All Versions
- DSpace 7.x (Current Release)
- DSpace 8.x (Unreleased)
- DSpace 6.x (EOL)
- DSpace 5.x (EOL)
- More Versions...
Contribute to the DSpace Development Fund
The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.
Old DSpace 6 installation instructions - to be updated
This page still needs to be updated with official installation instructions for DSpace 7. If you already want to get started in the meanwhile, you can follow the Try out DSpace 7 instructions.
Since some users might want to get their test version up and running as fast as possible, offered below is an unsupported outline of getting DSpace to run quickly in a Unix-based environment using the DSpace source release.
Only experienced unix admins should even attempt the following without going to the detailed Installing DSpace (OLD - to be removed)#Installation Instructions
useradd -m dspace gzip xzf dspace-6.x-src-release.tar.gz createuser --username=postgres --no-superuser --pwprompt dspace createdb --username=postgres --owner=dspace --encoding=UNICODE dspace psql --username=postgres dspace -c "CREATE EXTENSION pgcrypto;" cd [dspace-source]/dspace/config/ cp local.cfg.EXAMPLE local.cfg vi local.cfg mkdir [dspace] chown dspace [dspace] su - dspace cd [dspace-source] mvn package cd [dspace-source]/dspace/target/dspace-installer ant fresh_install cp -r [dspace]/webapps/* [tomcat]/webapps /etc/init.d/tomcat start [dspace]/bin/dspace create-administrator
You can install and run DSpace on most modern PC, laptop or server hardware. However, if you intend to run DSpace for a large community of potential end users, carefully review the Hardware Recommendations in the User FAQ
The list below describes the third-party components and tools you'll need to run a DSpace server. These are just guidelines. Since DSpace is built on open source, standards-based tools, there are numerous other possibilities and setups.
Also, please note that the configuration and installation guidelines relating to a particular tool below are here for convenience. You should refer to the documentation for each individual component for complete and up-to-date details. Many of the tools are updated on a frequent basis, and the guidelines below may become out of date.
OpenJDK download and installation instructions can be found here http://openjdk.java.net/install/. Most operating systems provide an easy path to install OpenJDK. Just be sure to install the full JDK (development kit), and not the JRE (which is often the default example).
Oracle's Java can be downloaded from the following location: http://www.oracle.com/technetwork/java/javase/downloads/index.html. Make sure to download the appropriate version of the Java SE JDK.
Make sure to install the JDK and not just the JRE
At this time, DSpace requires the full JDK (Java Development Kit) be installed, rather than just the JRE (Java Runtime Environment). So, please be sure that you are installing the full JDK and not just the JRE.
Only JDK11 is fully supported
Older versions of Java are unsupported. This includes JDK v7-10.
Newer versions of Java may work (e.g. JDK v12-16), but we do not recommend running them in Production. We highly recommend running only Java LTS (Long Term Support) releases in Production, as non-LTS releases may not receive ongoing security fixes. As of this DSpace release, JDK11 is the most recent Java LTS release, with the next one (JDK17) being due sometime around September 2021. As soon as the next Java LTS release is available, we will analyze it for compatibility with this release of DSpace. For more information on Java releases, see the Java roadmaps for Oracle and/or OpenJDK.
Maven is necessary in the first stage of the build process to assemble the installation package for your DSpace instance. It gives you the flexibility to customize DSpace using the existing Maven projects found in the [dspace-source]/dspace/modules directory or by adding in your own Maven project to build the installation package for DSpace, and apply any custom interface "overlay" changes.
Maven can be downloaded from http://maven.apache.org/download.html
You can configure a proxy to use for some or all of your HTTP requests in Maven. The username and password are only required if your proxy requires basic authentication (note that later releases may support storing your passwords in a secured keystore‚ in the meantime, please ensure your settings.xml file (usually ${user.home}/.m2/settings.xml) is secured with permissions appropriate for your operating system).
Example:
<settings> . . <proxies> <proxy> <active>true</active> <protocol>http</protocol> <host>proxy.somewhere.com</host> <port>8080</port> <username>proxyuser</username> <password>somepassword</password> <nonProxyHosts>www.google.com|*.somewhere.com</nonProxyHosts> </proxy> </proxies> . . </settings>
Apache Ant is required for the second stage of the build process (deploying/installing the application). First, Maven is used to construct the installer ([dspace-source]/dspace/target/dspace-installer
), after which Ant is used to install/deploy DSpace to the installation directory.
Ant can be downloaded from the following location: http://ant.apache.org
PostgreSQL v9.4 to v11 will likely work, but earlier versions are less well tested.
Active development/testing on DSpace 7 has occurred on PostgreSQL v11. However, it is likely that the backend would also function on PostgreSQL v9.4 - v10. At this time we have not performed sufficient testing on these earlier versions to add them to the prerequisites listing.
