If you'd like to quickly try out DSpace 7 before a full installation, see Try out DSpace 7 for instructions on a quick install via Docker. |
As of version 7 (and above), the DSpace application is split into a "frontend" (User Interface) and a "backend" (Server API). Most institutions will want to install BOTH. However, you can decide whether to run them on the same machine or separate machines.
We recommend installing the Backend first, as the Frontend requires a valid Backend to run properly.
UNIX-like OS or Microsoft Windows
Java JDK 11 or 17 (OpenJDK or Oracle JDK)
Apache Maven 3.3.x or above (Java build tool)
Maven is necessary in the first stage of the build process to assemble the installation package for your DSpace instance. It gives you the flexibility to customize DSpace using the existing Maven projects found in the [dspace-source]/dspace/modules directory or by adding in your own Maven project to build the installation package for DSpace, and apply any custom interface "overlay" changes. Maven can be downloaded from http://maven.apache.org/download.html It is also provided via many operating system package managers. Configuring a Maven ProxyYou can configure a proxy to use for some or all of your HTTP requests in Maven. The username and password are only required if your proxy requires basic authentication (note that later releases may support storing your passwords in a secured keystore‚ in the meantime, please ensure your settings.xml file (usually ${user.home}/.m2/settings.xml) is secured with permissions appropriate for your operating system). Example:
Apache Ant 1.10.x or later (Java build tool)
Apache Ant is required for the second stage of the build process (deploying/installing the application). First, Maven is used to construct the installer ( Ant can be downloaded from the following location: http://ant.apache.org It is also provided via many operating system package managers. Relational Database (PostgreSQL or Oracle)PostgreSQL 11.x, 12.x or 13.x (with pgcrypto installed)
Oracle 10g or later
Apache Solr 8.x (full-text index/search service)
Solr can be obtained at the Apache Software Foundation site for Lucene and Solr. You may wish to read portions of the quick-start tutorial to make yourself familiar with Solr's layout and operation. Unpack a Solr .tgz or .zip archive in a place where you keep software that is not handled by your operating system's package management tools, and arrange to have it running whenever DSpace is running. You should ensure that Solr's index directories will have plenty of room to grow. You should also ensure that port 8983 is not in use by something else, or configure Solr to use a different port. If you are looking for a good place to put Solr, consider It is not necessary to dedicate a Solr instance to DSpace, if you already have one and want to use it. Simply copy DSpace's cores to a place where they will be discovered by Solr. See below. Servlet Engine (Apache Tomcat 9, Jetty, Caucho Resin or equivalent)
(Optional) IP to City Database for Location-based StatisticsOptionally, if you wish to record the geographic locations of clients in DSpace usage statistics records, you will need to install (and regularly update) one of the following:
Git (code version control)Currently, there is a known bug in DSpace where a third-party Maven Module expects For the time being, you can work around this problem by installing Git locally: https://git-scm.com/downloads |
Create a DSpace operating system user (optional) . As noted in the prerequisites above, Tomcat (or Jetty, etc) must run as an operating system user account that has full read/write access to the DSpace installation directory (i.e. [dspace]
). Either you must ensure the Tomcat owner also owns [dspace]
, OR you can create a new "dspace" user account, and ensure that Tomcat also runs as that account:
useradd -m dspace |
The choice that makes the most sense for you will probably depend on how you installed your servlet container (Tomcat/Jetty/etc). If you installed it from source, you will need to create a user account to run it, and that account can be named anything, e.g. 'dspace'. If you used your operating system's package manager to install the container, then a user account should have been created as part of that process and it will be much easier to use that account than to try to change it.
dspace-7.2
) or branch.Zip file. If you downloaded dspace-7.2.zip do the following:
unzip dspace-7.2.zip |
.gz file. If you downloaded dspace-7.2.tar.gz do the following:
gunzip -c dspace-7.2.tar.gz | tar -xf - |
For ease of reference, we will refer to the location of this unzipped version of the DSpace release as [dspace-source] in the remainder of these instructions. After unpacking the file, the user may wish to change the ownership of the dspace-7.x folder to the "dspace" user. (And you may need to change the group).
