...
- NB! Be extremely careful if using copy-paste! Also note that wiki page may eat some specific chars.
2 Required sofware
Install them in that order. You can find them from /usr/ports.
Panel |
unmigrated-wiki-markup |
---|
lang/perl5.14
lang/python27
www/apache22
databases/postgresql91-server
\ [ databases/postgresql91-contrib <\- optional, but may become handy \ ]
java/openjdk6
www/tomcat7
devel/apache-ant
www/mod_jk
devel/maven3
shells/bash |
3 Configuration rollercoaster
...
Several scripts from dspace are using "/bin/bash". To make them happy:
...
Panel |
---|
<Connector port="8080" protocol="HTTP/1.1" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" /> |
Panel |
---|
<!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" /> |
Once again i found more reasonable not to copy (or symlink) webapps to tomcat appBase dir as suggests dspace official documentation. Instead i'm changin tomcat appBase to point to dspace webapps. Also put tomcat logs with other www/apache logs. Original lines are commented out and my lines marked bold.
Panel |
---|
<!-- <Host name="localhost" appBase="webapps" --> <Host name="localhost" appBase="/data/dspace/webapps" unpackWARs="true" autoDeploy="true"> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/var/log/apache2" prefix="tomcat_access." suffix=".log" pattern="%h %l %u %t "%r" %s %b" /> |
...
Some lines are omitted from output. Also configure "apache22/extra/httpd-mpm.conf" and "httpd-default.conf" to suit You. Also don't forget apache certificates.
Panel |
---|
Wiki Markup | *tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/httpd.conf*
/*/
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule jk_module module libexec/apache22/mod_jk.so
/*/
ErrorLog "/var/log/apache2/httpd-error.log"
/*/
CustomLog "\ CustomLog "|/usr/local/sbin/rotatelogs \ -l /var/log/apache2/httpd-access_%Y-%m-%d.log 86400" combined
/*/
Include etc/apache22/extra/httpd-mpm.conf
Include etc/apache22/extra/httpd-default.conf
Include etc/apache22/extra/httpd-ssl.conf
/*/
Include etc/apache22/Includes/*.conf
NameVirtualHost \ *:80
<IfModule jk_module>
# relative path to # relative path to /usr/local
JkWorkersFile JkWorkersFile etc/apache22/workers.properties
JkShmFile JkShmFile /var/run/jk-runtime-status
JkLogLevel error
JkLogFile /var/ JkLogLevel error JkLogFile /var/log/apache2/mod_jk.log
</IfModule>
<VirtualHost \ *:80>
ServerName dspace.example.com
DocumentRoot DocumentRoot /usr/local/www/apache22/data
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
</IfModule>
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
RewriteCond [http://%]\{HTTP_HOST\}%\{REQUEST_URI\} (.\*)-login(.\*) \[OR\]
RewriteCond [http://%]\{HTTP_HOST\}%\{REQUEST_URI\} (.\*)/register(.\*) \[OR\]
RewriteCond [http://%]\{HTTP_HOST\}%\{REQUEST_URI\} (.*\)/forgot(.\*)
RewriteRule (.\*) [https://%]\{HTTP_HOST\}%\{REQUEST_URI\}
#
CustomLog "\ <IfModule jk_module> JkMount /xmlui localhost-worker JkMount /xmlui/* localhost-worker JkMount /solr localhost-worker JkMount /solr/* localhost-worker JkMount /oai localhost-worker JkMount /oai/* localhost-worker </IfModule> RewriteEngine On RewriteRule ^/$ /xmlui/ [PT] RewriteRule ^/$ /solr/ [PT] RewriteRule ^/$ /oai/ [PT] RewriteCond http://%{HTTP_HOST}%{REQUEST_URI} (.*)-login(.*) [OR] RewriteCond http://%{HTTP_HOST}%{REQUEST_URI} (.*)/register(.*) [OR] RewriteCond http://%{HTTP_HOST}%{REQUEST_URI} (.*)/forgot(.*) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} # CustomLog "|/usr/local/sbin/rotatelogs \ -l /var/log/apache2/dspace.example.com-access-%Y-%m-%d.log 86400" combined