DSpace 7 will definitely not function on versions below 9.4 as DSpace requires installing and running the pgcrypto extension (see below) v1.1, which was not available until PostgreSQL v9.4.
postgresql.conf
: uncomment the line starting: listen_addresses = 'localhost'
. This is the default, in recent PostgreSQL releases, but you should at least check it.Then tighten up security a bit by editing pg_hba.conf
and adding this line:
host dspace dspace 127.0.0.1 255.255.255.255 md5
This should appear before any lines matching all
databases, because the first matching rule governs.
tnsnames.ora
and listener.ora
files to the database the Oracle server.[dspace]
). There are a few common ways this may be achieved:One option is to specifically give the Tomcat user (often named "tomcat") ownership of the [dspace] directories, for example:
# Change [dspace] and all subfolders to be owned by "tomcat" chown -R tomcat:tomcat [dspace]
Modifications in [tomcat]/conf/server.xml : You also need to alter Tomcat's default configuration to support searching and browsing of multi-byte UTF-8 correctly. You need to add a configuration option to the <Connector> element in [tomcat]/config/server.xml: URIEncoding="UTF-8" e.g. if you're using the default Tomcat config, it should read:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" minSpareThreads="25" enableLookups="false" redirectPort="8443" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>
You may change the port from 8080 by editing it in the file above, and by setting the variable CONNECTOR_PORT in server.xml. You should set the URIEncoding even if you are running Tomcat behind a proxy (Apache HTTPD, Nginx, etc.) via AJP.
Solr can be obtained at the Apache Software Foundation site for Lucene and Solr. You may wish to read portions of the quick-start tutorial to make yourself familiar with Solr's layout and operation. Unpack a Solr .tgz or .zip archive in a place where you keep software that is not handled by your operating system's package management tools, and arrange to have it running whenever DSpace is running. You should ensure that Solr's index directories will have plenty of room to grow. You should also ensure that port 8983 is not in use by something else, or configure Solr to use a different port.
If you are looking for a good place to put Solr, consider /opt
or /usr/local
. You can simply unpack Solr in one place and use it. Or you can configure Solr to keep its indexes elsewhere, if you need to – see the Solr documentation for how to do this.
It is not necessary to dedicate a Solr instance to DSpace, if you already have one and want to use it. Simply copy DSpace's cores to a place where they will be discovered by Solr. See below.
Currently, there is a known bug in DSpace where a third-party Maven Module expects git
to be available (in order to support the ./dspace version
commandline tool). We are working on a solution within this ticket:
For the time being, you can work around this problem by installing Git locally: https://git-scm.com/downloads
Two different distributions are available for DSpace, both of which require you to build the distribution using Apache Maven 3. The steps that are required to execute the build are identical. In a nutshell, the binary release build will download pre-compiled parts of DSpace, while the building the source release will compile most of DSpace's source code on your local machine.
It's important to notice that both releases will require outgoing internet connections on the machine or server where you are executing the build, because maven needs to download 3rd party dependencies that are not even included in the DSpace source release distribution.
Before beginning an installation, it is important to get a general understanding of the DSpace directories and the names by which they are generally referred. (Please attempt to use these below directory names when asking for help on the DSpace Mailing Lists, as it will help everyone better understand what directory you may be referring to.)
DSpace uses three separate directory trees. Although you don't need to know all the details of them in order to install DSpace, you do need to know they exist and also know how they're referred to in this document:
[dspace]
. This is the location where DSpace is installed and running. It is the location that is defined in the dspace.cfg
as "dspace.dir". It is where all the DSpace configuration files, command line scripts, documentation and webapps will be installed.[dspace-source]
. This is the location where the DSpace release distribution has been unpacked. It usually has the name of the archive that you expanded such as dspace
-<version>
-release
or dspace
-<version>
-src
-release
. Normally it is the directory where all of your "build" commands will be run. [dspace]/webapps
by default. However, if you are using Tomcat, you may decide to copy your DSpace web applications from [dspace]/webapps/
to [tomcat]/webapps/
(with [tomcat]
being wherever you installed Tomcat‚ also known as $CATALINA_HOME
).[dspace-source]
and [dspace]
directories are always separate!If you ever notice that many files seems to have duplicates under [dspace-source]/dspace/target
do not worry about it. This "target" directory will be used by Maven for the build process and you should not change any file in it unless you know exactly what you are doing.
This method gets you up and running with DSpace quickly and easily. It is identical in both the Default Release and Source Release distributions.
Create the DSpace user (optional) . As noted in the prerequisites above, Tomcat (or Jetty, etc) must run as an operating system user account that has full read/write access to the DSpace installation directory (i.e. [dspace]
). Either you must ensure the Tomcat owner also owns [dspace]
, OR you can create a new "dspace" user account, and ensure that Tomcat also runs as that account:
useradd -m dspace
dspace-7.0-preview-1
) or branch. For more information on using / developing from the GitHub Repository, see: Development with GitZip file. If you downloaded dspace-7.0-preview-1.zip do the following:
unzip dspace-7.0-preview-1.zip
.gz file. If you downloaded dspace-7.0-preview-1.tar.gz do the following:
gunzip -c dspace-7.0-preview-1.tar.gz | tar -xf -
For ease of reference, we will refer to the location of this unzipped version of the DSpace release as [dspace-source] in the remainder of these instructions. After unpacking the file, the user may wish to change the ownership of the dspace-7.x folder to the "dspace" user. (And you may need to change the group).
Create a dspace
database user (this user can have any name, but we'll assume you name them "dspace"). This is entirely separate from the dspace
operating-system user created above:
createuser --username=postgres --no-superuser --pwprompt dspace
You will be prompted (twice) for a password for the new dspace
user. Then you'll be prompted for the password of the PostgreSQL superuser (postgres
).
Create a dspace
database, owned by the dspace
PostgreSQL user. Similar to the previous step, this can only be done by a "superuser" account in PostgreSQL (e.g. postgres
):
createdb --username=postgres --owner=dspace --encoding=UNICODE dspace
You will be prompted for the password of the PostgreSQL superuser (postgres
).