Create a dspace
database user (this user can have any name, but we'll assume you name it "dspace"). This is entirely separate from the dspace
operating-system user created above:
createuser --username=postgres --no-superuser --pwprompt dspace |
You will be prompted (twice) for a password for the new dspace
user. Then you'll be prompted for the password of the PostgreSQL superuser (postgres
).
Create a dspace
database, owned by the dspace
PostgreSQL user. Similar to the previous step, this can only be done by a "superuser" account in PostgreSQL (e.g. postgres
):
createdb --username=postgres --owner=dspace --encoding=UNICODE dspace |
You will be prompted for the password of the PostgreSQL superuser (postgres
).
Finally, you MUST enable the pgcrypto extension on your new dspace database. Again, this can only be enabled by a "superuser" account (e.g. postgres
)
# Login to the database as a superuser, and enable the pgcrypto extension on this database psql --username=postgres dspace -c "CREATE EXTENSION pgcrypto;" |
The "CREATE EXTENSION" command should return with no result if it succeeds. If it fails or throws an error, it is likely you are missing the required pgcrypto extension (see Database Prerequisites above).
Alternative method: How to enable pgcrypto via a separate database schema. While the above method of enabling pgcrypto is perfectly fine for the majority of users, there may be some scenarios where a database administrator would prefer to install extensions into a database schema that is separate from the DSpace tables. Developers also may wish to install pgcrypto into a separate schema if they plan to "clean" (recreate) their development database frequently. Keeping extensions in a separate schema from the DSpace tables will ensure developers would NOT have to continually re-enable the extension each time you run a "./dspace database clean
". If you wish to install pgcrypto in a separate schema here's how to do that:
# Login to the database as a superuser psql --username=postgres dspace # Create a new schema in this database named "extensions" (or whatever you want to name it) CREATE SCHEMA extensions; # Enable this extension in this new schema CREATE EXTENSION pgcrypto SCHEMA extensions; # Grant rights to call functions in the extensions schema to your dspace user GRANT USAGE ON SCHEMA extensions TO dspace; # Append "extensions" on the current session's "search_path" (if it doesn't already exist in search_path) # The "search_path" config is the list of schemas that Postgres will use SELECT set_config('search_path',current_setting('search_path') || ',extensions',false) WHERE current_setting('search_path') !~ '(^|,)extensions(,|$)'; # Verify the current session's "search_path" and make sure it's correct SHOW search_path; # Now, update the "dspace" Database to use the same "search_path" (for all future sessions) as we've set for this current session (i.e. via set_config() above) ALTER DATABASE dspace SET search_path FROM CURRENT; |
Setting up DSpace to use Oracle is a bit different now. You will need still need to get a copy of the Oracle JDBC driver, but instead of copying it into a lib directory you will need to install it into your local Maven repository. (You'll need to download it first from this location: http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html.) Run the following command (all on one line):
mvn install:install-file -Dfile=ojdbc6.jar -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4.0 -Dpackaging=jar -DgeneratePom=true |
You need to compile DSpace with an Oracle driver (ojdbc6.jar) corresponding to your Oracle version - update the version in [dspace-source]/pom.xml E.g.:
<dependency> <groupId>com.oracle</groupId> <artifactId>ojdbc6</artifactId> <version>11.2.0.4.0</version> </dependency> |
NOTE: You will need to ensure the proper db.*
settings are specified in your local.cfg
file (see next step), as the defaults for all of these settings assuming a PostgreSQL database backend.
