All Versions
- DSpace 7.x (Current Release)
- DSpace 8.x (Unreleased)
- DSpace 6.x (EOL)
- DSpace 5.x (EOL)
- More Versions...
...
Modifications in [tomcat]/conf/server.xml : You also need to alter Tomcat's default configuration to support searching and browsing of multi-byte UTF-8 correctly. You need to add a configuration option to the <Connector> element in [tomcat]/config/server.xml: URIEncoding="UTF-8"e.g. if you're using the default Tomcat config, it should read:
Code Block | ||
---|---|---|
| ||
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/> |
You may change the port from 8080 by editing it in the file above, and by setting the variable CONNECTOR_PORT in server.xml.
...
Create the DSpace user. This needs to be the same user that Tomcat (or Jetty etc.) will run as. e.g. as root run:
Code Block |
---|
useradd -m dspace |
Zip file. If you downloaded dspace-3.x-release.zip do the following:
Code Block |
---|
unzip dspace-3.x-release.zip |
.gz file. If you downloaded dspace-3.x-release.tar.gz do the following:
Code Block |
---|
gunzip -c dspace-3.x-release.tar.gz | tar -xf - |
.bz2 file. If you downloaded _dspace-3.x-release.tar.bz do the following:
Code Block |
---|
bunzip2 dspace-3.x-release.tar.bz | tar -xf - |
For ease of reference, we will refer to the location of this unzipped version of the DSpace release as [dspace-source] in the remainder of these instructions. After unpacking the file, the user may which to change the ownership of the dspace-3.x-release to the 'dspace' user. (And you may need to change the group).
Create a dspace
database user. This is entirely separate from the dspace
operating-system user created above.
Code Block |
---|
createuser -U postgres -d -A -P dspace |
You will be prompted for the password of the PostgreSQL superuser (postgres
). Then you'll be prompted (twice) for a password for the new dspace
user.
Create a dspace
database, owned by the dspace
PostgreSQL user (you are still logged in at 'root'):
Code Block |
---|
createdb -U dspace -E UNICODE dspace |
You will be prompted for the password of the DSpace database user. (This isn't the same as the dspace user's UNIX password.)
Setting up DSpace to use Oracle is a bit different now. You will need still need to get a copy of the Oracle JDBC driver, but instead of copying it into a lib directory you will need to install it into your local Maven repository. (You'll need to download it first from this location: http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html.) Run the following command (all on one line):
Code Block |
---|
mvn install:install-file -Dfile=ojdbc6.jar -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.3 -Dpackaging=jar -DgeneratePom=true |
You need to compile DSpace with an Oracle driver (ojdbc6.jar) corresponding to your Oracle version - update the version in [dspace-source]/pom.xmlE.g.:
Code Block | ||
---|---|---|
| ||
<dependency> <groupId>com.oracle</groupId> <artifactId>ojdbc6</artifactId> <version>11.2.0.3</version> </dependency> |
Uncomment and edit the Oracle database settings in [dspace-source]/build.properties (see below for more information on the build.properties file):
Code Block |
---|
db.name = oracle db.driver = oracle.jdbc.OracleDriver db.url = jdbc:oracle:thin:@host:port/SID |
Where SID is the SID of your database defined in tnsnames.ora, default Oracle port is 1521.