Finally, you MUST enable the pgcrypto extension on your new dspace database. Again, this can only be enabled by a "superuser" account (e.g. postgres
)
# Login to the database as a superuser, and enable the pgcrypto extension on this database psql --username=postgres dspace -c "CREATE EXTENSION pgcrypto;"
The "CREATE EXTENSION" command should return with no result if it succeeds. If it fails or throws an error, it is likely you are missing the required pgcrypto extension (see Database Prerequisites above).
Alternative method: How to enable pgcrypto via a separate database schema. While the above method of enabling pgcrypto is perfectly fine for the majority of users, there may be some scenarios where a database administrator would prefer to install extensions into a database schema that is separate from the DSpace tables. Developers also may wish to install pgcrypto into a separate schema if they plan to "clean" (recreate) their development database frequently. Keeping extensions in a separate schema from the DSpace tables will ensure developers would NOT have to continually re-enable the extension each time you run a "./dspace database clean
". If you wish to install pgcrypto in a separate schema here's how to do that:
# Login to the database as a superuser psql --username=postgres dspace # Create a new schema in this database named "extensions" (or whatever you want to name it) CREATE SCHEMA extensions; # Enable this extension in this new schema CREATE EXTENSION pgcrypto SCHEMA extensions; # Grant rights to call functions in the extensions schema to your dspace user GRANT USAGE ON SCHEMA extensions TO dspace; # Append "extensions" on the current session's "search_path" (if it doesn't already exist in search_path) # The "search_path" config is the list of schemas that Postgres will use SELECT set_config('search_path',current_setting('search_path') || ',extensions',false) WHERE current_setting('search_path') !~ '(^|,)extensions(,|$)'; # Verify the current session's "search_path" and make sure it's correct SHOW search_path; # Now, update the "dspace" Database to use the same "search_path" (for all future sessions) as we've set for this current session (i.e. via set_config() above) ALTER DATABASE dspace SET search_path FROM CURRENT;
Setting up DSpace to use Oracle is a bit different now. You will need still need to get a copy of the Oracle JDBC driver, but instead of copying it into a lib directory you will need to install it into your local Maven repository. (You'll need to download it first from this location: http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html.) Run the following command (all on one line):
mvn install:install-file -Dfile=ojdbc6.jar -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4.0 -Dpackaging=jar -DgeneratePom=true
You need to compile DSpace with an Oracle driver (ojdbc6.jar) corresponding to your Oracle version - update the version in [dspace-source]/pom.xml E.g.:
<dependency> <groupId>com.oracle</groupId> <artifactId>ojdbc6</artifactId> <version>11.2.0.4.0</version> </dependency>
NOTE: You will need to ensure the proper db.*
settings are specified in your local.cfg
file (see next step), as the defaults for all of these settings assuming a PostgreSQL database backend.
db.url = jdbc:oracle:thin:@host:port/SID # e.g. db.url = jdbc:oracle:thin:@//localhost:1521/xe # NOTE: in db.url, SID is the SID of your database defined in tnsnames.ora # the default Oracle port is 1521 # You may also use a full SID definition, e.g. # db.url = jdbc:oracle:thin:@(description=(address_list=(address=(protocol=TCP)(host=localhost)(port=1521)))(connect_data=(service_name=DSPACE))) # Oracle driver and dialect db.driver = oracle.jdbc.OracleDriver db.dialect = org.hibernate.dialect.Oracle10gDialect # Specify DB username, password and schema to use db.username = db.password = db.schema = ${db.username} # For Oracle, schema is equivalent to the username of your database account, # so this may be set to ${db.username} in most scenarios
Later, during the Maven build step, don't forget to specify mvn -Ddb.name=oracle package
[dspace-source]/dspace/config/local.cfg
configuration file (you may wish to simply copy the provided [dspace-source]/dspace/config/local.cfg.EXAMPLE
). This local.cfg file can be used to store any configuration changes that you wish to make which are local to your installation (see local.cfg configuration file documentation). ANY setting may be copied into this local.cfg file from the dspace.cfg or any other *.cfg file in order to override the default setting (see note below). For the initial installation of DSpace, there are some key settings you'll likely want to override, those are provided in the [dspace-source]/dspace/config/local.cfg.EXAMPLE
. (NOTE: Settings followed with an asterisk (*) are highly recommended, while all others are optional during initial installation and may be customized at a later time)dspace.dir*
- must be set to the [dspace] (installation) directory (NOTE: On Windows be sure to use forward slashes for the directory path! For example: "C:/dspace
" is a valid path for Windows.)dspace.hostname
- fully-qualified domain name of web server (or "localhost" if you just want to run DSpace locally for now)dspace.baseUrl*
- complete URL of this server's DSpace home page (including port), but without any context eg. /xmlui, /oai, etc.dspace.name
- "Proper" name of your server, e.g. "My Digital Library".solr.server
* - complete URL of the Solr server. DSpace makes use of Solr for indexing purposes. http://localhost:8983/ unless you changed the port or installed Solr on some other host.default.language -
Default language for all metadata values (defaults to "en_US")db.url* -
The full JDBC URL to your database (examples are provided in the local.cfg.EXAMPLE
)
db.driver* -
Which database driver to use, based on whether you are using PostgreSQL or Oracle
db.dialect* -
Which database dialect to use, based on whether you are using PostgreSQL or Oracledb.username
* - the database username used in the previous step.db.password
* - the database password used in the previous step.db.schema
* - the database scheme to use (examples are provided in the local.cfg.EXAMPLE)mail.server
- fully-qualified domain name of your outgoing mail server.mail.from.address
- the "From:" address to put on email sent by DSpace.mail.feedback.recipient
- mailbox for feedback mail.mail.admin
- mailbox for DSpace site administrator.mail.alert.recipient
- mailbox for server errors/alerts (not essential but very useful!)mail.registration.notify
- mailbox for emails when new users register (optional)
Your local.cfg file can override ANY settings from other *.cfg files in DSpace
The provided local.cfg.EXAMPLE
only includes a small subset of the configuration settings available with DSpace. It provides a good starting point for your own local.cfg
file.