db.url = jdbc:oracle:thin:@host:port/SID # e.g. db.url = jdbc:oracle:thin:@//localhost:1521/xe # NOTE: in db.url, SID is the SID of your database defined in tnsnames.ora # the default Oracle port is 1521 # You may also use a full SID definition, e.g. # db.url = jdbc:oracle:thin:@(description=(address_list=(address=(protocol=TCP)(host=localhost)(port=1521)))(connect_data=(service_name=DSPACE))) # Oracle driver and dialect db.driver = oracle.jdbc.OracleDriver db.dialect = org.hibernate.dialect.Oracle10gDialect # Specify DB username, password and schema to use db.username = db.password = db.schema = ${db.username} # For Oracle, schema is equivalent to the username of your database account, # so this may be set to ${db.username} in most scenarios |
Later, during the Maven build step, don't forget to specify mvn -Ddb.name=oracle package
[dspace-source]/dspace/config/local.cfg
configuration file. You may wish to simply copy the provided [dspace-source]/dspace/config/local.cfg.EXAMPLE
. This local.cfg file can be used to store any configuration changes that you wish to make which are local to your installation (see local.cfg configuration file documentation). ANY setting may be copied into this local.cfg file from the dspace.cfg or any other *.cfg file in order to override the default setting (see note below). For the initial installation of DSpace, there are some key settings you'll likely want to override. Those are provided in the [dspace-source]/dspace/config/local.cfg.EXAMPLE
. (NOTE: Settings followed with an asterisk (*) are highly recommended, while all others are optional during initial installation and may be customized at a later time.)dspace.dir*
- must be set to the [dspace] (installation) directory (NOTE: On Windows be sure to use forward slashes for the directory path! For example: "C:/dspace
" is a valid path for Windows.)dspace.server.url*
- complete URL of this DSpace backend (including port and any subpath). Do not end with '/'. For example: http://localhost:8080/serverdspace.ui.url*
- complete URL of the DSpace frontend (including port and any subpath). REQUIRED for the REST API to fully trust requests from the DSpace frontend. Do not end with '/'. For example: http://localhost:4000dspace.name
- Human-readable, "proper" name of your server, e.g. "My Digital Library".solr.server
* - complete URL of the Solr server. DSpace makes use of Solr for indexing purposes. http://localhost:8983/solr unless you changed the port or installed Solr on some other host.default.language -
Default language for all metadata values (defaults to "en_US")db.url* -
The full JDBC URL to your database (examples are provided in the local.cfg.EXAMPLE
)
db.driver* -
Which database driver to use, based on whether you are using PostgreSQL or Oracle
db.dialect* -
Which database dialect to use, based on whether you are using PostgreSQL or Oracledb.username
* - the database username used in the previous step.db.password
* - the database password used in the previous step.db.schema
* - the database schema to use (examples are provided in the local.cfg.EXAMPLE)mail.server
- fully-qualified domain name of your outgoing mail server.mail.from.address
- the "From:" address to put on email sent by DSpace.mail.feedback.recipient
- mailbox for feedback mail.mail.admin
- mailbox for DSpace site administrator.alert.recipient
- mailbox for server errors/alerts (not essential but very useful!)registration.notify
- mailbox for emails when new users register (optional)
The provided However, you should be aware that ANY configuration can now be copied into your
Individual settings may also be commented out or removed in your See the Configuration Reference section for more details. |
DSpace Directory: Create the directory for the DSpace backend installation (i.e. [dspace]
). As root (or a user with appropriate permissions), run:
mkdir [dspace] chown dspace [dspace] |
(Assuming the dspace UNIX username.)
