...
3 Configuration rollercoaster
Panel |
---|
tcsh# echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab |
...
Panel |
---|
tcsh# ln -s /usr/local/bin/bash /bin/bash |
3.
...
2 Configure PostgreSQL
Panel |
---|
tcsh# echo 'postgresql_enable="YES"' >> /etc/rc.conf tcsh# echo 'postgresql_data="/data/pgsql"' >> /etc/rc.conf tcsh# mkdir /data/pgsql tcsh# chown -R pgsql:pgsql /data/pgsql/ tcsh# /usr/local/etc/rc.d/postgresql initdb |
...
Panel |
---|
tcsh# createdb -U pgsql -O dspace -E UNICODE dspacedb |
3.
...
3 Configure JAVA
Panel |
---|
tcsh# echo "JAVA_HOME=/usr/local/openjdk6/" >> /usr/local/etc/javavm_opts.conf |
...
Panel |
---|
tcsh# echo 'JAVA_OPTS="-Xmx512m -Xms512m"' >> /usr/local/etc/javavm_opts.conf |
3.
...
4 Configure Tomcat
Open file /usr/local/apache-tomcat-7.0/conf/server.xml with Your favorite vi. NB! Pay attention to UTF! Locate relevant lines and update to be:
Panel |
---|
<Connector port="8080" protocol="HTTP/1.1" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" /> |
Panel |
---|
<!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" /> |
Once again i found more reasonable not to copy (or symlink) webapps to tomcat appBase dir as suggests dspace official documentation. Instead i'm changin tomcat appBase to point to dspace webapps. Also put tomcat logs with other www/apache logs. Original lines are commented out and my lines marked bold.
Panel |
---|
<!-- <Host name="localhost" appBase="webapps" --> <Host name="localhost" appBase="/data/dspace/webapps" unpackWARs="true" autoDeploy="true"> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/var/log/apache2" prefix="tomcat_access." suffix=".log" pattern="%h %l %u %t "%r" %s %b" /> |
...
Panel |
---|
tcsh# grep -v "#" /usr/local/etc/apache22/workers.properties worker.list=localhost-worker worker.localhost-worker.port=8009 worker.localhost-worker.host=localhost worker.localhost-worker.type=ajp13 worker.localhost-worker.lbfactor=1 |
3.
...
5 Configure Apache
Some lines are omitted from output. Also configure "apache22/extra/httpd-mpm.conf" and "httpd-default.conf" to suit You. Also don't forget apache certificates.
Panel |
---|
Wiki Markup |
---|
*tcsh# egrep \-v "#\|"^$ /usr/local/etc/apache22/httpd.conf*
/*/
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule jk_module libexec/apache22/mod_jk.so
/*/
ErrorLog "/var/log/apache2/httpd-error.log"
/*/
CustomLog "\|/usr/local/sbin/rotatelogs \-l /var/log/apache2/httpd-access_%Y-%m-%d.log 86400" combined
/*/
Include etc/apache22/extra/httpd-mpm.conf
Include etc/apache22/extra/httpd-default.conf
Include etc/apache22/extra/httpd-ssl.conf
/*/
Include etc/apache22/Includes/*.conf
NameVirtualHost \*:80
<IfModule jk_module>
# relative path to /usr/local
JkWorkersFile etc/apache22/workers.properties
JkShmFile /var/run/jk-runtime-status
JkLogLevel error
JkLogFile /var/log/apache2/mod_jk.log
</IfModule>
<VirtualHost \*:80>
ServerName dspace.example.com
DocumentRoot /usr/local/www/apache22/data
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
</IfModule>
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
RewriteCond [http://%]
{HTTP_HOST}%{REQUEST_URI} (.*)-login(.*) \[OR\]
RewriteCond [http://%]
{HTTP_HOST}%{REQUEST_URI} (.*)/register(.*) \[OR\]
RewriteCond [http://%]
{HTTP_HOST}%{REQUEST_URI} (.*)/forgot(.*)
RewriteRule (.*) [https://%]
{HTTP_HOST}%{REQUEST_URI}
#
CustomLog "\|/usr/local/sbin/rotatelogs \-l /var/log/apache2/dspace.example.com-access-%Y-%m-%d.log 86400" combined
ErrorLog /var/log/apache2/dspace.example.com-error.log
</VirtualHost>
*tcsh# egrep \-v "#\|"^$ /usr/local/etc/apache22/extra/httpd-ssl.conf*
Listen 443
/*/
<VirtualHost \_default_:443>
ServerName dspace.example.com:443
ServerAdmin hostmaster@example.com
DocumentRoot "/usr/local/www/apache22/data"
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
</IfModule>
ErrorLog "\|/usr/local/sbin/rotatelogs /var/log/apache2/https-error-%Y-%m-%d.log 5M"
TransferLog "\|/usr/local/sbin/rotatelogs /var/log/apache2/https-access-%Y-%m-%d.log 86400"
/*/
SSLCertificateFile "/usr/local/etc/apache22/certs/dspace.example.com.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/certs/dspace.example.com.key"
SSLCertificateChainFile "/usr/local/etc/apache22/certs/dspace-bundle.example.com.crt"
/*/
<Directory "/data/dspace/webapps/xmlui">
SSLOptions \+StdEnvVars \+ExportCertData
</Directory>
|
|
...