However, you should be aware that ANY configuration can now be copied into your local.cfg
to override the default settings. This includes ANY of the settings/configurations in:
[dspace]/config/dspace.cfg
)[dspace]/config/modules/*.cfg
files)Individual settings may also be commented out or removed in your local.cfg
, in order to re-enable default settings.
See the Configuration Reference section for more details.
DSpace Directory: Create the directory for the DSpace installation (i.e. [dspace]
). As root (or a user with appropriate permissions), run:
mkdir [dspace] chown dspace [dspace]
(Assuming the dspace UNIX username.)
Build the Installation Package: As the dspace UNIX user, generate the DSpace installation package.
cd [dspace-source] mvn package
Building with Oracle Database Support
Without any extra arguments, the DSpace installation package is initialized for PostgreSQL. If you want to use Oracle instead, you should build the DSpace installation package as follows: mvn -Ddb.name=oracle package
Install DSpace: As the dspace UNIX user, install DSpace to [dspace]
:
cd [dspace-source]/dspace/target/dspace-installer ant fresh_install
To see a complete list of build targets, run: ant help
The most likely thing to go wrong here is the test of your database connection. See the Installing DSpace (OLD - to be removed)#Common Problems Section below for more details.
Decide which DSpace Web Applications you want to install. DSpace comes with a variety of web applications (in [dspace]/
webapps), each of which provides a different "interface" to your DSpace. Which ones you install is up to you, but there are a few that we highly recommend (see below):
Technique A. Tell your Tomcat/Jetty/Resin installation where to find your DSpace web application(s). As an example, in the directory [tomcat]/conf/Catalina/localhost
you could add files similar to the following (but replace [dspace]
with your installation location):
<?xml version='1.0'?> <Context docBase="[dspace]/webapps/spring-rest" reloadable="true" cachingAllowed="false"/>
<?xml version='1.0'?> <!-- CHANGE THE VALUE OF "[app]" FOR EACH APPLICATION YOU WISH TO ADD --> <Context docBase="[dspace]/webapps/[app]" reloadable="true" cachingAllowed="false"/>
The name of the file (not including the suffix ".xml") will be the name of the context, so for example spring-rest.xml
defines the context at http://host:8080/spring-rest
. To define the root context (http://host:8080/
), name that context's file ROOT.xml
.
Tomcat Context Settings in Production
The above Tomcat Context Settings show adding the following to each <Context>
element:
reloadable="true" cachingAllowed="false"
These settings are extremely useful to have when you are first getting started with DSpace, as they let you tweak the DSpace XMLUI (XSLTs or CSS) or JSPUI (JSPs) and see your changes get automatically reloaded by Tomcat (without having to restart Tomcat). However, it is worth noting that the Apache Tomcat documentation recommends Production sites leave the default values in place (reloadable="false" cachingAllowed="true"
), as allowing Tomcat to automatically reload all changes may result in "significant runtime overhead".
It is entirely up to you whether to keep these Tomcat settings in place. We just recommend beginning with them, so that you can more easily customize your site without having to require a Tomcat restart. Smaller DSpace sites may not notice any performance issues with keeping these settings in place in Production. Larger DSpace sites may wish to ensure that Tomcat performance is more streamlined.
cp -R [dspace]/webapps/* [tomcat]/webapps*
(This will copy all the web applications to Tomcat). cp -R [dspace]/webapps/spring-rest [tomcat]/webapps*
(This will copy only the "spring-rest" web application to Tomcat.)To define the root context (http://host:8080/
), name that context's directory ROOT
.
Copy Solr cores: DSpace installation creates a set of four empty Solr cores already configured. Copy them from [dspace]
/solr to the place where your Solr instance will discover them. Start (or re-start) Solr. For example:
cp -R [dspace]/solr/* [solr]/server/solr/configsets [solr]/bin/solr restart
You can check the status of Solr and your new DSpace cores by using its administrative web interface. Browse to http://localhost:8983/
to see if Solr is running well, then look at the cores by selecting (on the left) Core Admin or using the Core Selector drop list.
Administrator Account: Create an initial administrator account from the command line:
[dspace]/bin/dspace create-administrator
http://dspace.myu.edu:8080/spring-rest
http://dspace.myu.edu:8080/oai/request?verb=Identify
(Should return an XML-based response)In order to set up some communities and collections, you'll need to login as your DSpace Administrator (which you created with create-administrator
above) and access the administration UI in either the JSP or XML user interface.
The above installation steps are sufficient to set up a test server to play around with, but there are a few other steps and options you should probably consider before deploying a DSpace production site.
A few DSpace features require that a script is run regularly (via cron, or similar):
For much more information on recommended scheduled tasks, please see Scheduled Tasks via Cron.
