Table of Contents |
---|
1 Before we start
- Tomcat runs as "www" by default and i found a bit easier to run dspace under "www" user too. If You decided to create "dspace" user then pay attention to filesystem permissions. Using "www" may not be good idea when server is accessible by any other user(s) than system administrator(s).
- If You like to run dspace on port 80/443, you'll need Apache web server. Tomcat itself uses on ports somewhere 8000 ... 9000.
- Since dspace does not come from ports, there's no exact or good place for it. Think something out. Solaris often uses "/opt" or "/export". You may create those mountpoints. I thougt that "/data" is fine to put most of dspace related stuff there. You can create mountpoint "/dspace" but i don't think it's a good idea to put dspace software directly to mointpoint. I's better to have dspace in some kind sub-directory (eg /mntpnt/dspace ). Also avoid construction like /dspace/dspace, which is just confusing.
- I decided to create slices like that:
...
- NB! Be extremely careful if using copy-paste! Also note that wiki page may eat some specific chars.
2 Required sofware
Install them in that order. You can find them from /usr/ports.
Panel |
---|
lang/perl5.14
|
3 Configuration rollercoaster
3.1 Configure system
Panel |
---|
tcsh# echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab |
...
Panel |
---|
tcsh# grep AllowGroups /etc/ssh/sshd_config tcsh# mkdir /var/log/apache2 |
Several scripts from dspace are using "/bin/bash". To make them happy:
Panel |
---|
tcsh# ln -s /usr/local/bin/bash /bin/bash |
3.
...
2 Configure PostgreSQL
Panel |
---|
tcsh# echo 'postgresql_enable="YES"' >> /etc/rc.conf |
...
Panel |
---|
tcsh# createdb -U pgsql -O dspace -E UNICODE dspacedb |
3.
...
3 Configure JAVA
Panel |
---|
tcsh# echo "JAVA_HOME=/usr/local/openjdk6/" >> /usr/local/etc/javavm_opts.conf |
...
Panel |
---|
tcsh# echo 'JAVA_OPTS="-Xmx512m -Xms512m"' >> /usr/local/etc/javavm_opts.conf |
3.
...
4 Configure Tomcat
Open file /usr/local/apache-tomcat-7.0/conf/server.xml with Your favorite vi. NB! Pay attention to UTF! Locate relevant lines and update to be:
Panel |
---|
<Connector port="8080" protocol="HTTP/1.1" |
Panel |
---|
<!-- Define an AJP 1.3 Connector on port 8009 --> |
Once again i found more reasonable not to copy (or symlink) webapps to tomcat appBase dir as suggests dspace official documentation. Instead i'm changin tomcat appBase to point to dspace webapps. Also put tomcat logs with other www/apache logs. Original lines are commented out and my lines marked bold.
Panel |
---|
<!-- <Host name="localhost" appBase="webapps" --> |
...
Panel |
---|
tcsh# grep -v "#" /usr/local/etc/apache22/workers.properties |
3.
...
5 Configure Apache
Some lines are omitted from output. Also configure "apache22/extra/httpd-mpm.conf" and "httpd-default.conf" to suit You. Also don't forget apache certificates.
Panel | |
---|---|
Wiki Markup | tcsh# egrep -v "#|"^$ /usr/local/etc/apache22/httpd.conf *
rewrite_module libexec/apache22/mod_rewrite.so
jk_ module module libexec/apache22/mod_jk.so
"/var/log/apache2/httpd-error.log"
-l /var/log/apache2/httpd-access_%Y-%m-%d.log 86400" combined
etc/apache22/extra/httpd-mpm.conf
etc/apache22/extra/httpd-default.conf
etc/apache22/extra/httpd-ssl.conf
etc/apache22/Includes/*.conf
*:80
jk_module> # relative path to
*:80>
dspace.example.com DocumentRoot
(.*)-login(.*) \[[OR \] RewriteCond] (.*)/register(.*) \[OR \] RewriteCond] (.*)/forgot(.*) RewriteRule https://%{HTTP_HOST}%{REQUEST_URI} # CustomLog "\|
-l /var/log/apache2/dspace.example.com-access-%Y-%m-%d.log 86400" combined ErrorLogcombined
tcsh# egrep \-v "# \|"^$ /usr/local/etc/apache22/extra/httpd-ssl.conf *
443
_default_:443>
dspace.example.com:443
hostmaster@example.com
"/usr/local/www/apache22/data"
jk_module> JkMount /xmlui localhost-worker JkMount /xmlui/\* localhost-worker JkMount /solr localhost-worker JkMount /solr/\* localhost-worker JkMount /oai localhost-worker JkMount /oai/\* localhost-worker RewriteEngine On RewriteRule \^/$ /xmlui/ \[PT\] RewriteRule \^/$ /solr/ \[PT\] RewriteRule \^/$ /oai/ \[PT\] </IfModule> ErrorLog "\
/var/log/apache2/https-error-%Y-%m-%d.log 5M"
" \|/usr/local/sbin/rotatelogs /var/log/apache2/https-access-%Y-%m-%d.log 86400"
"/usr/local/etc/apache22/certs/dspace.example.com.crt"
"/usr/local/etc/apache22/certs/dspace.example.com.key"
"/usr/local/etc/apache22/certs/dspace-bundle.example.com.crt"
"/data/dspace/webapps/xmlui"> SSLOptions \+StdEnvVars \+ExportCertData
|
4 Install Dspace
Panel |
---|
tcsh# mkdir /data/dspace |
...