...
Panel |
---|
Wiki Markup |
---|
dspace.dir = /data/dspace
dspace.hostname = dspace.example.com
dspace.baseUrl = [http://dspace.example.com]
dspace.url = ${dspace.baseUrl}/xmlui
dspace.name = Dspace at Example.Com
db.name = postgres
db.url = jdbc:postgresql://localhost:5432/dspacedb
db.driver = org.postgresql.Driver
db.username = dspace
db.password = s0mepw
db.maxconnections = 30
db.maxwait = 5000
db.maxidle = \-1
db.statementpool = true
mail.server = smtp.example.com
mail.server.port = 25
mail.from.address = dspace-noreply@example.com
feedback.recipient = dspace-help@example.com
mail.admin = dspace-help@example.com
alert.recipient = postmaster@example.com
registration.notify = dspace-help@example.com
mail.charset = UTF-8
mail.allowed.referrers = localhost,dspace.example.com
mail.server.disabled = false
default.language = en_US
assetstore.dir = ${dspace.dir}/assetstore
log.init.config = ${dspace.dir}/config/log4j.properties
log.dir = /var/log/apache2/
search.dir = ${dspace.dir}/search
/*/
handle.canonical.prefix = [http://hdl.handle.net/]
handle.prefix = 12345
handle.dir = ${dspace.dir}/handle-server
/*/
upload.max = 536870912
default.locale = en
xmlui.supported.locales = en
xmlui.force.ssl = true
xmlui.user.registration=false
|
|
...
Panel |
---|
Wiki Markup |
---|
*tcsh# set JAVA_HOME=/usr/local/openjdk6*
*tcsh# echo $JAVA_HOME*
/usr/local/openjdk6
*tcsh# keytool \-import \-file /tmp/myldap-clients.example.com.crt \-alias myldap.example.com \-keystore $JAVA_HOME/jre/lib/security/cacerts*
Enter keystore password: 'changeit' <\- by default without '-es\!
/*/
Trust this certificate? \[no\]: *yes*
Certificate was added to keystore
*tcsh# keytool \-list \-keystore $JAVA_HOME/jre/lib/security/cacerts*
*tcsh# rm \-f /tmp/olp-wild-clients.example.com.crt* |
|
5 Handle
If You are using "handle" also, then:
...
Panel |
---|
Wiki Markup |
---|
\#\!/bin/sh
\#
\# PROVIDE: handle
\# REQUIRE: NETWORKING tomcat7
\# KEYWORD: shutdown
\#
\# handle_server_enable="YES"
\#
. /etc/rc.subr
name="handle_server"
start_cmd="${name}\_start"
stop_cmd="${name}\_stop"
rcvar=`set_rcvar`
command="/data/dspace/bin/start-handle-server"
handle_server_start()
{
if \[ \-x ${command} \]; then
pid="`ps \-axuwww \| grep \-v grep \| grep handle-server \| nawk '{ print $2 }'`"
if \[ "${pid}"X = "X" \]; then
su - www \-c ${command}
else
echo "Handle server is already running."
fi
fi
}
handle_server_stop()
{
pid="`ps \-axuwww \| grep \-v grep \| grep handle-server \| nawk '{ print $2 }'`"
if \[ "${pid}"X \!= "X" \]; then
pid_owner="`ps \-axu \|grep \-v grep \| grep \-w $pid \|nawk '{ print $1 }'`"
if \[ "${pid_owner}" = "www" \]; then
kill \-15 ${pid}
sleep 1
fi
else
echo "Handle server is not running?"
fi
}
\# set defaults
handle_server_enable=${handle_server_enable:-"NO"}
load_rc_config "${name}"
run_rc_command "$1"
|
|
...
6 Clean up and daemons startup
Panel |
---|
tcsh# cd /data/dspace-1.8.1-src-release tcsh# mvn clean tcsh# rm -r /root/.m2 |
...
Panel |
---|
tcsh# sync; sync; reboot |
...
7 Final notes
- If You should later on upgrade "openjdk", then You need to import LDAP certificate again - you'll lose it!
- If You should upgrade mod_jk port, then dont forget to uncomment "#LoadModule jk_module.... " line!
- Implement backups and monitoring!
- Implement firewall. If using pf:
...