In order to deploy a multilingual version of DSpace you have to configure two parameters in [dspace-source]/dspace/config/local.cfg
:
default.locale = en
webui.supported.locales = en, de
The Locales might have the form country, country_language, country_language_variant.
According to the languages you wish to support, you have to make sure that all the i18n related files are available. See the Configuring Multilingual Support section for the JSPUI or the Multilingual Support for XMLUI in the configuration documentation.
If your DSpace is configured to have users login with a username and password (as opposed to, say, client Web certificates), then you should consider using HTTPS. Whenever a user logs in with the Web form (e.g. dspace.myuni.edu/dspace/password-login) their DSpace password is exposed in plain text on the network. This is a very serious security risk since network traffic monitoring is very common, especially at universities. If the risk seems minor, then consider that your DSpace administrators also login this way and they have ultimate control over the archive.
The solution is to use HTTPS (HTTP over SSL, i.e. Secure Socket Layer, an encrypted transport), which protects your passwords against being captured. You can configure DSpace to require SSL on all "authenticated" transactions so it only accepts passwords on SSL connections.
The following sections show how to set up the most commonly-used Java Servlet containers to support HTTP over SSL. There are two options listed:
Loosely based on http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html.
Create a Java keystore for your server with the password changeit, and install your server certificate under the alias "tomcat". This assumes the certificate was put in the file server.pem:
$JAVA_HOME/bin/keytool -import -noprompt -v -storepass changeit -keystore $CATALINA_BASE/conf/keystore -alias tomcat -file myserver.pem
Install the CA (Certifying Authority) certificate for the CA that granted your server cert, if necessary. This assumes the server CA certificate is in ca.pem:
$JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias ServerCA -file ca.pem
Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:
$JAVA_HOME/bin/keytool -import -noprompt -storepass changeit -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias client1 -file client1.pem
Now add another Connector tag to your server.xml Tomcat configuration file, like the example below. The parts affecting or specific to SSL are shown in bold. (You may wish to change some details such as the port, pathnames, and keystore password)
<Connector port="8443" URIEncoding="UTF-8" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="conf/keystore" keystorePass="changeit" clientAuth="true" - ONLY if using client X.509 certs for authentication! truststoreFile="conf/keystore" truststorePass="changeit" />
Also, check that the default Connector is set up to redirect "secure" requests to the same port as your SSL connector, e.g.:
<Connector port="8080" minSpareThreads="25" enableLookups="false" redirectPort="8443" />
Create a new key pair under the alias name "tomcat". When generating your key, give the Distinguished Name fields the appropriate values for your server and institution. CN should be the fully-qualified domain name of your server host. Here is an example:
$JAVA_HOME/bin/keytool -genkey \ -alias tomcat \ -keyalg RSA \ -keysize 1024 \ -keystore $CATALINA_BASE/conf/keystore \ -storepass changeit \ -validity 365 \ -dname 'CN=dspace.myuni.edu, OU=MIT Libraries, O=Massachusetts Institute of Technology, L=Cambridge, S=MA, C=US'
You should be prompted for a password to protect the private key.
Since you now have a signed server certificate in your keystore you can, obviously, skip the next steps of installing a signed server certificate and the server CA's certificate.
Optional – ONLY if you need to accept client certificates for the X.509 certificate stackable authentication module See the configuration section for instructions on enabling the X.509 authentication method. Load the keystore with the CA (certifying authority) certificates for the authorities of any clients whose certificates you wish to accept. For example, assuming the client CA certificate is in client1.pem:
$JAVA_HOME/bin/keytool -import -noprompt -storepass changeit \ -trustcacerts -keystore $CATALINA_BASE/conf/keystore -alias client1 \ -file client1.pem
When using Apache 2.4.2 (and lower) in front of a DSpace webapp deployed in Tomcat, mod_proxy_ajp and possibly mod_proxy_http breaks the connection to the back end (Tomcat) prematurely leading to response mixups. This is reported as bug CVE-2012-3502 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3502 ) of Apache and fixed in Apache 2.4.3 (see http://www.apache.org/dist/httpd/CHANGES_2.4). The 2.2.x branch hasn't shown this problem only the 2.4.x branch has.
Before following these instructions, it's HIGHLY recommended to first get DSpace running in standalone Tomcat on port 8080. Once DSpace is running, you can use the below instructions to add Apache HTTP Server in front of Tomcat in order to allow DSpace to run on port 80 and optionally port 443 (for SSL).
One of the easiest routes to both running DSpace on standard ports (80 and 443) as well as using HTTPS is to install Apache HTTP Server as your primary HTTP server, and use it to forward requests to Tomcat.
