Page History
...
Info |
---|
This page contains information about how demo6.dspace.org server is setup/configured. This demodemo6.dspace.org server is managed jointly by the DSpace Committer Team. Any Committer can request server access. If major issues occur or something needs to be installed requiring root access, contact Tim Donohue |
...
Here's an overview of how everything is setup on the 'demodemo6.dspace.org' server:
Base Software
...
Contact Tim Donohue if you need any of these tasks performed.
Getting SSH access to
...
demo6.dspace.org
This is how you provide a DSpace Committer with command-line access to this server.
- Have Committer generate an SSH Key on their computer and send you their PUBLIC Key.
- Append their PUBLIC Key on the end of the 'dspace' user's
~/.ssh/authorized_keys
fileNOTE: Please add a comment regarding who's key this is, so that it makes it easier to clean up later on. For example:
Code Block # Tim Donohue's SSH Key ssh-rsa ....
They should now be able to connect as follows:
Code Block ssh dspace@demodspace@demo6.dspace.org
Updating / Upgrading DSpace installation
...
In May/June 2015, we ran into several scenarios where users were logging in as a demo Admin account and promptly changing the email address associated with that account. In order to avoid this, it is HIGHLY recommended to disable editing of email addresses on demodemo6.dspace.org.
Here's how it's done:
In Mirage2, the following jQuery can be added to the ~/dspace-src/dspace-xmlui-mirage2/src/main/webapp/xsl/core/page-structure.xsl:
Code Block <xsl:template name="buildHead"> <head> ... <!-- CUSTOM FOR DEMO.DSPACE.ORG: Don't allow EPerson Emails to be edited, so no one can change default admin acct emails. --> <script type="text/javascript"> jQuery(function() { // Change label for email field in "Edit E-Person" jQuery("label[for='aspect_administrative_eperson_EditEPersonForm_field_email_address']").text("Email Address (editing is disabled on demo.dspace.org)"); // Make email field in "Edit E-Person" READ-ONLY jQuery("#aspect_administrative_eperson_EditEPersonForm_field_email_address").prop("readonly", true); }); </script> </head> </xsl:template>
In JSPUI, the following jQuery can be added to the ~/dspace-src/dspace-jspui/src/main/webapp/layout/header-submission.jsp:
Code Block <head> ... <!-- CUSTOM FOR DEMODEMO6.DSPACE.ORG: Don't allow EPerson Emails to be edited, so no one can change default admin acct emails. --> <script type="text/javascript"> jQuery(function() { // Change label for email field in "Edit E-Person" jQuery("label[for='temail']").text("Email (editing disabled on demodemo6.dspace.org):"); // Make email field in "Edit E-Person" READ-ONLY jQuery("#temail").prop("readonly", true); }); </script> </head>
...
- Tomcat is configured to run on port 8080
- Apache runs on port 80, and forwards all requests to Tomcat via AJP
- DSpace Webapps are run from
~/dspace/webapps/
(configured in Tomcat's context fragments in~/tomcat/conf/Catalina/localhost/
) - The main "splash" page (http://demodemo6.dspace.org) is served by Tomcat and is located at:
~/tomcat/webapps/ROOT/index.html
- Its content is also managed via the GitHub Repository at: https://github.com/DSpace-Labs/demo.dspace.org-site
- Info on updating & pushing to GitHub can be found in the README at https://github.com/DSpace-Labs/demo.dspace.org-site
JavaDocs page
- The JavaDocs pages (http://demodemo6.dspace.org/javadocs/) are static pages served by Tomcat and are located at:
~/tomcat/webapps/javadocs/
- These JavaDocs can be regenerated at any time by running the following (from the root source directory,
[dspace-source]
):mvn javadoc:aggregate
- If you're generating javadoc of a snapshot version of DSpace, the above would fail. Use
mvn install javadoc:aggregate && rm -rf ~/.m2/repository/org/dspace
instead. - The "javadoc:aggregate" command generates a single set of javadocs which aggregate the APIs of all DSpace modules. See http://maven.apache.org/plugins/maven-javadoc-plugin/plugin-info.html
- The resulting javadoc is in
[dspace-source]/target/site/apidocs
. Upload it todspace@demodspace@demo6.dspace.org:/home/dspace/tomcat/webapps/javadocs/[dspace-major-version]/
. - NOTE: We've encountered some oddities with the results when this is run from demodemo6.dspace.org itself (the resulting CSS isn't applied). So, it's recommended to run this command from your local machine.
- It worked fine on 2 machines running Java 6, Maven 2.2.1 and 3.0.3, respectively. It didn't work on demo, which was running Java 7 and Maven 2.2.1.
- Later, it worked fine on demo running Java 8u181 and Maven 3.3.9.
...
Obviously, you can get the latest information on the existing Cron jobs by logging into the demodemo6.dspace.org server and running:
...
- Install a fresh (empty) copy of DSpace on your local server.
- Configure it to have the same handle prefix as demodemo6.dspace.org (handle prefix: 10673) & setup an initial administrative user (ideally 'dspacedemo+admin@gmail.com' which is the Demo Administrator on demodemo6.dspace.org).
Download the existing AIPs from this directory, e.g.
Code Block scp dspace@demodspace@demo6.dspace.org:~/AIP-restore/* .
Use the downloaded AIPs to "restore" content to your local server's empty DSpace, e.g.
Code Block [dspace]/bin/dspace packager -r -a -f -t AIP -e [admin-email] -i 10673/0 /full/path/to/SITE@10673-0.zip
- Update your DSpace's content as you see fit (adding/removing/changing objects)
Export a fresh set of AIPs, by performing a full SITE export e.g.
