Install DSpace-CRIS 7 along with Free SSL and Nginx

-

One of my clients requested a full installation of DSpace-CRIS 7 on his server. below are the steps I followed to deliver his request, you will need about 4GB of RAM to compile DSpace-Angular front-end.

Install prerequisite tools

yum install -y epel-release lsof firewalld wget
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql11-server postgresql11-contrib pgcryptokey11.x86_64
yum -y install git
yum install -y java-11-openjdk*
cd /opt/ 
wget https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.10-bin.tar.gz
wget https://archive.apache.org/dist/maven/maven-3/3.8.2/binaries/apache-maven-3.8.2-bin.tar.gz
wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.50/bin/apache-tomcat-9.0.50.tar.gz
tar -xf apache-ant-*
tar -xf apache-maven-*
tar -xf apache-tomcat-*
rm -rf *.tar.gz 
mv apache-ant-* ant
mv apache-maven-* maven
mv apache-tomcat-* tomcat

Edit Maven to have more RAM during build

edit /opt/maven/bin/mvn

export MAVEN_OPTS=-Xmx1024m

Configure PostgreSQL 11

/usr/pgsql-11/bin/postgresql-11-setup initdb
systemctl enable postgresql-11 --now
sudo -u postgres createuser -U postgres -d -A -P dspace
sudo -u postgres createdb -U postgres --owner=dspace -E UNICODE dspace

edit /var/lib/pgsql/11/data/pg_hba.conf
replace

# IPv4 local connections:
host    all             all             127.0.0.1/32            ident

with

# IPv4 local connections:
host    all             all             127.0.0.1/32            md5

then

systemctl restart postgresql-11 
sudo -u postgres psql dspace -c "CREATE EXTENSION pgcrypto;"

Git and install dspace cris

cd /usr/local/src
# download latest release from here https://github.com/4Science/DSpace/releases
# untar it and rename extracted folder to dspace-parentcd dspace-parent/
cp dspace/config/local.cfg.EXAMPLE .
mv local.cfg.EXAMPLE local.cfg

edit local.cfg and modify to your correct values

dspace.server.url = https://api.dspace.university.edu/server
dspace.ui.url = https://dspace.university.edu
db.password = tLe1Hvxw6Yyld2khiZEcIWmDgkPq2GPe
mkdir /dspace
/opt/maven/bin/mvn package
cd dspace/target/dspace-installer
/opt/ant/bin/ant fresh_install

Edit tomcat configs to enable URI UTF8 support

edit /opt/tomcat/server.xml find <Connector port="8080" .../> and make it look like this line

<Connector port="8080"
              minSpareThreads="25"
              enableLookups="false"
              connectionTimeout="20000"
              disableUploadTimeout="true"
              URIEncoding="UTF-8"/>

Configure tomcat as a service

# Blind copy/paste will work
cat <<EOF > /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINE_BASE=/opt/tomcat
Environment='CATALINE_OPTS=-Xms128M -Xmx765M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.haedless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat

[Install]
WantedBy=multi-user.target
EOF


cp -r /dspace/webapps/server /opt/tomcat/webapps
useradd tomcat
mkdir /dspace/assetstore
chown -hR tomcat:tomcat /opt/tomcat /dspace
systemctl enable tomcat.service --now
# wait 5 mins so that dspace can initialize database after first run
/dspace/bin/dspace create-administrator

Install Solr

cd /usr/local/src
wget https://downloads.apache.org/lucene/solr/8.9.0/solr-8.9.0.tgz
tar -xf solr-*
cd solr-*
./bin/install_solr_service.sh /usr/local/src/solr-*.tgz

Configure dspace and solr

cp -R /dspace/solr/* /var/solr/data/
chown -hR solr:solr /var/solr/data
sudo -u solr /opt/solr/bin/solr restart