In your Tomcat's server.xml
, ensure that the AJP Connector is UNCOMMENTED. Usually this runs on port 8009, but you can decide to change the port if you desire
<!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" />
sudo a2enmod proxy proxy_ajp
Create a new Virtual Host in Apache HTTP Server to represent your DSpace site. Here's a basic example of a Virtual Host responding to any port 80 requests for "my.dspace.edu":
<VirtualHost *:80> # Obviously, replace the ServerName with your DSpace site URL ServerName my.dspace.edu ## Apache HTTP Server Logging Settings - modify how you see fit ErrorLog ${APACHE_LOG_DIR}/my.dspace.edu-error.log CustomLog ${APACHE_LOG_DIR}/my.dspace.edu-access.log combined # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn # There are many more configurations available for Virtual Hosts, # see the documentation for more details # http://httpd.apache.org/docs/2.4/vhosts/ </VirtualHost>
If you want your site to also respond to SSL requests, you'll need to install and enable "mod_ssl" and create a second Virtual Host to respond to port 443 requests. An example is provided below. But much more details are available in the Apache HTTP SSL Documentation and the mod_ssl documentation
<VirtualHost *:443> # Obviously, replace the ServerName with your DSpace site URL ServerName my.dspace.edu # You can have SSL Apache logging settings here too (see the port 80 example above) # Configure your SSL Certificate (you must create one, obviously) # See the "keytool" instructions above for examples of creating this certificate # There are also many good guides on the web for generating SSL certificates for Apache SSLEngine on SSLCertificateChainFile /path/to/your/chainfile.crt SSLCertificateFile /path/to/your/public-cert.crt SSLCertificateKeyFile /path/to/your/private-key.key # More information on SSL configurations can be found in the mod_ssl documentation # http://httpd.apache.org/docs/2.4/mod/mod_ssl.html </VirtualHost>
Extra SSL Configurations for X.509 Client Certificates authentication
If you are using X.509 Client Certificates for authentication: add these configuration options to the appropriate httpd configuration file, e.g. ssl.conf, and be sure they are in force for the virtual host and namespace locations dedicated to DSpace:
## SSLVerifyClient can be "optional" or "require"
SSLVerifyClient optional
SSLVerifyDepth 10
SSLCACertificateFile /path/to/your/client-CA-certificate
SSLOptions StdEnvVars ExportCertData
In each of your Apache HTTP Virtual Hosts (see above), use "ProxyPass" configurations to configure the redirects from Apache HTTP Server to Apache Tomcat. The exact configurations depend on whether you want to redirect ALL requests to Tomcat, or just certain paths. Here's a basic example. But much more information and examples can be found in the mod_proxy documentation
# These are just examples. THEY LIKELY WILL NEED MODIFICATION. # Again, remember to add these to your EXISTING <VirtualHost> settings <VirtualHost> ... (existing settings) ... # If there's a single path you do NOT want redirected, you can use ! to ignore it # In this case any requests to "/ignored_path" will be handled by Apache HTTPD and NOT forwarded to Tomcat ProxyPass /ignored_path ! # These configurations say: By default, redirect ALL requests to port 8009 # (The port MUST match the port of your Tomcat AJP Connector. By default this usually is 8009) ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ # You may also wish to provide additional "mod_proxy" configurations, # for more examples and details see the documentation at # http://httpd.apache.org/docs/2.4/mod/mod_proxy.html </VirtualHost>
First a few facts to clear up some common misconceptions:
A Handle server runs as a separate process that receives TCP requests from other Handle servers, and issues resolution requests to a global server or servers if a Handle entered locally does not correspond to some local content. The Handle protocol is based on TCP, so it will need to be installed on a server that can send and receive TCP on port 2641.
You can either use a Handle server running on the same machine as DSpace, or you can install it on a separate machine. Installing it on the same machine is a little bit easier. If you install it on a separate machine, you can use one Handle server for more than one DSpace installation.
We recommend configuring your Handle server without a passphrase, as the current DSpace start-handle-server
scripts do not yet support startup with a passphrase.
If you choose to set a passphrase, you may need to start the Handle Server via: [dspace]\bin\dspace dsrun net.handle.server.Main [dspace]\handle-server
To configure your DSpace installation to run the handle server, run the following command:
[dspace]/bin/make-handle-config
If you are using Windows, the proper command is:
[dspace]/bin/dspace dsrun net.handle.server.SimpleSetup [dspace]/handle-server
Ensure that [dspace]/handle-server matches whatever you have in dspace.cfg for the handle.dir property. You will need to answer a series of qestions to configure the server. For the most part, you can use the default options, except you should choose to not encrypt your certificates when prompted.
Edit the resulting [dspace]/handle-server/config.dct file to include the following lines in the "server_config"clause:
|
This tells the Handle server to get information about individual Handles from the DSpace code and to disable transaction replication. If you used the make-handle-config script, these should already be set in your config.dct file.
handle.prefix
in [dspace]/config/local.cfg
from "123456789" to your assigned naming authority prefix, so that DSpace will use that prefix in assigning new Handles.Now start your handle server (as the dspace user):
[dspace]/bin/start-handle-server
If you are using Windows, there is a corresponding 'start-handle-server.bat' script:
[dspace]/bin/start-handle-server.bat
Note that since the DSpace code manages individual Handles, administrative operations such as Handle creation and modification aren't supported by DSpace's Handle server.
The option to run the Handle resolver on a separate machine is not yet available in DSpace 7 codebase. See this ticket:
The Handle server you use must be dedicated to resolve Handles from DSpace. You cannot use a Handle server that is in use with other software already. You can use CNRI's Handle Software -- all you have to do is to add to it a plugin that is provided by DSpace. The following instructions were tested with CNRI's Handle software version 9.1.0. You can do the following steps on another machine than the machine DSpace runs on, but you have to copy some files from the machine on which DSpace is installed.
