Install DSpace-CRIS 7 along with Free SSL and Nginx

One of my clients requested a full installation of DSpace-CRIS 7 on his server. below are the steps I followed to deliver his request, you will need about 4GB of RAM to compile DSpace-Angular front-end.

Install prerequisite tools

yum install -y epel-release lsof firewalld wget
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql11-server postgresql11-contrib pgcryptokey11.x86_64
yum -y install git
yum install -y java-11-openjdk*
cd /opt/ 
wget https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.10-bin.tar.gz
wget https://archive.apache.org/dist/maven/maven-3/3.8.2/binaries/apache-maven-3.8.2-bin.tar.gz
wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.50/bin/apache-tomcat-9.0.50.tar.gz
tar -xf apache-ant-*
tar -xf apache-maven-*
tar -xf apache-tomcat-*
rm -rf *.tar.gz 
mv apache-ant-* ant
mv apache-maven-* maven
mv apache-tomcat-* tomcat

Edit Maven to have more RAM during build

edit /opt/maven/bin/mvn

export MAVEN_OPTS=-Xmx1024m

Configure PostgreSQL 11

/usr/pgsql-11/bin/postgresql-11-setup initdb
systemctl enable postgresql-11 --now
sudo -u postgres createuser -U postgres -d -A -P dspace
sudo -u postgres createdb -U postgres --owner=dspace -E UNICODE dspace

edit /var/lib/pgsql/11/data/pg_hba.conf
replace

# IPv4 local connections:
host    all             all             127.0.0.1/32            ident

with

# IPv4 local connections:
host    all             all             127.0.0.1/32            md5

then

systemctl restart postgresql-11 
sudo -u postgres psql dspace -c "CREATE EXTENSION pgcrypto;"

Git and install dspace cris

cd /usr/local/src
# download latest release from here https://github.com/4Science/DSpace/releases
# untar it and rename extracted folder to dspace-parentcd dspace-parent/
cp dspace/config/local.cfg.EXAMPLE .
mv local.cfg.EXAMPLE local.cfg

edit local.cfg and modify to your correct values

dspace.server.url = https://api.dspace.university.edu/server
dspace.ui.url = https://dspace.university.edu
db.password = tLe1Hvxw6Yyld2khiZEcIWmDgkPq2GPe
mkdir /dspace
/opt/maven/bin/mvn package
cd dspace/target/dspace-installer
/opt/ant/bin/ant fresh_install

Edit tomcat configs to enable URI UTF8 support

edit /opt/tomcat/server.xml find <Connector port="8080" .../> and make it look like this line

<Connector port="8080"
              minSpareThreads="25"
              enableLookups="false"
              connectionTimeout="20000"
              disableUploadTimeout="true"
              URIEncoding="UTF-8"/>   

Configure tomcat as a service

# Blind copy/paste will work
cat <<EOF > /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINE_BASE=/opt/tomcat
Environment='CATALINE_OPTS=-Xms128M -Xmx765M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.haedless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat

[Install]
WantedBy=multi-user.target
EOF


cp -r /dspace/webapps/server /opt/tomcat/webapps
useradd tomcat
mkdir /dspace/assetstore
chown -hR tomcat:tomcat /opt/tomcat /dspace
systemctl enable tomcat.service --now
# wait 5 mins so that dspace can initialize database after first run
/dspace/bin/dspace create-administrator

Install Solr

cd /usr/local/src
wget https://downloads.apache.org/lucene/solr/8.9.0/solr-8.9.0.tgz
tar -xf solr-*
cd solr-*
./bin/install_solr_service.sh /usr/local/src/solr-*.tgz

Configure dspace and solr

cp -R /dspace/solr/* /var/solr/data/
chown -hR solr:solr /var/solr/data
sudo -u solr /opt/solr/bin/solr restart