Alternatively, you can use a full SID definition, e.g.:
Code Block |
---|
db.url = jdbc:oracle:thin:@(description=(address_list=(address=(protocol=TCP)(host=localhost)(port=1521)))(connect_data=(service_name=DSPACE))) |
[dspace-source]/build.properties
. This properties file contains the basic settings necessary to actually build/install DSpace for the first time (see build.properties Configuration for more detail). In particular you'll need to set these properties, examples or defaults are provided in the file:dspace.install.dir
- must be set to the [dspace] (installation) directory (On Windows be sure to use forward slashes for the directory path! For example: "C:/dspace" is a valid path for Windows.)dspace.hostname
- fully-qualified domain name of web server.dspace.baseUrl
- complete URL of this server's DSpace home page but without any context eg. /xmlui, /oai, etc.dspace.name
- "Proper" name of your server, e.g. "My Digital Library".solr.server
- complete URL of the Solr server. DSpace makes use of Solr http://lucene.apache.org/solr/ for indexing purposes. default.language
db.name - postgres or oracle
db.driver
db.url
db.username
- the database password used in the previous stepdb.password
- the database password used in the previous step.mail.server
- fully-qualified domain name of your outgoing mail server.mail.from.address
- the "From:" address to put on email sent by DSpace.mail.feedback.recipient
- mailbox for feedback mail.mail.admin
- mailbox for DSpace site administrator.mail.alert.recipient
- mailbox for server errors/alerts (not essential but very useful!)mail.registration.notify
- mailbox for emails when new users register (optional)
Info |
---|
The "build.properties" file is provided as a convenient method of setting only those configurations necessary to install/upgrade DSpace. Any settings changed in this file, will be automatically copied over to the full "dspace.cfg" file (which is held in It is also worth noting that you may choose to copy/rename the "build.properties" under a different name for different environments (e.g. "development.properties", "test.properties", and "production.properties"). You can choose which properties file you want to build DSpace with by passing a "-Denv" (environment) flag to the "mvn package" command (e.g. "mvn package -Denv=test" would build using "test.properties). See General Configuration section for more details. |
Warning | ||
---|---|---|
| ||
When you edit the "build.properties" file (or a custom *.properties file), take care not to remove or comment out any settings. Doing so, may cause your final "dspace.cfg" file to be misconfigured with regards to that particular setting. Instead, if you wish to remove/disable a particular setting, just clear out its value. For example, if you don't want to be notified of new user registrations, ensure the "mail.registration.notify" setting has no value, e.g.
|
DSpace Directory: Create the directory for the DSpace installation (i.e. [dspace]
). As root (or a user with appropriate permissions), run:
Code Block |
---|
mkdir [dspace] chown dspace [dspace] |
(Assuming the dspace UNIX username.)
Build the Installation Package: As the dspace UNIX user, generate the DSpace installation package.
Code Block |
---|
cd [dspace-source]/dspace/ mvn package |
Info | ||
---|---|---|
| ||
Without any extra arguments, the DSpace installation package is initialized for PostgreSQL. If you want to use Oracle instead, you should build the DSpace installation package as follows: |
Info | ||
---|---|---|
| ||
Without any extra arguments, the DSpace installation package will be initialized using the settings in the
See General Configuration section for more details. |
Install DSpace and Initialize Database: As the dspace UNIX user, initialize the DSpace database and install DSpace to [dspace]_
:
Code Block |
---|
cd [dspace-source]/dspace/target/dspace-[version]-build ant fresh_install |
Info |
---|
To see a complete list of build targets, run: |
Anchor | ||||
---|---|---|---|---|
|
cp -R [dspace]/webapps/* [tomcat]/webapps*
(This will copy all the web applications to Tomcat). cp -R [dspace]/webapps/jspui [tomcat]/webapps*
(This will copy only the jspui web application to Tomcat.)Technique B. Tell your Tomcat/Jetty/Resin installation where to find your DSpace web application(s). As an example, in the <Host>
section of your [tomcat]/conf/server.xml
you could add lines similar to the following (but replace [dspace]
with your installation location):
Code Block | ||
---|---|---|
| ||
<!-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. --> <Host name="localhost" appBase="[dspace]/webapps" .... |
Alternatively...