ErrorLog combined ErrorLog /var/log/apache2/dspace.example.com-error.log
</VirtualHost>unmigrated-wiki-markup
*tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/extra/httpd-ssl.conf*
Listen 443
/*/
<VirtualHost \ _default_:443>
ServerName dspace.example.com:443
ServerAdmin hostmaster@example.com
DocumentRoot "/usr/local/www/apache22/data"
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
</IfModule>
ErrorLog "\ JkMount /xmlui localhost-worker JkMount /xmlui/* localhost-worker JkMount /solr localhost-worker JkMount /solr/* localhost-worker JkMount /oai localhost-worker JkMount /oai/* localhost-worker RewriteEngine On RewriteRule ^/$ /xmlui/ [PT] RewriteRule ^/$ /solr/ [PT] RewriteRule ^/$ /oai/ [PT] </IfModule> ErrorLog "|/usr/local/sbin/rotatelogs /var/log/apache2/https-error-%Y-%m-%d.log 5M"
TransferLog "\|/usr/local/sbin/rotatelogs /var/log/apache2/https-access-%Y-%m-%d.log 86400"
/*/
SSLCertificateFile "/usr/local/etc/apache22/certs/dspace.example.com.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/certs/dspace.example.com.key"
SSLCertificateChainFile "/usr/local/etc/apache22/certs/dspace-bundle.example.com.crt"
/*/
<Directory "/data/dspace/webapps/xmlui">
SSLOptions \+StdEnvVars \+ExportCertData
SSLOptions +StdEnvVars +ExportCertData </Directory> |
4 Install Dspace
Panel |
---|
tcsh# mkdir /data/dspace tcsh# cd /data tcsh# fetch -o dspace-1.8.1-src-release.tar.gz *http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download*Image Removed\* (http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download*) tcsh# tar xzf dspace-1.8.1-src-release.tar.gz tcsh# cd /data/dspace-1.8.1-src-release/dspace/config/ |
...
Open /data/dspace-1.8.1-src-release/dspace/config/dspace.cfg and make Your changes:
Code Blockpanel |
---|
dspace.dir = /data/dspace
dspace.hostname = dspace.example.com
dspace.baseUrl = [http://dspace.example.com ]
dspace.url = ${dspace.baseUrl}/xmlui
dspace.name = Dspace at Example.Com
db.name = postgres
db.url = jdbc:postgresql://localhost:5432/dspacedb
db.driver = org.postgresql.Driver
db.username = dspace
db.password = s0mepw
db.maxconnections = 30
db.maxwait = 5000
db.maxidle = \ -1
db.statementpool = true
mail.server = smtp.example.com
mail.server.port = 25
mail.from.address = dspace-noreply@example.com
feedback.recipient = dspace-help@example.com
mail.admin = dspace-help@example.com
alert.recipient = postmaster@example.com
registration.notify = dspace-help@example.com
mail.charset = UTF-8
mail.allowed.referrers = localhost,dspace.example.com
mail.server.disabled = false
default.language = en_US
assetstore.dir = ${dspace.dir}/assetstore
log.init.config = ${dspace.dir}/config/log4j.properties
log.dir = /var/log/apache2/
search.dir = ${dspace.dir}/search
/*/
handle.canonical.prefix = [http://hdl.handle.net/ ]
handle.prefix = 12345
handle.dir = ${dspace.dir}/handle-server
/*/
upload.max = 536870912
default.locale = en
xmlui.supported.locales = en
xmlui.force.ssl = true
xmlui.user.registration=false
|
Configure LDAP module. As i'm writing its not possible to configure multiple ldap servers in order to achieve failover (eg. ldap://ldapserver1 ldapserver2/?blah?blah).