Install and configure DSpace Angular frontend

yum -y install centos-release-scl-rh
yum-config-manager --enable rhel-server-rhscl-7-rpms
yum -y install rh-nodejs12
scl enable rh-nodejs12 bash
npm install --global yarn
npm install --global pm2
export PATH="/opt/rh/rh-nodejs12/root/bin:$PATH"

cd /dspace
# download latest release from here https://github.com/4Science/dspace-angular/releases
# untar it and rename extracted folder to dspace-angular
cd dspace-angular
yarn install 

edit src/environments/environment.prod.ts

export const environment = {  
  ui: { // Don't change this
      ssl: false,
      host: 'localhost',
      port: 4000,
      nameSpace: '/'
  },
  rest: {
      ssl: true,
      host: 'api.dspace.university.edu',
      port: 443,
      nameSpace: '/server'
  }
};
yarn run build:prod

edit dspace-angular.json

{
    "apps": [
        {
            "name": "dspace-angular",
            "cwd": "/dspace/dspace-angular",
            "script": "/opt/rh/rh-nodejs12/root/bin/yarn",
            "args": "run serve:ssr",
           "interpreter": "none"
        }
    ]
}
pm2 start dspace-angular.json
pm2 startup

Install nginx & certbot

# Blind copy/paste will work
cat <<EOF > /etc/yum.repos.d/nginx.repo 
[nginx-stable]
name=nginx stable repo 
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

yum -y install nginx certbot  python2-certbot-nginx

Nginx vhost config

# Blind copy/paste will work
cat <<EOF > /etc/nginx/conf.d/dspace-frontend.conf
server {
listen 80;
server_name dspace.university.edu;

location ~ / {
proxy_pass http://127.0.0.1:4000;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "";
proxy_set_header Proxy "";
proxy_set_header Referer \$http_referer;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port \$server_port;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Real-IP \$remote_addr;
}

}
EOF

cat <<EOF > /etc/nginx/conf.d/dspace-backend.conf
server {
listen 80;
server_name api.dspace.unversity.edu;

root /opt/tomcat/webapps;
index index.html;


try_files \$uri \$uri/ @proxy;

location ~ /\$ {
try_files \$uri  @proxy;
}

location @proxy {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "";
proxy_set_header Proxy "";
proxy_set_header Referer \$http_referer;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port \$server_port;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Real-IP \$remote_addr;
}

location ~ /\.ht {
deny  all;
}

location ~ error_log {
deny  all;
}


}
EOF

Let nginx handle too big file uploads

edit /etc/nginx/nginx.conf and add this line inside http block

client_max_body_size 0;

Configure Lets Encrypt

certbot --nginx

Configure firewalld to lock-down the server

systemctl enable firewalld --now
firewall-cmd --add-service=http
firewall-cmd --add-service=https
firewall-cmd --runtime-to-permanent

Reference

https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace


Posted

in

by

Comments

4 responses to “Install DSpace-CRIS 7 along with Free SSL and Nginx”

  1. Rogério Gomes Avatar
    Rogério Gomes

    Hello, I managed to build the package and perform the installation, but the web page only partially goes up, and it keeps loading without leaving the place.

    In the /etc/nginx/conf.d/dspace-backend.conf configuration file

    is the directory correct? root /usr/share/tomcat/webapps;

    1. Mohammed H Avatar

      Hello,

      I noticed the links to tomcat binary and ant binary were returning 404 due to newer version available. can you confirm if you downloaded newer versions in your setup environment or not ?
      I also updated `Install prerequisite tools` links to archived version now to avoid future changes in urls.

      Best regards
      Mohammed H

  2. Rogério Gomes Avatar
    Rogério Gomes

    Hello, In my environment I installed the following versions of binaries:

    apache-tomcat-9.0.53.tar.gz
    apache-ant-1.10.11-bin.tar.gz
    apache-maven-3.8.2-bin.tar.gz

    Atenciosamente, Rogério Gomes

    1. mohammedhdotio Avatar

      those versions shall work fine. however the issue you described seems to be with fronted than its with backend (may be checking console browser will give you a clue).
      if you can contact me by email me[at]mohammedh[dot]io I might able to have closer look at your setup .

Leave a Reply

Your email address will not be published. Required fields are marked *