve up your web applications:

   • Wiki Markup

     _Technique A._ Simple and complete. You copy only (or all) of the DSpace Web application(s) you wish to use from the \[dspace\]/webapps directory to the appropriate directory in your Tomcat/Jetty/Resin installation. For example: \\ {{cp \-R \[dspace\]/webapps/\* \[tomcat\]/webapps\*}} (This will copy all the web applications to Tomcat). \\ {{cp \-R \[dspace\]/webapps/jspui \[tomcat\]/webapps\*}} (This will copy only the jspui web application to Tomcat.)

   • Wiki Markup
     _Technique B._ Tell your Tomcat/Jetty/Resin installation where to find your DSpace web application(s). As an example, in the {{<Host>}} section of your {{\[tomcat\]/conf/server.xml\}} you could add lines similar to the following (but replace {{\[dspace\]}} with your installation location):

     Code Block
     <!-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. --> <Host name="localhost" appBase="[dspace]/webapps" ....

10. Administrator Account: Create an initial administrator account:

    Code Block
    [dspace]/bin/dspace create-administrator

11. Initial Startup! Now the moment of truth! Start up (or restart) Tomcat/Jetty/Resin. Visit the base URL(s) of your server, depending on which DSpace web applications you want to use. You should see the DSpace home page. Congratulations! Base URLs of DSpace Web Applications:
    • JSP User Interface - (e.g.) http://dspace.myu.edu:8080/jspui
    • XML User Interface (aka. Manakin) - (e.g.) http://dspace.myu.edu:8080/xmlui
    • OAI-PMH Interface - (e.g.) http://dspace.myu.edu:8080/oai/request?verb=Identify (Should return an XML-based response)

...

The following sections show how to set up the most commonly-used Java Servlet containers to support HTTP over SSL.

...

Enabling the HTTPS support in Tomcat 5.0

...

1. For Production use: Follow this procedure to set up SSL on your server. Using a "real" server certificate ensures your users' browsers will accept it without complaints. In the examples below, $CATALINA_BASE is the directory under which your Tomcat is installed.
   1. Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -v -storepass changeit -keystore $CATALINA_BASE/conf/keystore -alias tomcat -file myserver.pem

   2. Install the CA (Certifying Authority) certificate for the CA that granted your server cert, if necessary. This assumes the server CA certificate is in ca.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias ServerCA -file ca.pem

   3. Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias client1 -file client1.pem

   4. Now add another Connector tag to your server.xml Tomcat configuration file, like the example below. The parts affecting or specific to SSL are shown in bold. (You may wish to change some details such as the port, pathnames, and keystore password)

      Code Block
      <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="conf/keystore" keystorePass="changeit" clientAuth="true" - ONLY if using client X.509 certs for authentication! truststoreFile="conf/keystore" trustedstorePass="changeit" />

      Also, check that the default Connector is set up to redirect "secure" requests to the same port as your SSL connector, e.g.:

      Code Block
      <Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" debug="0" />

2. Quick-and-dirty Procedure for Testing: If you are just setting up a DSpace server for testing, or to experiment with HTTPS, then you don't need to get a real server certificate. You can create a "self-signed" certificate for testing; web browsers will issue warnings before accepting it but they will function exactly the same after that as with a "real" certificate. In the examples below, $CATALINA_BASE is the directory under which your Tomcat is installed.
   1. Optional – ONLY if you don't already have a server certificate. Follow this sub-procedure to request a new, signed server certificate from your Certifying Authority (CA):
      • Create a new key pair under the alias name "tomcat". When generating your key, give the Distinguished Name fields the appropriate values for your server and institution. CN should be the fully-qualified domain name of your server host. Here is an example:

        Code Block
        $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 \ -keystore $CATALINA_BASE/conf/keystore -storepass changeit -validity 365 \ -dname 'CN=dspace.myuni.edu, OU=MIT Libraries, O=Massachusetts Institute of Technology, L=Cambridge, S=MA, C=US'

      • Then, create a CSR (Certificate Signing Request) and send it to your Certifying Authority. They will send you back a signed Server Certificate. This example command creates a CSR in the file tomcat.csr

        Code Block
        $JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore -storepass changeit \ -certreq -alias tomcat -v -file tomcat.csr

      • Before importing the signed certificate, you must have the CA's certificate in your keystore as a trusted certificate. Get their certificate, and import it with a command like this (for the example mitCA.pem):

        Code Block
        $JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore -storepass changeit \ -import -alias mitCA -trustcacerts -file mitCA.pem

      • Finally, when you get the signed certificate from your CA, import it into the keystore with a command like the following example: (cert is in the file signed-cert.pem)

        Code Block
        $JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore -storepass changeit \ -import -alias tomcat -trustcacerts -file signed-cert.pem

        Since you now have a signed server certificate in your keystore, you can, obviously, skip the next steps of installing a signed server certificate and the server CA's certificate.
   2. Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:

      Code Block
      $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore $CATALINA_BASE/conf/keystore -storepass changeit

      When answering the questions to identify the certificate, be sure to respond to "First and last name" with the fully-qualified domain name of your server (e.g. test-dspace.myuni.edu). The other questions are not important.
   3. Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:

      Code Block
      $JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias client1 -file client1.pem

   4. Follow the procedure in the section above to add another Connector tag, for the HTTPS port, to your server.xml file.

...

Using SSL on Apache HTTPD with mod_jk

...

If you choose Apache HTTPD as your primary HTTP server, you can have it forward requests to the Tomcat servlet container via Apache Jakarta Tomcat Connector. This can be configured to work over SSL as well. First, you must configure Apache for SSL; for Apache 2.0 see Apache SSL/TLS Encryption for information about using mod_ssl.

...