All Versions
- DSpace 7.x (Current Release)
- DSpace 8.x (Unreleased)
- DSpace 6.x (EOL)
- DSpace 5.x (EOL)
- More Versions...
...
dspace-7.0-beta5
) or branch.Install all necessary local dependencies by running the following from within the unzipped "dspace-angular" directory
Code Block |
---|
# change directory to our repo cd dspace-angular # install the local dependencies yarn install |
Create a Production Configuration file at [dspace-angular]/src/environment/environment.prod.ts
. You may wish to use the environment.template.ts
as a starting point. This environment.prod.ts
file can be used to override any of the default configurations specified in the environment.common.ts (in that same directory). At a minimum this file MUST include the "ui" and "rest" sections similar to the following (keep in mind, you only need to include settings that you need to modify):
Code Block |
---|
export const environment = { // The "ui" section defines where you want Node.js to run/respond. It may correspond to your public URL, but it also may not (if you are running behind a proxy). // In this example, we are setting up our UI to just use localhost, port 4000. // This is a common setup for when you want to use Apache or Nginx to handle HTTPS and proxy requests to Node on port 4000 ui: { ssl: false, host: '0.0.0.0localhost', port: 4000, // NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript nameSpace: '/' } // This example is valid if your Backend is publicly available at https://api.mydspace.edu/server/ // The REST settings MUST correspond to the public URL of the backend. Usually, this means they must be kept in sync // with the value of "dspace.server.url" in the backend's local.cfg rest: { ssl: true, host: 'api.mydspace.edu', port: 443, // NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript nameSpace: '/server' } }; |
yarn start
" and trying to access it via http://[mydspace.edu]:4000/
from your web browser. KEEP IN MIND, we highly recommend always using HTTPS for Production.environment.common.ts
configuration file you can also copy them into this same file.Build the User Interface for Production. This uses your environment.prod.ts
and the source code to create a compiled version of the UI in the [dspace-angular]/dist
folder
Code Block |
---|
yarn run build:prod |
environment.prod.ts
, then you will need to rebuild the UI application (i.e. rerun this command).Assuming you are using PM2, create a JSON configuration file describing how to run our UI application. This need NOT be in the same directory as the dspace-angular codebase itself (in fact you may want to put the parent directory or another location). Keep in mind the "cwd" setting (on line 5) must be the full path to your [dspace-angular]
folder.
Code Block | ||
---|---|---|
| ||
{ "apps": [ { "name": "dspace-angular", "cwd": "/home/dspace/dspace-angular", "script": "yarn", "args": "run serve:ssr", "interpreter": "none" } ] } |
Now, start the application using PM2 using the configuration file you created in the previous step
Code Block |
---|
# In this example, we are assuming the config is named "dspace-angular.json" pm2 start dspace-angular.json # To see the logs, you'd run # pm2 logs # To stop it, you'd run # pm2 stop dspace-angular.json |
environment.prod.ts
sudo apt install apache2
sudo en2mod proxy; sudo a2enmod proxy_http
Now, setup a new VirtualHost for your site (preferably using HTTPS / port 443) which proxies all requests to PM2 running on port 4000.
Code Block |
---|
<VirtualHost _default_:443> .. setup your host how you want, including log settings... SSLEngine on SSLCertificateFile [full-path-to-PEM-cert] SSLCertificateKeyFile [full-path-to-cert-KEY] # Proxy all HTTPS requests from Apache to PM2 on port 4000 ProxyPass / http://127.0.0.1:4000/ ProxyPassReverse / http://127.0.0.1:4000/ </VirtualHost> |
[dspace-angular]/config/ssl/
folder and add a key.pem
and cert.pem
to that folder (they must have those exact names)...
First, double check that you are seeing that exact error message. A 403 Forbidden
can error may be thrown in a variety of scenarios. ..it could be page that For example, a 403 may be thrown if a page requires a login, if you could have entered an invalid username or password, or you could even be seeing even sometimes when there is a CORS error (see previous installation issue for how to solve that).
If you are seeing the message "Invalid CSRF Token" message (especially on every login), this is usually the result of a configuration / installation setup issue.
Here's some things you should double check:
DSPACE-XSRF-COOKIE
cookie with a value of SameSite=Lax
. This setting means that the cookie will not be sent (by your browser) to any other domains. Effectively, this will block all logins from any domain that is not the same as the REST API (as this cookie will not be sent back to the REST API as required for CSRF validation). In other words, running the REST API on HTTP is only possible if the User Interface is running on the exact same domain. For example, running both on 'localhost' with HTTP is a common development setup, and this will work fine.DSPACE-XSRF-COOKIE
cookie being set to SameSite=None; Secure
. This setting means the cookie will be sent cross domain, but only for HTTPS requests. It also allows the user interface (or other client applications) to be on any domain, provided that the domain is trusted by CORS (see rest.cors.allowed-origins
setting in REST API)dspace.server.url
" configuration on the Backend. This simply ensures your UI is sending requests to the correct REST API. Also pay close attention that both specify HTTPS when necessary (see previous bullet).dspace.server.url
" configuration on the Backend matches the public URL of the REST API (i.e. the URL you see in the browser). This must be an exact match: mode (http vs https), domain, port, and subpath(s) all must match.dspace.ui.url
" configuration on the Backend matches the public URL of your User Interface (i.e. the URL you see in the browser). This must be an exact match: mode (http vs https), domain, port, and subpath(s) all must match....