Code Blockpanel |
---|
* tcsh# egrep \ -v "# \|"^$ modules/authentication-ldap.cfg *
enable = true
autoregister = true
provider_url = ldaps://myldap.example.com/
id_field = uid
object_context = ou=people,dc=example,dc=com
search_context = ou=people,dc=example,dc=com
email_field = mail
surname_field = sn
givenname_field = givenName
phone_field = telephoneNumber
search_scope = 2
search.user = cn=ldap-bind,cn=Users,dc=example,dc=com
search.password = s0mepw2
netid_email_domain = @example.com
|
As You can see, i'm using LDAPS. We'll be back to it later on.
Following command fetches software from internet in order to build dspace. This soft will be placed under $HOME/.m2/ directory. In my case /root/.m2/. If You want to, You can build dspace as "www" user. I'm doing it as root.
Code Blockpanel |
---|
* tcsh# /data/dspace-1.8.1-src-release *
* tcsh# mvn package *
* tcsh# cd /data/dspace-1.8.1-src-release/dspace/target/dspace-1.8.1-build/ *
* tcsh# ant fresh_install *
|
As looking from my notes there was an issue with creating PostgreSQL database (PL/pgSQL related). Seems that following helped out. However - i can't verify or confirm it at the moment.
Code Blockpanel |
---|
_ tcsh# dropdb \ -U pgsql dspacedb _
_ tcsh# createdb \ -U pgsql \ -O dspace \ -E UNICODE dspacedb _
_ tcsh# psql \ -h localhost \ -U dspace \ -f /data/dspace-1.8.1-src-release/dspace/etc/postgres/database_schema.sql dspacedb _
|
And finally set proper permissons:
Code Blockpanel |
---|
* tcsh# chown \ -R www:www /data/dspace *
|
Just in case verify /data/dspace/config/log4j.properties doesn't bug You. Remove unneeded "/" There may be 3 erratic lines like this one:
Code Blockpanel |
---|
/var/log/apache2/ */ *cocoon.log
|
Also verify that /data/dspace/config/modules/authentication.cfg and authentication-ldap.cfg are correct.
Since i like to keep all dspace related things in one place and i have pretty small /usr/local:
Code Blockpanel |
---|
* tcsh# mkdir \ -p /data/dspace/tc-webinf/work/upload-dir *
* tcsh# mkdir \ -p /data/dspace/tc-webinf/work/cache-dir *
* tcsh# chown \ -R www:www /data/dspace/tc-webinf *
*tcsh# grep dspace /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties *
org.apache.cocoon.uploads.directory=/data/dspace/tc-webinf/work/upload-dir
org.apache.cocoon.cache.directory=/data/dspace/tc-webinf/work/cache-dir
org.apache.cocoon.work.directory=/data/dspace/tc-webinf/work/
|
Don't forget thisone if You upgraded Your dspace - cocoon may fill /usr/local.
If needed, configure OAI also: /data/dspace/config/oaicat.properties:
Code Blockpanel |
---|
/*/
Crosswalks.mods=org.dspace.app.oai.PluginCrosswalk
Crosswalks.mets=org.dspace.app.oai.PluginCrosswalk
Crosswalks.qdc=org.dspace.app.oai.PluginCrosswalk
|
Set up crontabs. PATH is required.
...
Now install certificates required to use LDAPS. Make sure that You have JAVA_HOME set:
Code Blockpanel |
---|
* tcsh# set JAVA_HOME=/usr/local/openjdk6 *
* tcsh# echo $JAVA_HOME *
/usr/local/openjdk6
* tcsh# keytool \ -import \ -file /tmp/myldap-clients.example.com.crt \ -alias myldap.example.com \ -keystore $JAVA_HOME/jre/lib/security/cacerts *
Enter keystore password: 'changeit' <\- by default without <- by default without '-es \!