README.txt
with installation instructions -- follow it./hs/
handle-9.1.0 and the directory containing the configuration of your local server is /hs/srv_1
. (We use the same paths here as CNRIs README.txt.)dspace-remote-handle-resolver-VERSION.jar
, copy it to the directory containing the CNRI software (/hs/handle-9.1.0/lib
). /hs/srv_1/logs
.Create the following two files in /hs/srv_1
.
log4j.rootCategory=INFO, A1 log4j.appender.A1=org.apache.log4j.DailyRollingFileAppender log4j.appender.A1.File=/hs/srv_1/logs/handle-plugin.log log4j.appender.A1.DatePattern= '.' yyyy-MM-dd log4j.appender.A1.layout=org.apache.log4j.PatternLayout log4j.appender.A1.layout.ConversionPattern=%d %-5p %c @ %m%n
log4j.logger.org.apache.axis.handlers.http.HTTPAuthHandler=INFO |
Change the path in the third line, if necessary.
handle-dspace-plugin.cfgdspace.handle.endpoint1 = http: //example.org/dspace/handleresolver
|
If you are using XMLUI take a look in [dspace-install]/config/dspace.cfg
, change the URL above to the value of your dspace.url
and add /handleresolver
to the end of it. If you are using JSPUI take a look in [dspace-install]/config/dspace.cfg
, change the URL above to the value of your dspace.url and add /json/hdlresolver
to the end of it. If you run more than one DSpace Installation, you may add more DSpace Endpoints. Just increase the number at the end of the key for each: endpoint2
, endpoint3
....
Edit the
file /hs/srv_1/config.dct
to include the following lines in the " server_config"
clause:
"storage_type" = "CUSTOM" "storage_class" = "org.dspace.handle.MultiRemoteDSpaceRepositoryHandlePlugin" |
/hs/handle-9.1.0/bin/hdl
:exec java ... net.handle.server.Main ...
-Dlog4j.configuration=file:///hs/srv_1/log4j-handle-plugin.properties -Ddspace.handle.plugin.configuration=/hs/srv_1/handle-dspace-plugin.cfg
" right in front of net.handle.server.Main
.Please note: The Handle Server will only start if it is able to connect to at least one running DSpace Installation. It only resolves the handles of the DSpace Installations that were running when it was started.
Instead of using the describd plugin above, you can configure a Handle server (version 8+) to resolve handles based on a template. Template handle require less configuration than the plugin, and do not require an additional download. However, there are two things to keep in mind when using template handles:
The Handle server you use must be dedicated to resolve Handles from DSpace. You cannot use a Handle server that is in use with other software already. The following instructions were tested with CNRI's Handle software version 9.1.0.
README.txt
with installation instructions. Follow the directions to install and configure your Handle server. Importantly, make sure your prefixes are set correctly in the "auto_homed_prefixes" setting.Edit the
server's config.dct
file to include the following line in the " server_config"
clause:
|
In the "namespace" section, replace "https://demo.dspace.org/jspui/handle
/
" with the url endpoint for your DSpace server. The "${handle}" part of the template will be replaced with the full handle to be resolved.
This configuration is a minimal example of how to configure template handles for DSpace. For more details about configuing template handles, see the Handle Technical Manual, Chapter 11.
If you need to update the handle prefix on items created before the CNRI registration process you can run the [dspace]/bin/dspace update-handle-prefix script. You may need to do this if you loaded items prior to CNRI registration (e.g. setting up a demonstration system prior to migrating it to production). The script takes the current and new prefix as parameters. For example:
[dspace]/bin/dspace update-handle-prefix 123456789 1303
This script will change any handles currently assigned prefix 123456789 to prefix 1303, so for example handle 123456789/23 will be updated to 1303/23 in the database.
To aid web crawlers index the content within your repository, you can make use of sitemaps. There are currently two forms of sitemaps included in DSpace: Google sitemaps and HTML sitemaps.
Sitemaps allow DSpace to expose its content without the crawlers having to index every page. HTML sitemaps provide a list of all items, collections and communities in HTML format, whilst Google sitemaps provide the same information in gzipped XML format.
To generate the sitemaps, you need to run [dspace]/bin/dspace generate-sitemaps This creates the sitemaps in [dspace]/sitemaps/
The sitemaps can be accessed from the following URLs (DSpace demo site is provided as example):
When running [dspace]/bin/dspace generate-sitemaps the script informs Google that the sitemaps have been updated. For this update to register correctly, you must first register your Google sitemap index page (/dspace/sitemap) with Google at http://www.google.com/webmasters/sitemaps/. If your DSpace server requires the use of a HTTP proxy to connect to the Internet, ensure that you have set http.proxy.host and http.proxy.port in [dspace]/config/dspace.cfg
The URL for pinging Google, and in future, other search engines, is configured in [dspace]/config/dspace.cfg using the sitemap.engineurls setting where you can provide a comma-separated list of URLs to 'ping'.
You can generate the sitemaps automatically every day using an additional cron job:
# Generate sitemaps at 6:00 am local time each day 0 6 * * * [dspace]/bin/dspace generate-sitemaps
More information on why we highly recommend enabling sitemaps can be found at Search Engine Optimization (SEO).
DSpace uses the Apache Solr application underlaying the statistics. You will need a working installation of Solr, which you can get from the Apache Software Foundation. All the necessary software is included. To understand all of the configuration property keys, the user should refer to DSpace Statistic Configuration for detailed information.
If you wish to record the geographic locations of clients in usage statistics records, you will need to install and maintain a copy of MaxMind's GeoLite database. You will also need to configure its location as the value of usage-statistics.dbfile
in config/modules/usage-statistics.cfg
.
Before it builds a pool of database connections, DSpace always tries to look up an existing, pre-configured pool in a directory service (if such a service is provided). Many web application containers supply such a service and can be configured to provide the connection pool to DSpace. If DSpace does not find a pre-configured pool, each web application will fall back to creating its own pool using the settings in local.cfg
.