Code Block [dspace]/bin/dspace packager -d -a -t AIP -e [admin-email] -i 10673/0 -o includeBundles=ORIGINAL,LICENSE -o passwords=true SITE@10673-0.zip
- The above example just exports ORIGINAL & LICENSE bundles into AIPs, and also exports user passwords into AIPs (so that they can also be restored).
Upload those newly updated AIPs to demodemo6.dspace.org, e.g.
Code Block scp . dspace@demodspace@demo6.dspace.org:~/AIP-restore/
- NOTE: Before putting them on demodemo6.dspace.org, you may want to do your own test restore using these AIPs, just to ensure there are no issues.
...
First, copy all the AIPs to a shareable location. Below, we chose
/usr/share/dspace/AIP-restore
folder:Code Block # Create share location sudo mkdir -p /usr/share/dspace/AIP-restore # Manually copy all existing AIPs over there (TODO: This should be automated or synced in future) cd /usr/share/dspace/AIP-restore/ sudo cp ~dspace/AIP-restore/* . sudo chown -R dspace:dspace /usr/share/dspace/AIP-restore/ # Add DSpace to www-data user group (to give Apache read access) sudo usermod -a -G www-data dspace # Give Apache group rights on directory sudo chgrp www-data /usr/share/dspace/AIP-restore/ sudo chmod g+rxs /usr/share/dspace/AIP-restore/
Next, update the Apache configuration for demodemo6.dspace.org to provide access to that shareable location:
Code Block sudo nano /etc/apache2/sites-available/25-demodemo6.dspace.org.conf ## ADD THE FOLLOWING INTO THAT FILE (inside the <VirtualHost>) <VirtualHost *:80> ... # Define path /aip to point at shareable AIP-restore location Alias "/aip" "/usr/share/dspace/AIP-restore" <Directory "/usr/share/dspace/AIP-restore"> # Allow viewing file listing Options Indexes # Don't allow access to README, logs or parent link (..) IndexIgnore README* *.log .. # Allow access to all Order allow,deny Allow from all </Directory> # Don't proxy /aip paths to Tomcat ProxyPass /aip ! ... </VirtualHost>
Reload Apache and test it out:
Code Block sudo service apache2 reload
Assuming everything works, here's a
wget
command that can be used to download the AIPs to a local computerCode Block # This recursively downloads all files (except index.html file) into an "aip" directory wget -r -np -nH -R "index.html*" --execute="robots=off" http://demodemo6.dspace.org/aip/
Reset "News" sections every night
...
Since people have been known to change our demo user passwords on this demodemo6.dspace.org server, we now reset them to the default password every hour.
This functionality is just a simple set of SQL UPDATE commands that are run via the ~/bin/reset-demo-passwords
script.
kompewter IRC bot
Warning |
---|
No longer used/enabled. We've left IRC entirely for Slack. |
The kompewter IRC bot is on the server at ~/kompewter
.
...
Slack / IRC integration bot
Warning |
---|
No longer used/enabled. We've left IRC entirely for Slack. |
As we now have a DSpace Slack setup, this bot integrates our DSpace Slack with IRC (per the below configuration). It allows messages to be sent from Slack to IRC and vice versa.
...
In order to locate potential memory issues in DSpace, we've installed YourKit on demodemo6.dspace.org at ~/yjp/
.
It can be accessed remotely so that we can perform various Java profiling tasks.
...
- Download & Install YourKit Profiler. Put in your open source license key (available to all DSpace Committers).
- Open up YourKit, select "Connect to remote application..." option.
- Point it at "demodemo6.dspace.org:10001" and start doing some profiling!
- If it's not running, start it using ~/yjp/bin/yjp.sh
- If needed, logs are in ~/.yjp/log/
...
Code Block |
---|
# Latest install instructions available at: https://certbot.eff.org/lets-encrypt sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-apache # register and request first certificate, but do not change Apache configuration (we'll do it manually) sudo letsencrypt --apache certonly Enter email address (used for urgent notices and lost key recovery) sysadmin@duraspace.org Which names would you like to activate HTTPS for? [*] demodemo6.dspace.org IMPORTANT NOTES: - If you lose your account credentials, you can recover through e-mails sent to sysadmin@duraspace.org. - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/demodemo6.dspace.org/fullchain.pem. Your cert will expire on 2017-01-04. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal. # replace self-signed certificates with Let's Encrypt certificates sudo vim /etc/apache2/sites-enabled/25-ssl-demodemo6.dspace.org.conf ## SSL directives SSLEngine on # SSLCertificateFile "/etc/ssl/certs/ssl-cert-snakeoil.pem" # SSLCertificateKeyFile "/etc/ssl/private/ssl-cert-snakeoil.key" # SSLCACertificatePath "/etc/ssl/certs" SSLCertificateFile /etc/letsencrypt/live/demodemo6.dspace.org/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/demodemo6.dspace.org/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/demodemo6.dspace.org/fullchain.pem # test renewal (dry run) sudo letsencrypt renew --dry-run --agree-tos # set up renewal from cron sudo vim /etc/cron.d/certbot # /etc/cron.d/certbot: crontab entries for the certbot package # # Upstream recommends attempting renewal twice a day # # Eventually, this will be an opportunity to validate certificates # haven't been revoked, etc. Renewal will only occur if expiration # is within 30 days. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 */12 * * * root test -x /usr/bin/letsencrypt && perl -e 'sleep int(rand(3600))' && letsencrypt -n renew --agree-tos |
...