...
- NB! Be extremely careful if using copy-paste! Also note that wiki page may eat some specific chars.
2 Required sofware
Install them in that order. You can find them from /usr/ports.
Panel |
unmigrated-wiki-markup |
---|
lang/perl5.14
lang/python27
www/apache22
databases/postgresql91-server
\ [ databases/postgresql91-contrib <\- optional, but may become handy \ ]
java/openjdk6
www/tomcat7
devel/apache-ant
www/mod_jk
devel/maven3
shells/bash |
3 Configuration rollercoaster
...
Several scripts from dspace are using "/bin/bash". To make them happy:
...
Some lines are omitted from output. Also configure "apache22/extra/httpd-mpm.conf" and "httpd-default.conf" to suit You. Also don't forget apache certificates.
Panel |
unmigrated-wiki-markup |
---|
*tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/httpd.conf*
/*/
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule jk_module libexec/jk_module libexec/apache22/mod_jk.so
/*/
ErrorLog "/var/log/apache2/httpd-error.log"
/*/
CustomLog "\ CustomLog "|/usr/local/sbin/rotatelogs \ -l /var/log/apache2/httpd-access_%Y-%m-%d.log 86400" combined
/*/
Include etc/apache22/extra/httpd-mpm.conf
Include etc/apache22/extra/httpd-default.conf
Include etc/apache22/extra/httpd-ssl.conf
/*/
Include etc/apache22/Includes/*.conf
NameVirtualHost \ *:80
<IfModule jk_module>
# relative path to # relative path to /usr/local
JkWorkersFile JkWorkersFile etc/apache22/workers.properties
JkShmFile JkShmFile /var/run/jk-runtime-status
JkLogLevel error
JkLogFile /var/ JkLogLevel error JkLogFile /var/log/apache2/mod_jk.log
</IfModule>
<VirtualHost \ *:80>
ServerName dspace.example.com
DocumentRoot DocumentRoot /usr/local/www/apache22/data
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
</IfModule>
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
RewriteCond [http://%]\{HTTP_HOST\}%\{REQUEST_URI\} <IfModule jk_module> JkMount /xmlui localhost-worker JkMount /xmlui/* localhost-worker JkMount /solr localhost-worker JkMount /solr/* localhost-worker JkMount /oai localhost-worker JkMount /oai/* localhost-worker </IfModule> RewriteEngine On RewriteRule ^/$ /xmlui/ [PT] RewriteRule ^/$ /solr/ [PT] RewriteRule ^/$ /oai/ [PT] RewriteCond http://%{HTTP_HOST}%{REQUEST_URI} (.*)-login(.*) \ [OR\]
RewriteCond [http://%]\] RewriteCond http://%{HTTP_HOST\}%\{REQUEST_URI\} (.*)/register(.*) \ [OR\]
RewriteCond [] RewriteCond http://%]\{HTTP_HOST\}%\{REQUEST_URI\} (.*)/forgot(.*)
RewriteRule RewriteRule (.*) [ https://%]\{HTTP_HOST\}%\{REQUEST_URI\}
#
CustomLog "\} # CustomLog "|/usr/local/sbin/rotatelogs \ -l /var/log/apache2/dspace.example.com-access-%Y-%m-%d.log 86400" combined
ErrorLog combined ErrorLog /var/log/apache2/dspace.example.com-error.log
</VirtualHost>unmigrated-wiki-markup *tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/extra/httpd-ssl.conf*
Listen 443
/*/
<VirtualHost \ _default_:443>
ServerName dspace.example.com:443
ServerAdmin hostmaster@example.com
DocumentRoot "/usr/local/www/apache22/data"
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
</IfModule>
ErrorLog "\ JkMount /xmlui localhost-worker JkMount /xmlui/* localhost-worker JkMount /solr localhost-worker JkMount /solr/* localhost-worker JkMount /oai localhost-worker JkMount /oai/* localhost-worker RewriteEngine On RewriteRule ^/$ /xmlui/ [PT] RewriteRule ^/$ /solr/ [PT] RewriteRule ^/$ /oai/ [PT] </IfModule> ErrorLog "|/usr/local/sbin/rotatelogs /var/log/apache2/https-error-%Y-%m-%d.log 5M"
TransferLog "\|/usr/local/sbin/rotatelogs /var/log/apache2/https-access-%Y-%m-%d.log 86400"
/*/
SSLCertificateFile "/usr/local/etc/apache22/certs/dspace.example.com.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/certs/dspace.example.com.key"
SSLCertificateChainFile "/usr/local/etc/apache22/certs/dspace-bundle.example.com.crt"
/*/
<Directory "/data/dspace/webapps/xmlui">
SSLOptions \+StdEnvVars \+ExportCertData
SSLOptions +StdEnvVars +ExportCertData </Directory> |
4 Install Dspace
Panel |
---|
tcsh# mkdir /data/dspace tcsh# cd /data tcsh# fetch -o dspace-1.8.1-src-release.tar.gz *http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download\* (http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download*) tcsh# tar xzf dspace-1.8.1-src-release.tar.gz tcsh# cd /data/dspace-1.8.1-src-release/dspace/config/ |
...