There are some advantages to using an external database pool:
local.cfg
. Note: the command line tools cannot use an externally configured pool, and always use the settings in local.cfg
to build their own pool.DSpace applications will specifically look for an object named jdbc/dspace
. The name is not configurable, but is specified in config/spring/api/core-hibernate.xml
if you must know. You must configure the name of the directory object provided to your web application context(s) to match this. See below for an example in Tomcat.
First, you must make the JDBC driver for your database available to Tomcat. For example, the latest PostgreSQL JDBC driver can be downloaded from the PostgreSQL project website and placed in Tomcat's lib
directory. The exact location of this directory varies depending on your operating system and Tomcat version, but on Ubuntu 16.04 with Tomcat 7 the location would be /usr/share/tomcat7/lib
.
Then add a <Resource>
in Tomcat's server.xml
to define the pool. The pool name
here is global and can be anything you want:
<GlobalNamingResources> ... <Resource name='jdbc/instance' description='Our DSpace DBMS connection pool' type='javax.sql.DataSource' auth='Container' username='USER' password='SECRET' driverClassName='org.postgresql.Driver' url='jdbc:postgresql://dbms.example.com:5432/dspace' initialSize='5' maxTotal='50' maxIdle='15' minIdle='5' maxWaitMillis='5000' /> ... </GlobalNamingResources>
Then add a <ResourceLink> to each web application's context configuration. The name
parameter here is local to the application context, and must be jdbc/dspace
:
<Context ... <ResourceLink name='jdbc/dspace' global='jdbc/instance' type='javax.sql.DataSource' /> ... </Context>
Notice that the global
parameter in the ResourceLink
matches the name
of the global Resource
. See the JNDI Datasource HOW-TO for more information about this configuration.
Essentially installing on Windows is the same as installing on Unix so please refer back to the main Installing DSpace (OLD - to be removed)#Installation Instructions section.
The administrator needs to check the installation to make sure all components are working. Here is list of checks to be performed. In brackets after each item, it the associated component or components that might be the issue needing resolution.
In any software project of the scale of DSpace, there will be bugs. Sometimes, a stable version of DSpace includes known bugs. We do not always wait until every known bug is fixed before a release. If the software is sufficiently stable and an improvement on the previous release, and the bugs are minor and have known workarounds, we release it to enable the community to take advantage of those improvements.
The known bugs in a release are documented in the KNOWN_BUGS file in the source package.
Please see the DSpace bug tracker for further information on current bugs, and to find out if the bug has subsequently been fixed. This is also where you can report any further bugs you find.
In an ideal world everyone would follow the above steps and have a fully functioning DSpace. Of course, in the real world it doesn't always seem to work out that way. This section lists common problems that people encounter when installing DSpace, and likely causes and fixes. This is likely to grow over time as we learn about users' experiences.
ant fresh_install
: There are two common errors that occur.If your error looks like this:
[java] 2004-03-25 15:17:07,730 INFO org.dspace.storage.rdbms.InitializeDatabase @ Initializing Database [java] 2004-03-25 15:17:08,816 FATAL org.dspace.storage.rdbms.InitializeDatabase @ Caught exception: [java] org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections. [java] at org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJd bc1Connection.java:204) [java] at org.postgresql.Driver.connect(Driver.java:139)
it usually means you haven't yet added the relevant configuration parameter to your PostgreSQL configuration (see above), or perhaps you haven't restarted PostgreSQL after making the change. Also, make sure that the db.username and db.password properties are correctly set in [dspace]/config/dspace.cfg. An easy way to check that your DB is working OK over TCP/IP is to try this on the command line:
psql -U dspace -W -h localhost
Enter the dspace database password, and you should be dropped into the psql tool with a dspace=> prompt.
Another common error looks like this:
[java] 2004-03-25 16:37:16,757 INFO org.dspace.storage.rdbms.InitializeDatabase @ Initializing Database [java] 2004-03-25 16:37:17,139 WARN org.dspace.storage.rdbms.DatabaseManager @ Exception initializing DB pool [java] java.lang.ClassNotFoundException: org.postgresql.Driver [java] at java.net.URLClassLoader$1.run(URLClassLoader.java:198) [java] at java.security.AccessController.doPrivileged(Native Method) [java] at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
This means that the PostgreSQL JDBC driver is not present in [dspace]/lib. See above.
ps -ef | grep java
and look for Tomcat's Java processes. If they stay around after running Tomcat's shutdown.sh script, trying running kill
on them (or kill -9
if necessary), then starting Tomcat again.ps -ef | grep postgres
You might see some processes like this:
dspace 16325 1997 0 Feb 14 ? 0:00 postgres: dspace dspace 127.0.0.1 idle in transaction
This is normal. DSpace maintains a 'pool' of open database connections, which are re-used to avoid the overhead of constantly opening and closing connections. If they're 'idle' it's OK; they're waiting to be used.
However sometimes, if something went wrong, they might be stuck in the middle of a query, which seems to prevent other connections from operating, e.g.:
dspace 16325 1997 0 Feb 14 ? 0:00 postgres: dspace dspace 127.0.0.1 SELECT
This means the connection is in the middle of a SELECT operation, and if you're not using DSpace right that instant, it's probably a 'zombie' connection. If this is the case, try running kill
on the process, and stopping and restarting Tomcat.