/*/
Trust this certificate? \ [no \]: *yes*
Certificate was added to keystore
*tcsh# keytool \-list \-keystore yes Certificate was added to keystore tcsh# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts *
* tcsh# rm \ -f /tmp/ olp-wildmyldap-clients.example.com.crt *
|
5 Handle
If You are using "handle" also, then:
Panel |
---|
tcsh# /data/dspace/bin/dspace make-handle-config /data/dspace/handle-server |
Create /usr/local/etc/rc.d/handle with following content. This script runs handle service as "www" user.
Panel |
---|
#!/bin/sh # # PROVIDE: handle # REQUIRE: NETWORKING tomcat7 # KEYWORD: shutdown # # handle_server_enable="YES" # . /etc/rc.subr name="handle_server" start_cmd="${name}_start" stop_cmd="${name}_stop" rcvar=`set_rcvar` command="/data/dspace/bin/start-handle-server" Wiki Markup |
---|
handle_server_start()
{
if \[ \-x $\{command\} \]; then
{ if [ -x ${command} ]; then pid="`ps \ -axuwww \ | grep \ -v grep \ | grep handle-server \ | nawk '\{ print $2 \ }'`"
if \[ "$\{pid\}"X = "X" \]; then
su - www \-c $\{command\}
else
echo "Handle server is already running."
fi
fi
}
handle_server_stop()
{
pid="`ps \-axuwww \| grep \-v grep \| grep handle-server \| nawk '\{ print $2 \}'`"
if \[ "$\{pid\}"X \!= "X" \]; then
pid_owner="`ps \-axu \|grep \-v grep \| grep \-w $pid \|nawk '\{ print $1 \}'`"
if \[ "$\{pid_owner\}" = "www" \]; then
kill \-15 $\{pid\}
sleep 1
fi
else
echo "Handle server is not running?"
fi
}
\# set " if [ "${pid}"X = "X" ]; then su - www -c ${command} else echo "Handle server is already running." fi fi } handle_server_stop() { pid="`ps -axuwww | grep -v grep | grep handle-server | nawk '{ print $2 }'`" if [ "${pid}"X != "X" ]; then pid_owner="`ps -axu |grep -v grep | grep -w $pid |nawk '{ print $1 }'`" if [ "${pid_owner}" = "www" ]; then kill -15 ${pid} sleep 1 fi else echo "Handle server is not running?" fi } # set defaults handle_server_enable=${handle_server_enable:-"NO"} load_rc_config "${name}" run_rc_command "$1" |
6 Clean up and daemons startup
Code Blockpanel |
---|
* tcsh# cd /data/dspace-1.8.1-src-release *
* tcsh# mvn clean *
* tcsh# rm \ -r /root/.m2 *
|
Enable all required services at startup - /etc/rc.conf. Once again pay attention to UTF and make sure that "-Xmx" and "-Xms" are at least 512M and both do have same values!
Code Blockpanel |
---|
apache22_enable="YES"
tomcat7_enable="YES"
tomcat7_java_opts="-Xmx512M \ -Xms512M \ -XX:MaxPermSize=128M \ -Dfile.encoding=UTF-8"
tomcat7_catalina_log=">> /var/log/apache2/catalina-`date \ +%Y-%m-%d`.log 2>&1"
tomcat7_catalina_tmpdir="/tmp"
handle_server_enable="YES"
postgresql_enable="YES"
postgresql_data="/data/pgsql"
|
Code Blockpanel |
---|
* tcsh# sync; sync; reboot *
|
7 Final notes
- If You should later on upgrade "openjdk", then You need to import LDAP certificate again - you'll lose it!
- If You should upgrade mod_jk port, then dont forget to uncomment "#LoadModule jk_module.... " line!
- After dspace upgrade dont forget cocoon: /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties
- Implement backups and monitoring!
- Implement firewall. If using pf:
...