Build the Installation Package: As the dspace UNIX user, generate the DSpace installation package.
cd [dspace-source] mvn package |
Without any extra arguments, the DSpace installation package is initialized for PostgreSQL. If you want to use Oracle instead, you should build the DSpace installation package as follows: |
Install DSpace Backend: As the dspace UNIX user, install DSpace to [dspace]
:
cd [dspace-source]/dspace/target/dspace-installer ant fresh_install |
To see a complete list of build targets, run: |
Initialize your Database: While this step is optional (as the DSpace database should auto-initialize itself on first startup), it's always good to verify one last time that your database connection is working properly. To initialize the database run:
[dspace]/bin/dspace database migrate |
[dspace]/webapps/server
). You need to deploy this webapp into your Servlet Container (e.g. Tomcat). Generally, there are two options (or techniques) which you could use...either configure Tomcat to find the DSpace "server" webapp, or copy the "server" webapp into Tomcat's own webapps folder.Technique A. Tell your Tomcat/Jetty/Resin installation where to find your DSpace web application(s). As an example, in the directory [tomcat]/conf/Catalina/localhost
you could add files similar to the following (but replace [dspace]
with your installation location):
<?xml version='1.0'?> <Context docBase="[dspace]/webapps/server"/> |
The name of the file (not including the suffix ".xml") will be the name of the context, so for example server.xml
defines the context at http://host:8080/server
. To define the root context (http://host:8080/
), name that context's file ROOT.xml
. Optionally, you can also choose to install the old, deprecated "rest" webapp if you
cp -R [dspace]/webapps/* [tomcat]/webapps*
(This will copy all the web applications to Tomcat). cp -R [dspace]/webapps/server [tomcat]/webapps*
(This will copy only the Server web application to Tomcat.)To define the root context (http://host:8080/
), name that context's directory ROOT
.
[dspace]/webapps/rest
). It is NOT used by the DSpace frontend. So, most users should skip this step.Copy Solr cores: DSpace installation creates a set of four empty Solr cores already configured.
Copy them from [dspace]
/solr to the place where your Solr instance will discover them. For example:
# [solr] is the location where Solr is installed. # NOTE: On Debian systems the configsets may be under /var/solr/data/configsets cp -R [dspace]/solr/* [solr]/server/solr/configsets # Make sure everything is owned by the system user who owns Solr # Usually this is a 'solr' user account # See https://solr.apache.org/guide/8_1/taking-solr-to-production.html#create-the-solr-user chown -R solr:solr [solr]/server/solr/configsets |
Start (or re-start) Solr. For example:
[solr]/bin/solr restart |
You can check the status of Solr and your new DSpace cores by using its administrative web interface. Browse to ${solr.server}
(e.g. http://localhost:8983/solr/)
to see if Solr is running well, then look at the cores by selecting (on the left) Core Admin or using the Core Selector drop list.
${solr.server}/search/select
. It should run an empty query against the "search" core, returning an empty JSON result. If it returns an error, then that means your "search" core is missing or not installed properly.Create an Administrator Account: Create an initial administrator account from the command line:
[dspace]/bin/dspace create-administrator |
sudo apt install apache2
sudo en2mod proxy; sudo a2enmod proxy_ajp
Alternatively, you can choose to use mod_proxy_http to create an http proxy. A separate example is commented out below
For mod_proxy_ajp to communicate with Tomcat, you'll need to enable Tomcat's AJP connector in your Tomcat's server.xml:
<Connector protocol="AJP/1.3" port="8009" redirectPort="8443" URIEncoding="UTF-8" /> |
Now, setup a new VirtualHost for your site (using HTTPS / port 443) which proxies all requests to Tomcat's AJP connector (running on port 8009)
<VirtualHost _default_:443> .. setup your host how you want, including log settings... SSLEngine on SSLCertificateFile [full-path-to-PEM-cert] SSLCertificateKeyFile [full-path-to-cert-KEY] # LetsEncrypt certificates (and possibly others) may require a chain file be specified # in order for the UI / Node.js to validate the HTTPS connection. #SSLCertificateChainFile [full-path-to-chain-file] # Proxy all HTTPS requests to "/server" from Apache to Tomcat via AJP connector ProxyPass /server ajp://localhost:8009/server ProxyPassReverse /server ajp://localhost:8009/server # If you would rather use mod_proxy_http as an http proxy to port 8080 # then use these settings instead #ProxyPass /server http://localhost:8080/server #ProxyPassReverse /server http://localhost:8080/server # When using mod_proxy_http, you need to also ensure the X-Forwarded-Proto header is sent # to tell DSpace it is behind HTTPS, otherwise some URLs may continue to use HTTP # (requires installing/enabling mod_headers) #RequestHeader set X-Forwarded-Proto https </VirtualHost> |
