...
- NB! Be extremely careful if using copy-paste! Also note that wiki page may eat some specific chars.
2 Required sofware
Install them in that order. You can find them from /usr/ports.
Panel |
unmigrated-wiki-markup |
---|
lang/perl5.14
lang/python27
www/apache22
databases/postgresql91-server
\ [ databases/postgresql91-contrib <\- optional, but may become handy \ ]
java/openjdk6
www/tomcat7
devel/apache-ant
www/mod_jk
devel/maven3
shells/bash |
3 Configuration rollercoaster
...
Several scripts from dspace are using "/bin/bash". To make them happy:
...
Some lines are omitted from output. Also configure "apache22/extra/httpd-mpm.conf" and "httpd-default.conf" to suit You. Also don't forget apache certificates.
Panel |
unmigrated-wiki-markup |
---|
*tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/httpd.conf*
/*/
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule jk_module libexecjk_module libexec/apache22/mod_jk.so
/*/
ErrorLog "/var/log/apache2/httpd-error.log"
/*/
CustomLog "\ CustomLog "|/usr/local/sbin/rotatelogs \ -l /var/log/apache2/httpd-access_%Y-%m-%d.log 86400" combined
/*/
Include etc/apache22/extra/httpd-mpm.conf
Include etc/apache22/extra/httpd-default.conf
Include etc/apache22/extra/httpd-ssl.conf
/*/
Include etc/apache22/Includes/*.conf
NameVirtualHost \ *:80
<IfModule jk_module>
# relative path to # relative path to /usr/local
JkWorkersFile JkWorkersFile etc/apache22/workers.properties
JkShmFile JkShmFile /var/run/jk-runtime-status
JkLogLevel error
JkLogFile / JkLogLevel error JkLogFile /var/log/apache2/mod_jk.log
</IfModule>
<VirtualHost \ *:80>
ServerName dspace.example.com
DocumentRoot DocumentRoot /usr/local/www/apache22/data
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
</IfModule>
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
RewriteCond [http://%]\{HTTP_HOST\}%\{REQUEST_URI\} <IfModule jk_module> JkMount /xmlui localhost-worker JkMount /xmlui/* localhost-worker JkMount /solr localhost-worker JkMount /solr/* localhost-worker JkMount /oai localhost-worker JkMount /oai/* localhost-worker </IfModule> RewriteEngine On RewriteRule ^/$ /xmlui/ [PT] RewriteRule ^/$ /solr/ [PT] RewriteRule ^/$ /oai/ [PT] RewriteCond http://%{HTTP_HOST}%{REQUEST_URI} (.*)-login(.*) \ [OR\]
RewriteCond [http:] RewriteCond http://%]\{HTTP_HOST\}%\{REQUEST_URI\} (.*)/register(.*) \ [OR\]
RewriteCond [] RewriteCond http://%]\{HTTP_HOST\}%\{REQUEST_URI\} (.*)/forgot(.*)
RewriteRule RewriteRule (.*) [ https://%]\{HTTP_HOST\}%\{REQUEST_URI\}
#
CustomLog "\} # CustomLog "|/usr/local/sbin/rotatelogs \ -l /var/log/apache2/dspace.example.com-access-%Y-%m-%d.log 86400" combined
ErrorLog combined ErrorLog /var/log/apache2/dspace.example.com-error.log
</VirtualHost>unmigrated-wiki-markup *tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/extra/httpd-ssl.conf*
Listen 443
/*/
<VirtualHost \ _default_:443>
ServerName dspace.example.com:443
ServerAdmin hostmaster@example.com
DocumentRoot "/usr/local/www/apache22/data"
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
</IfModule>
ErrorLog "\ JkMount /xmlui localhost-worker JkMount /xmlui/* localhost-worker JkMount /solr localhost-worker JkMount /solr/* localhost-worker JkMount /oai localhost-worker JkMount /oai/* localhost-worker RewriteEngine On RewriteRule ^/$ /xmlui/ [PT] RewriteRule ^/$ /solr/ [PT] RewriteRule ^/$ /oai/ [PT] </IfModule> ErrorLog "|/usr/local/sbin/rotatelogs /var/log/apache2/https-error-%Y-%m-%d.log 5M"
TransferLog "\|/usr/local/sbin/rotatelogs /var/log/apache2/https-access-%Y-%m-%d.log 86400"
/*/
SSLCertificateFile "/usr/local/etc/apache22/certs/dspace.example.com.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/certs/dspace.example.com.key"
SSLCertificateChainFile "/usr/local/etc/apache22/certs/dspace-bundle.example.com.crt"
/*/
<Directory "/data/dspace/webapps/xmlui">
SSLOptions \+StdEnvVars \+ExportCertData
SSLOptions +StdEnvVars +ExportCertData </Directory> |
4 Install Dspace
Panel |
---|
tcsh# mkdir /data/dspace tcsh# cd /data tcsh# fetch -o dspace-1.8.1-src-release.tar.gz *http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download\* (http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download*) tcsh# tar xzf dspace-1.8.1-src-release.tar.gz tcsh# cd /data/dspace-1.8.1-src-release/dspace/config/ |
...