Open /data/dspace-1.8.1-src-release/dspace/config/dspace.cfg and make Your changes:
Panel |
---|
dspace.dir = /data/dspace
= dspace.example.com
=
= ${dspace.baseUrl}/xmlui
= Dspace at Example.Com
= postgres
= jdbc:postgresql://localhost:5432/dspacedb
= org.postgresql.Driver
= dspace
= s0mepw
= 30
= 5000
= \-1
= true
= smtp.example.com
= 25
= dspace-noreply@example.com
= dspace-help@example.com
= dspace-help@example.com
= postmaster@example.com
= dspace-help@example.com
= UTF-8
= localhost,dspace.example.com
= false
= en_US
= ${dspace.dir}/assetstore
= ${dspace.dir}/config/log4j.properties
= /var/log/apache2/
= ${dspace.dir}/search
=
= 12345
= ${dspace.dir}/handle-server
= 536870912
= en
= en
= true
|
Configure LDAP module. As i'm writing its not possible to configure multiple ldap servers in order to achieve failover (eg. ldap://ldapserver1 ldapserver2/?blah?blah).
...
Just in case verify /data/dspace/config/log4j.properties doesn't bug You. Remove unneeded "/" There may be 3 erratic lines like this one:
Panel |
---|
/var/log/apache2/*/*cocoon.log |
Also verify that /data/dspace/config/modules/authentication.cfg and authentication-ldap.cfg are correct.
...
Now install certificates required to use LDAPS. Make sure that You have JAVA_HOME set:
Panel |
---|
*tcsh# set JAVA_HOME=/usr/local/openjdk6*
* |
5 Handle
If You are using "handle" also, then:
Panel |
---|
tcsh# /data/dspace/bin/dspace make-handle-config /data/dspace/handle-server |
Create /usr/local/etc/rc.d/handle with following content. This script runs handle service as "www" user.
Panel | |
---|---|
Wiki Markup | #!/bin/sh
. /etc/rc.subr name="handle_server"
command="/data/dspace/bin/start-handle-server" handle_server_start() { if \[ \-x ${command} \]; then
-axuwww \| grep \-v grep \| grep handle-server \| nawk '{ $2 }'`" if \[
= "X" \]; then su - www \-c ${command} else echo "Handle server is already running." fi fi } handle_server_stop() { pid="`ps \-axuwww \| grep \-v grep \| grep handle-server \| nawk '{ print $2 }'`" if \[ "${pid}"X \!= "X" \]; then pid_owner="`ps \-axu \|grep \-v grep \| grep \-w $pid \|nawk '{ print $1 }'`" if \[ "${pid_owner}" = "www" \]; then kill \-15 ${pid} sleep 1 fi else echo "Handle server is not running?" fi } \# set defaultsthen handle_server_enable=${handle_server_enable:-"NO"}
"${name}" run_rc_command "$1" |
...
6 Clean up and daemons startup
Panel |
---|
tcsh# cd /data/dspace-1.8.1-src-release |
...
Panel |
---|
apache22_enable="YES" |
Panel |
---|
tcsh# sync; sync; reboot |
...
7 Final notes
- If You should later on upgrade "openjdk", then You need to import LDAP certificate again - you'll lose it!
- If You should upgrade mod_jk port, then dont forget to uncomment "#LoadModule jk_module.... " line!to uncomment "#LoadModule jk_module.... " line!
- After dspace upgrade dont forget cocoon: /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties
- Implement backups and monitoring!
- Implement firewall. If using pf:
Panel |
---|
WEB_PORTS="{ 80, 443 }"
2641, 8000 }" \
www
in log quick on $EXT_IF proto tcp from any to port $WEB_PORTS \
dspace handle service
in log quick on $EXT_IF proto tcp from any to port $HANDLE_PORTS |
Maybe You need SSH too, but in general keep blocking.
- Please read carefully dspace documentation.