dspace.server.url
) in your local.cfg to match the new URL of your backend. This will require briefly rebooting Tomcat.UNIX-like OS or Microsoft Windows
Node.js (v12.x or v14.x or v16.x)
Yarn (v1.x)
PM2 (or another Process Manager for Node.js apps) (optional, but recommended for Production)
DSpace 7.x Backend (see above)
|
dspace-7.2
) or branch.Install all necessary local dependencies by running the following from within the unzipped "dspace-angular" directory
# change directory to our repo cd dspace-angular # install the local dependencies yarn install |
Create a Production Configuration file at [dspace-angular]/config/config.prod.yml
. You may wish to use the config.example.yml
as a starting point. This config.prod.yml
file can be used to override any of the default configurations listed in the config.example.yml
(in that same directory). At a minimum this file MUST include a "rest" section (and may also include a "ui" section), similar to the following (keep in mind, you only need to include settings that you need to modify).
# The "ui" section defines where you want Node.js to run/respond. It often is a *localhost* (non-public) URL, especially if you are using a Proxy. # In this example, we are setting up our UI to just use localhost, port 4000. # This is a common setup for when you want to use Apache or Nginx to handle HTTPS and proxy requests to Node on port 4000 ui: ssl: false host: localhost port: 4000 nameSpace: / # This example is valid if your Backend is publicly available at https://api.mydspace.edu/server/ # The REST settings MUST correspond to the primary/public URL of the backend. Usually, this means they must be kept in sync # with the value of "dspace.server.url" in the backend's local.cfg rest: ssl: true host: api.mydspace.edu port: 443 nameSpace: /server |
NOTE: In 7.1 or 7.0, this configuration file uses a different syntax and should be created at [dspace-angular]/src/environments/environment.prod.ts
. An example of that older syntax can also be found below:
export const environment = { // The "ui" section defines where you want Node.js to run/respond. It often is a *localhost* (non-public) URL, especially if you are using a Proxy. // In this example, we are setting up our UI to just use localhost, port 4000. // This is a common setup for when you want to use Apache or Nginx to handle HTTPS and proxy requests to Node on port 4000 ui: { ssl: false, host: 'localhost', port: 4000, // NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript nameSpace: '/' }, // This example is valid if your Backend is publicly available at https://api.mydspace.edu/server/ // The REST settings MUST correspond to the primary URL of the backend. Usually, this means they must be kept in sync // with the value of "dspace.server.url" in the backend's local.cfg rest: { ssl: true, host: 'api.mydspace.edu', port: 443, // NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript nameSpace: '/server' } }; |
yarn config:check:rest
. This script will attempt a basic Node.js connection with the REST API configured in your "config.prod.yml" (or "environment.prod.ts" for 7.1 or 7.0) file and validate the response.yarn start
" and trying to access it via http://[mydspace.edu]:4000/
from your web browser. KEEP IN MIND, we highly recommend always using HTTPS for Production.config.example.yml
configuration file you can also copy them into this same file.Build the User Interface for Production. This uses your config.prod.yml
and the source code to create a compiled version of the UI in the [dspace-angular]/dist
folder
yarn run build:prod |
environment.prod.ts
, then you will need to rebuild the UI application (i.e. rerun this"yarn run build:prod" command).Assuming you are using PM2, create a JSON configuration file describing how to run our UI application. This need NOT be in the same directory as the dspace-angular codebase itself (in fact you may want to put the parent directory or another location). Keep in mind the "cwd" setting (on line 5) must be the full path to your [dspace-angular]
folder.