Open /data/dspace-1.8.1-src-release/dspace/config/dspace.cfg and make Your changes:
Panel |
---|
Wiki Markup |
dspace.dir = /data/dspace
dspace.hostname = dspace.example.com
dspace.baseUrl = [http://dspace.example.com ]
dspace.url = ${dspace.baseUrl}/xmlui
dspace.name = Dspace at Example.Com
db.name = postgres
db.url = jdbc:postgresql://localhost:5432/dspacedb
db.driver = org.postgresql.Driver
db.username = dspace
db.password = s0mepw
db.maxconnections = 30
db.maxwait = 5000
db.maxidle = \ -1
db.statementpool = true
mail.server = smtp.example.com
mail.server.port = 25
mail.from.address = dspace-noreply@example.com
feedback.recipient = dspace-help@example.com
mail.admin = dspace-help@example.com
alert.recipient = postmaster@example.com
registration.notify = dspace-help@example.com
mail.charset = UTF-8
mail.allowed.referrers = localhost,dspace.example.com
mail.server.disabled = false
default.language = en_US
assetstore.dir = ${dspace.dir}/assetstore
log.init.config = ${dspace.dir}/config/log4j.properties
log.dir = /var/log/apache2/
search.dir = ${dspace.dir}/search
/*/
handle.canonical.prefix = [http://hdl.handle.net/ ]
handle.prefix = 12345
handle.dir = ${dspace.dir}/handle-server
/*/
upload.max = 536870912
default.locale = en
xmlui.supported.locales = en
xmlui.force.ssl = true
xmlui.user.registration=false
|
Configure LDAP module. As i'm writing its not possible to configure multiple ldap servers in order to achieve failover (eg. ldap://ldapserver1 ldapserver2/?blah?blah).
...
Following command fetches software from internet in order to build dspace. This soft will be placed under $HOME/.m2/ directory. In my case /root/.m2/. If You want to, You can build dspace as "www" user. I'm doing it as root.
Code Blockpanel |
---|
* tcsh# /data/dspace-1.8.1-src-release *
* tcsh# mvn package *
* tcsh# cd /data/dspace-1.8.1-src-release/dspace/target/dspace-1.8.1-build/ *
* tcsh# ant fresh_install *
|
As looking from my notes there was an issue with creating PostgreSQL database (PL/pgSQL related). Seems that following helped out. However - i can't verify or confirm it at the moment.
Code Blockpanel |
---|
_ tcsh# dropdb \ -U pgsql dspacedb _
_ tcsh# createdb \ -U pgsql \ -O dspace \ -E UNICODE dspacedb _
_ tcsh# psql \ -h localhost \ -U dspace \ -f /data/dspace-1.8.1-src-release/dspace/etc/postgres/database_schema.sql dspacedb _
|
And finally set proper permissons:
Code Blockpanel |
---|
* tcsh# chown \ -R www:www /data/dspace *
|
Just in case verify /data/dspace/config/log4j.properties doesn't bug You. Remove unneeded "/" There may be 3 erratic lines like this one:
Code Blockpanel |
---|
/var/log/apache2/ */ *cocoon.log
|
Also verify that /data/dspace/config/modules/authentication.cfg and authentication-ldap.cfg are correct.
Since i like to keep all dspace related things in one place and i have pretty small /usr/local:
Code Blockpanel |
---|
* tcsh# mkdir \ -p /data/dspace/tc-webinf/work/upload-dir *
*tcsh# mkdir \ tcsh# mkdir -p /data/dspace/tc-webinf/work/cache-dir *
* tcsh# chown \ -R www:www /data/dspace/tc-webinf *
*tcsh# grep dspace /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties *
org.apache.cocoon.uploads.directory=/data/dspace/tc-webinf/work/upload-dir
org.apache.cocoon.cache.directory=/data/dspace/tc-webinf/work/cache-dir
org.apache.cocoon.work.directory=/data/dspace/tc-webinf/work/
|
Don't forget thisone if You upgraded Your dspace - cocoon may fill /usr/local.