And finally set proper permissons:
Panel |
---|
tcsh# chown -R www:www /data/dspace |
Just in case verify /data/dspace/config/log4j.properties doesn't bug You. Remove unneeded "/" There may be 3 erratic lines like this one:
Panel |
---|
/var/log/apache2/*/*cocoon.log |
Also verify that /data/dspace/config/modules/authentication.cfg and authentication-ldap.cfg are correct.
...
Now install certificates required to use LDAPS. Make sure that You have JAVA_HOME set:
Panel |
unmigrated-wiki-markup |
---|
*tcsh# set JAVA_HOME=/usr/local/openjdk6*
* tcsh# echo $JAVA_HOME*
/usr/local/openjdk6
* tcsh# keytool \ -import \ -file /tmp/myldap-clients.example.com.crt \ -alias myldap.example.com \ -keystore $JAVA_HOME/jre/lib/security/cacerts*
Enter keystore password: 'changeit' <\- by default without <- by default without '-es\!
/*/
Trust this certificate? \ [no\]: *yes*
Certificate was added to keystore
*tcsh# keytool \-list \-keystore yes Certificate was added to keystore tcsh# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts*
* tcsh# rm \ -f /tmp/olp-wildmyldap-clients.example.com.crt* |
5 Handle
If You are using "handle" also, then:
Panel |
---|
tcsh# /data/dspace/bin/dspace make-handle-config /data/dspace/handle-server |
Create /usr/local/etc/rc.d/handle with following content. This script runs handle service as "www" user.
Panel |
---|
#!/bin/sh # # PROVIDE: handle # REQUIRE: NETWORKING tomcat7 # KEYWORD: shutdown # # handle_server_enable="YES" # . /etc/rc.subr name="handle_server" start_cmd="${name}_start" stop_cmd="${name}_stop" rcvar=`set_rcvar` command="/data/dspace/bin/start-handle-server"unmigrated-wiki-markup handle_server_start()
{
if \[ \-x $\{command\} \]; then
{ if [ -x ${command} ]; then pid="`ps \ -axuwww \ | grep \ -v grep \ | grep handle-server \ | nawk '\{ print $2 \ }'`"
if \[ "$\{pid\}"X = "X" \]; then
su - www \-c $\{command\}
else
echo "Handle server is already running."
fi
fi
}
handle_server_stop()
{
pid="`ps \-axuwww \| grep \-v grep \| grep handle-server \| nawk '\{ print $2 \}'`"
if \[ "$\{pid\}"X \!= "X" \]; then
pid_owner="`ps \-axu \|grep \-v grep \| grep \-w $pid \|nawk '\{ print $1 \}'`"
if \[ "$\{pid_owner\}" = "www" \]; then
kill \-15 $\{pid\}
sleep 1
fi
else
echo "Handle server is not running?"
fi
}
\# set if [ "${pid}"X = "X" ]; then su - www -c ${command} else echo "Handle server is already running." fi fi } handle_server_stop() { pid="`ps -axuwww | grep -v grep | grep handle-server | nawk '{ print $2 }'`" if [ "${pid}"X != "X" ]; then pid_owner="`ps -axu |grep -v grep | grep -w $pid |nawk '{ print $1 }'`" if [ "${pid_owner}" = "www" ]; then kill -15 ${pid} sleep 1 fi else echo "Handle server is not running?" fi } # set defaults handle_server_enable=${handle_server_enable:-"NO"} load_rc_config "${name}" run_rc_command "$1" |
...
Panel |
---|
apache22_enable="YES" tomcat7_enable="YES" tomcat7_java_opts="-Xmx512M -Xms512M -XX:MaxPermSize=128M -Dfile.encoding=UTF-8" tomcat7_catalina_log=">> /var/log/apache2/catalina-`date +%Y-%m-%d`.log 2>&1" tomcat7_catalina_tmpdir="/tmp" handle_server_enable="YES" postgresql_enable="YES" postgresql_data="/data/pgsql" |
...
- If You should later on upgrade "openjdk", then You need to import LDAP certificate again - you'll lose it!
- If You should upgrade mod_jk port, then dont forget to uncomment "#LoadModule jk_module.... " line!
- After dspace upgrade dont forget cocoon: /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties
- Implement backups and monitoring!
- Implement firewall. If using pf:
...