{ "apps": [ { "name": "dspace-angular", "cwd": "/home/dspace/dspace-angular", "script": "yarn", "args": "run serve:ssr", "interpreter": "none" } ] } |
yarn run serve:ssr.
This is the command that starts the app (after it was built using yarn run build:prod
)Now, start the application using PM2 using the configuration file you created in the previous step
# In this example, we are assuming the config is named "dspace-angular.json" pm2 start dspace-angular.json # To see the logs, you'd run # pm2 logs # To stop it, you'd run # pm2 stop dspace-angular.json |
config.prod.yml
yarn start
(which is a simple build & deploy process for the UI). This command might provide a more specific error message to you, if PM2 is not giving enough information back.sudo apt install apache2
sudo en2mod proxy; sudo a2enmod proxy_http
Now, setup a new VirtualHost for your site (preferably using HTTPS / port 443) which proxies all requests to PM2 running on port 4000.
<VirtualHost _default_:443> .. setup your host how you want, including log settings... SSLEngine on SSLCertificateFile [full-path-to-PEM-cert] SSLCertificateKeyFile [full-path-to-cert-KEY] # Proxy all HTTPS requests from Apache to PM2 on port 4000 # NOTE that this proxy URL must match the "ui" settings in your config.prod.yml ProxyPass / http://localhost:4000/ ProxyPassReverse / http://localhost:4000/ </VirtualHost> |
[dspace-angular]/config/ssl/
folder and add a key.pem
and cert.pem
to that folder (they must have those exact names)After a successful installation, you may want to take a closer look at
If you've run into installation problems, you may want to...
See the Troubleshoot an error page, look for the section on "DSpace 7.x". This will provide you hints on locating error messages both in the User Interface (frontend) and in the REST API (backend)
Chances are your User Interface (UI) is throwing an error or receiving an unexpected response from the REST API backend. Since the UI is Javascript based, it runs entirely in your browser. That means the error it's hitting is most easily viewed in your browser (and in fact the error may never appear in log files).
See the Troubleshoot an error page, look for the section on "DSpace 7.x". It has a guide for locating UI error messages in your browser's Developer Tools.
When starting up the User Interface for the first time, you may see an error that looks similar to this...
No _links section found at [rest-api-url] ERROR Error: undefined doesn't contain the link sites at MapSubscriber.project |
This error means that the UI is unable to contact the REST API listed at [rest-api-url]
and/or the response from that [rest-api-url]
is unexpected (as it doesn't contain the "_links" to the endpoints available at that REST API). A valid DSpace [rest-api-url]
will respond with JSON similar to our demo API at https://api7.dspace.org/server/api
In 7.1 and above, there is a
If everything "looks good", you should see a 200 response, and all JSON validity checks should return "true". If you see a different response code, or an error, this means Node.js is unable to communicate with your configured REST API. |
Unfortunately, this is a generic error message which simply says your frontend cannot communicate with your backend. It may be caused by a variety of installation scenarios...these are a few we've discovered so far:
config.*.yml
(or environment.*.ts
for 7.1 or 7.0) configuration file for the User Interface. That configuration section defines which REST API the UI will attempt to use. If the settings do NOT map to a valid DSpace REST API, then you will see this "No _links section found.." error.If you are using a Let's Encrypt style certificate, you may need to modify your backend's Apache settings to also provide a Chain File as follows:
# For example: /etc/letsencrypt/live/[domain]/cert.pem SSLCertificateFile [full-path-to-PEM-cert] # For example: /etc/letsencrypt/live/[domain]/privkey.pem SSLCertificateKeyFile [full-path-to-cert-KEY] # For example: /etc/letsencrypt/live/[domain]/chain.pem SSLCertificateChainFile [full-path-to-chain-file] |
Verify that you can access the REST API from the machine where Node.js is running (i.e. your UI is running). For example try a simple "wget" or "curl" to verify the REST API is returning expected JSON similar to our demo API at https://api7.dspace.org/server/api
# Attempt to access the REST API via HTTPS from command-line on the machine where Node.js is running. # If this fails or throws a SSL cert error, you must fix it. wget https://[rest.host]/server/api |
If none of the above suggestions helped, you may want to look closer at the request logs in your browser (using browser's Dev Tools) and server-side logs, to be sure that the requests from your UI are going where you expect, and see if they appear also on the backend. Tips for finding these logs can be found in the "DSpace 7.x" section of our Troubleshoot an error guide.