Install and configure DSpace Angular frontend

yum -y install centos-release-scl-rh
yum-config-manager --enable rhel-server-rhscl-7-rpms
yum -y install rh-nodejs12
scl enable rh-nodejs12 bash
npm install --global yarn
npm install --global pm2
export PATH="/opt/rh/rh-nodejs12/root/bin:$PATH"

cd /dspace
# download latest release from here https://github.com/4Science/dspace-angular/releases
# untar it and rename extracted folder to dspace-angular
cd dspace-angular
yarn install

edit src/environments/environment.prod.ts

export const environment = {  
  ui: { // Don't change this
      ssl: false,
      host: 'localhost',
      port: 4000,
      nameSpace: '/'
  },
  rest: {
      ssl: true,
      host: 'api.dspace.university.edu',
      port: 443,
      nameSpace: '/server'
  }
};
yarn run build:prod

edit dspace-angular.json

{
    "apps": [
        {
            "name": "dspace-angular",
            "cwd": "/dspace/dspace-angular",
            "script": "/opt/rh/rh-nodejs12/root/bin/yarn",
            "args": "run serve:ssr",
           "interpreter": "none"
        }
    ]
}
pm2 start dspace-angular.json
pm2 startup

Install nginx & certbot

# Blind copy/paste will work
cat <<EOF > /etc/yum.repos.d/nginx.repo 
[nginx-stable]
name=nginx stable repo 
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

yum -y install nginx certbot  python2-certbot-nginx

Nginx vhost config

# Blind copy/paste will work
cat <<EOF > /etc/nginx/conf.d/dspace-frontend.conf
server {
listen 80;
server_name dspace.university.edu;

location ~ / {
proxy_pass http://127.0.0.1:4000;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "";
proxy_set_header Proxy "";
proxy_set_header Referer \$http_referer;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port \$server_port;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Real-IP \$remote_addr;
}

}
EOF

cat <<EOF > /etc/nginx/conf.d/dspace-backend.conf
server {
listen 80;
server_name api.dspace.unversity.edu;

root /opt/tomcat/webapps;
index index.html;


try_files \$uri \$uri/ @proxy;

location ~ /\$ {
try_files \$uri  @proxy;
}

location @proxy {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "";
proxy_set_header Proxy "";
proxy_set_header Referer \$http_referer;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port \$server_port;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Real-IP \$remote_addr;
}

location ~ /\.ht {
deny  all;
}

location ~ error_log {
deny  all;
}


}
EOF

Let nginx handle too big file uploads

edit /etc/nginx/nginx.conf and add this line inside http block

client_max_body_size 0;

Configure Lets Encrypt

certbot --nginx

Configure firewalld to lock-down the server

systemctl enable firewalld --now
firewall-cmd --add-service=http
firewall-cmd --add-service=https
firewall-cmd --runtime-to-permanent

Reference

https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace

Comments

Post a Comment

Popular posts from this blog

Upgrade an Arabic vbulletin 3.x to 5.x and convert it's mysql data from cp1256/latin1 to utf8

-
Image
Back in 2009 internet was full of community forums to the point where every person would install forum and make his own community especially here in Iraq. a lot of communities were powered by vbulletin software and most of them died. however there are some sites that still up today. Last week I was tasked to upgrade one of those sites from vbulletin 3.8 to vbulletin 5.7 . so I grabbed a copy of its database, Started an upgrade simulation and BOOM nothing works as intended. Let me explain a step by step process, first of all the vbulletin 5.7 requires mysql 8.0 to actually work but vbulletin 3.8 won't work on mysql 8.0 because it sets utf-8 chraset on new connections so you have edit vbulletin 3.8 config file located here includes/config.php Uncomment and modify this line as shown below $config['Mysqli']['charset'] = 'latin1'; The above line shall run your vbulletin 3.8 on mysql 8.0 without gibberish characters. Why latin1 ? Si...
Read more

CEPH Bluestore WAL/DB on Software RAID1 for redundancy

-
As you may already know CEPH is not recommended to be installed over hardware/software RAID due to performance issues. but in this scenario and I will quote CEPH documentation : If there is a mix of fast and slow devices (spinning and solid state), it is recommended to place block.db on the faster device while block (data) lives on the slower (spinning drive). https://docs.ceph.com/en/octopus/rados/configuration/bluestore-config-ref/ The block.db/wal if added on faster device (ssd/nvme) and that fast device dies out you will lose all OSDs using that ssd. And based on your used CRUSH rule such event might lose all your data. so the best solution to mitigate such event is to use RAID1 for that fast device holding your block.db/wal data. If you have hardware RAID then it should be an easy task but if you don't have hardware RAID then I used this on one of my implementations:/ # Assuming we have 1TB HDD OSD pvcreate /dev/sdc # change 01 to 02 for your second OSD v...
Read more