If needed, configure OAI also: /data/dspace/config/oaicat.properties:
Code Blockpanel |
---|
/*/
Crosswalks.mods=org.dspace.app.oai.PluginCrosswalk
Crosswalks.mets=org.dspace.app.oai.PluginCrosswalk
Crosswalks.qdc=org.dspace.app.oai.PluginCrosswalk
|
Set up crontabs. PATH is required.
...
Now install certificates required to use LDAPS. Make sure that You have JAVA_HOME set:
Code Blockpanel |
---|
* tcsh# set JAVA_HOME=/usr/local/openjdk6 *
* tcsh# echo $JAVA_HOME *
/usr/local/openjdk6
* tcsh# keytool \ -import \ -file /tmp/myldap-clients.example.com.crt \ -alias myldap.example.com \ -keystore $JAVA_HOME/jre/lib/security/cacerts *
Enter keystore password: 'changeit' <\- by default without <- by default without '-es \!
/*/
Trust this certificate? \ [no \]: *yes*
Certificate was added to keystore
*tcsh# keytool \-list \-keystore yes Certificate was added to keystore tcsh# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts *
* tcsh# rm \ -f /tmp/ olpmyldap- wild-clients.example.com.crt *
|
5 Handle
If You are using "handle" also, then:
Panel |
---|
tcsh# /data/dspace/bin/dspace make-handle-config /data/dspace/handle-server |
Create /usr/local/etc/rc.d/handle with following content. This script runs handle service as "www" user.
Panel |
---|
#!/bin/sh # # PROVIDE: handle # REQUIRE: NETWORKING tomcat7 # KEYWORD: shutdown # # handle_server_enable="YES" # . /etc/rc.subr name="handle_server" start_cmd="${name}_start" stop_cmd="${name}_stop" rcvar=`set_rcvar` command="/data/dspace/bin/start-handle-server"unmigrated-wiki-markup handle_server_start()
{
if \[ \-x $\{command\} \]; then
{ if [ -x ${command} ]; then pid="`ps \ -axuwww \ | grep \ -v grep \ | grep handle-server \ | nawk '\{ print $2 \ }'`"
if \[ "$\{pid\}"X = "X" \]; then
su - www \-c $\{command\}
else
echo "Handle server is already running."
fi
fi
}
handle_server_stop()
{
pid="`ps \-axuwww \| grep \-v grep \| grep handle-server \| nawk '\{ print $2 \}'`"
if \[ "$\{pid\}"X \!= "X" \]; then
pid_owner="`ps \-axu \|grep \-v grep \| grep \-w $pid \|nawk '\{ print $1 \}'`"
if \[ "$\{pid_owner\}" = "www" \]; then
kill \-15 $\{pid\}
sleep 1
fi
else
echo "Handle server is not running?"
fi
}
\# set if [ "${pid}"X = "X" ]; then su - www -c ${command} else echo "Handle server is already running." fi fi } handle_server_stop() { pid="`ps -axuwww | grep -v grep | grep handle-server | nawk '{ print $2 }'`" if [ "${pid}"X != "X" ]; then pid_owner="`ps -axu |grep -v grep | grep -w $pid |nawk '{ print $1 }'`" if [ "${pid_owner}" = "www" ]; then kill -15 ${pid} sleep 1 fi else echo "Handle server is not running?" fi } # set defaults handle_server_enable=${handle_server_enable:-"NO"} load_rc_config "${name}" run_rc_command "$1" |
6 Clean up and daemons startup
Code Blockpanel |
---|
* tcsh# cd /data/dspace-1.8.1-src-release *
* tcsh# mvn clean *
* tcsh# rm \ -r /root/.m2 *
|
Enable all required services at startup - /etc/rc.conf. Once again pay attention to UTF and make sure that "-Xmx" and "-Xms" are at least 512M and both do have same values!
Code Blockpanel |
---|
apache22_enable="YES"
tomcat7_enable="YES"
tomcat7_java_opts="-Xmx512M \ -Xms512M \ -XX:MaxPermSize=128M \ -Dfile.encoding=UTF-8"
tomcat7_catalina_log=">> /var/log/apache2/catalina-`date \ +%Y-%m-%d`.log 2>&1"
tomcat7_catalina_tmpdir="/tmp"
handle_server_enable="YES"
postgresql_enable="YES"
postgresql_data="/data/pgsql"
|
Code Blockpanel |
---|
* tcsh# sync; sync; reboot *
|
7 Final notes
- If You should later on upgrade "openjdk", then You need to import LDAP certificate again - you'll lose it!
- If You should upgrade mod_jk port, then dont forget to uncomment "#LoadModule jk_module.... " line!
- After dspace upgrade dont forget cocoon: /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties
- Implement backups and monitoring!
- Implement firewall. If using pf:
...