When starting up the User Interface for the first time, you may see an error that looks similar to this...
ERROR RangeError: Maximum call stack size exceeded |
This error means that the UI is trying to contact your REST API, but is having issues doing so (possibly because either a proxy or an HTTP→HTTPS redirect is causing issues or a redirect loop).
Double check your "dspace.server.url
" setting in your local.cfg on the backend. Is it the same URL you use in your browser to access the backend? Keep in mind the mode (http vs https), domain, port, and subpath(s) all must match, and it must not end in a trailing slash.
Also double check the "rest" section of your config.*.yml
(or environment.*.ts
for 7.1 or 7.0) configuration file for the User Interface. Make sure it's also pointing to the exact same URL as that "dspace.server.url
" setting. Again, check the mode, domain, port and paths all match exactly.
If you are seeing a CORS error in your browser, this means that you are accessing the REST API via an "untrusted" client application. To fix this error, you must change your REST API / Backend configuration to trust the application.
dspace.ui.url
. Therefore, you should first verify that your dspace.ui.url
setting (in your local.cfg) exactly matches the primary URL of your User Interface (i.e. the URL you see in the browser). This must be an exact match: mode (http vs https), domain, port, and subpath(s) all must match.rest.cors.allowed-origins
configuration. See REST API for details on this configuration.If you modify either of the above settings, you will need to restart Tomcat for the changes to take effect.
First, double check that you are seeing that exact error message. A 403 Forbidden
error may be thrown in a variety of scenarios. For example, a 403 may be thrown if a page requires a login, if you have entered an invalid username or password, or even sometimes when there is a CORS error (see previous installation issue for how to solve that).
If you are seeing the message "Invalid CSRF Token" message (especially on every login), this is usually the result of a configuration / setup issue.
Here's some things you should double check:
DSPACE-XSRF-COOKIE
cookie with a value of SameSite=Lax
. This setting means that the cookie will not be sent (by your browser) to any other domains. Effectively, this will block all logins from any domain that is not the same as the REST API (as this cookie will not be sent back to the REST API as required for CSRF validation). In other words, running the REST API on HTTP is only possible if the User Interface is running on the exact same domain. For example, running both on 'localhost' with HTTP is a common development setup, and this will work fine.DSPACE-XSRF-COOKIE
cookie being set to SameSite=None; Secure
. This setting means the cookie will be sent cross domain, but only for HTTPS requests. It also allows the user interface (or other client applications) to be on any domain, provided that the domain is trusted by CORS (see rest.cors.allowed-origins
setting in REST API)dspace.server.url
" configuration on the Backend. This simply ensures your UI is sending requests to the correct REST API. Also pay close attention that both specify HTTPS when necessary (see previous bullet).dspace.server.url
" configuration on the Backend matches the primary URL of the REST API (i.e. the URL you see in the browser). This must be an exact match: mode (http vs https), domain, port, and subpath(s) all must match, and it must not end in a trailing slash (e.g. "https://api7.dspace.org/server" is valid, but "https://api7.dspace.org/server/" may cause problems).dspace.ui.url
" configuration on the Backend matches the primary URL of your User Interface (i.e. the URL you see in the browser). This must be an exact match: mode (http vs https), domain, port, and subpath(s) all must match, and it must not end in a trailing slash (e.g. "https://demo7.dspace.org" is valid, but "https://demo7.dspace.org/" may cause problems).DSPACE-XSRF-COOKIE
cookie and a matching X-XSRF-TOKEN
header back to the REST API for validation. See our REST Contract for more details https://github.com/DSpace/RestContract/blob/main/csrf-tokens.mdFor additional information on how DSpace's CSRF Protection works, see our REST Contract at https://github.com/DSpace/RestContract/blob/main/csrf-tokens.md
If you setup the backend to use HTTPS with a self-signed SSL certificate, then Node.js (which the frontend runs on) may not "trust" that certificate by default. This will result in the Frontend not being able to make requests to the Backend.