Code Block | ||
---|---|---|
| ||
<!-- DEFINE A CONTEXT PATH FOR DSpace XML User Interface --> <Context path="/xmlui" docBase="[dspace]/webapps/xmlui" debug="0" reloadable="true" cachingAllowed="false" allowLinking="true"/> <!-- DEFINE A CONTEXT PATH FOR DSpace JSP User Interface --> <Context path="/jspui" docBase="[dspace]/webapps/jspui" debug="0" reloadable="true" cachingAllowed="false" allowLinking="true"/> <!-- DEFINE A CONTEXT PATH FOR DSpace OAI User Interface --> <Context path="/oai" docBase="[dspace]/webapps/oai" debug="0" reloadable="true" cachingAllowed="false" allowLinking="true"/> <!-- DEFINE ADDITIONAL CONTEXT PATHS FOR OTHER DSPACE WEB APPLICATIONS (SOLR, SWORD, LNI, etc.). CHANGE THE VALUE OF "[app]" FOR EACH APPLICATION YOU WISH TO ADD --> <Context path="/[app]" docbase="[dspace]/webapps/[app]" debug="0" reloadable="true" cachingAllowed="false" allowLinking="true"/> |
Administrator Account:Create an initial administrator account:
Code Block |
---|
[dspace]/bin/dspace create-administrator |
http://dspace.myu.edu:8080/jspui
http://dspace.myu.edu:8080/xmlui
http://dspace.myu.edu:8080/oai/request?verb=Identify
(Should return an XML-based response)...
Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:
Code Block |
---|
$JAVA_HOME/bin/keytool -import -noprompt -v -storepass changeit -keystore $CATALINA_BASE/conf/keystore -alias tomcat -file myserver.pem |
Install the CA (Certifying Authority) certificate for the CA that granted your server cert, if necessary. This assumes the server CA certificate is in ca.pem:
Code Block |
---|
$JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias ServerCA -file ca.pem |
Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:
Code Block |
---|
$JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias client1 -file client1.pem |
Now add another Connector tag to your server.xmlTomcat configuration file, like the example below. The parts affecting or specific to SSL are shown in bold. (You may wish to change some details such as the port, pathnames, and keystore password)
Code Block | ||
---|---|---|
| ||
<Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="conf/keystore" keystorePass="changeit" clientAuth="true" - ONLY if using client X.509 certs for authentication! truststoreFile="conf/keystore" trustedstorePass="changeit" /> |
Also, check that the default Connector is set up to redirect "secure" requests to the same port as your SSL connector, e.g.:
Code Block | ||
---|---|---|
| ||
<Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" debug="0" /> |
Create a new key pair under the alias name "tomcat". When generating your key, give the Distinguished Name fields the appropriate values for your server and institution. CN should be the fully-qualified domain name of your server host. Here is an example:
Code Block |
---|
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 \ -keystore $CATALINA_BASE/conf/keystore -storepass changeit -validity 365 \ -dname 'CN=dspace.myuni.edu, OU=MIT Libraries, O=Massachusetts Institute of Technology, L=Cambridge, S=MA, C=US' |
Then, create a CSR (Certificate Signing Request) and send it to your Certifying Authority. They will send you back a signed Server Certificate. This example command creates a CSR in the file tomcat.csr
Code Block |
---|
$JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore \ -storepass changeit \ -certreq -alias tomcat -v -file tomcat.csr |
Before importing the signed certificate, you must have the CA's certificate in your keystore as a trusted certificate. Get their certificate, and import it with a command like this (for the example mitCA.pem):
Code Block |
---|
$JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore \ -storepass changeit \ -import -alias mitCA -trustcacerts -file mitCA.pem |
Finally, when you get the signed certificate from your CA, import it into the keystore with a command like the following example: (cert is in the file signed-cert.pem)
Code Block |
---|
$JAVA_HOME/bin/keytool -keystore $CATALINA_BASE/conf/keystore \ -storepass changeit \ -import -alias tomcat -trustcacerts -file signed-cert.pem |
Since you now have a signed server certificate in your keystore, you can, obviously, skip the next steps of installing a signed server certificate and the server CA's certificate.
Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:
Code Block |
---|
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore \ $CATALINA_BASE/conf/keystore -storepass changeit |
When answering the questions to identify the certificate, be sure to respond to "First and last name" with the fully-qualified domain name of your server (e.g. test-dspace.myuni.edu). The other questions are not important.
Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:
Code Block |
---|
$JAVA_HOME/bin/keytool -import -noprompt -storepass changeit \ -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias client1 \ -file client1.pem |
...