One possible workaround (untested as of yet) is to try setting the NODE_EXTRA_CA_CERTS environment variable (which tells Node.js to trust additional CA certificates).
Another option is to avoid using a self-signed SSL certificate. Instead, create a real, issued SSL certificate using something like Let's Encrypt (or similar free services)
This scenario may occur when you are running the REST API behind an HTTP proxy (e.g. Apache HTTPD's mod_proxy_http
, Ngnix's proxy_pass
or any other proxy that is forwarding from HTTPS to HTTP).
The fix is to ensure the DSpace REST API is sent the X-Forwarded-Proto
header (by your proxying service), telling it that the forwarded protocol is HTTPS
X-Forwarded-Proto: https |
In general, when running behind a proxy, the DSpace REST API depends on accurate X-Forwarded-* headers to be sent by that proxy.
This error occurs when Solr is either not initialized properly, or your DSpace backend is unable to find/communicate with Solr. Here's a few things you should double check:
[solr]/bin/solr restart
), and verify it's accessible via wget or a web browser (usually at a URL like http://localhost:8983/solr)
solr.server
setting (in local.cfg) is correct for your Solr installation. This should correspond to the main URL of your Solr site (usually something like http://localhost:8983/solr
). If you use wget
or a browser from the machine running your DSpace backend, you should get a response from that URL (it should return the Solr Admin UI).${solr.server}/search/select
should run an empty query against the "search" core, returning an empty JSON result.solr.server
is set properly, double check that nothing else could be blocking the DSpace backend from accessing Solr. For instance, if Solr is on a separate machine, verify that there is no firewall or proxy that could be blocking access between the DSpace backend machine and the Solr machine.ant fresh_install
There are two common errors that occur.
If your error looks like this:
[java] 2004-03-25 15:17:07,730 INFO org.dspace.storage.rdbms.InitializeDatabase @ Initializing Database [java] 2004-03-25 15:17:08,816 FATAL org.dspace.storage.rdbms.InitializeDatabase @ Caught exception: [java] org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections. [java] at org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJd bc1Connection.java:204) [java] at org.postgresql.Driver.connect(Driver.java:139) |
it usually means you haven't yet added the relevant configuration parameter to your PostgreSQL configuration (see above), or perhaps you haven't restarted PostgreSQL after making the change. Also, make sure that the db.username and db.password properties are correctly set in [dspace]/config/dspace.cfg. An easy way to check that your DB is working OK over TCP/IP is to try this on the command line:
psql -U dspace -W -h localhost |
Enter the dspace database password, and you should be dropped into the psql tool with a dspace=> prompt.
Another common error looks like this:
[java] 2004-03-25 16:37:16,757 INFO org.dspace.storage.rdbms.InitializeDatabase @ Initializing Database [java] 2004-03-25 16:37:17,139 WARN org.dspace.storage.rdbms.DatabaseManager @ Exception initializing DB pool [java] java.lang.ClassNotFoundException: org.postgresql.Driver [java] at java.net.URLClassLoader$1.run(URLClassLoader.java:198) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at java.net.URLClassLoader.findClass(URLClassLoader.java:186) |
This means that the PostgreSQL JDBC driver is not present in [dspace]/lib. See above.