This guideline was prepared and tested for Ubuntu Server 24.04 LTS and DSpace 7.4/8.0 (backend,frontend).
The author is Matus Formanek, PhD. - a researcher (Assistent Professor) in the Department of
Mediamatics and Cultural Heritage, Faculty of Humanities, University of Zilina, Slovakia.
If you have any comments or questions, do not hesitate to contact me at:
e-mail: matus.formanek@fhv.uniza.sk
I would like to express my special thanks to Mohammad S. AlMutairi who kindly helped me with many issues in this matter!
Important note: If you want to run your DSpace 7/8 on own domain-name, you have to enable HTTPS on the backend - otherwise you won't be able to log in with your login. Login of all users (including admin) will not work.
Follow these numbered steps:
1. At first, check, if your DSpace is working properly (Solr, tomcat,..). This guideline expects that you are running your DSpace (backend + frontend on the same server)
on local IP address and that the system works fine without any errors.
a) check your angular-based frontend. It runs usually on port 4000 by default: http://yourIP:4000
b) check your backend/REST API. It runs usually on port 8080 (due to Tomcat) by default: http://yourip:8080/server
Every side must work properly on specified port.
----------------------------------------------------
2. Obrain/register your domain name (DNS). The instructions can only be followed if you have a domain name for your server, for example myrepository.domain.com
----------------------------------------------------
3. Install Apache2 (needed service for proxy).
sudo apt-get install apache2
----------------------------------------------------
4. Enable/Allow ports for HTTPS/HTTP in your firewall. I recommend to use UFW in Ubuntu. Enable ports 443,80 in UFW.
sudo ufw app list
sudo ufw allow "Apache Full"
sudo ufw allow "OpenSSH"
sudo ufw enable
sudo ufw status
Consider the restriction of access to ssh port (22) only from the internal network (LAN).
-----------------------------------------------------
5. Verify if Apache works properly on port 80
Try to open http://yourIP (port 80)
-----------------------------------------------------
6. Enable these mods in Apache2:
sudo a2enmod proxy_http ssl headers
Do not forget to activate them by:
sudo systemctl restart apache2
-----------------------------------------------------
7. Use Certbot to get & install an SSL certificate for your domain. (follow steps at: https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal).
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache (After execute this last command, the setup will ask you for your domain name what you need a SSL for. A DNS record must be available for that domain name)
If you want to use another way how to obtain your SSL certificate, you can - of course. You only need to know the path to the cert.
You can use Certbot only to generate your cert:
sudo apt install certbot -y
sudo certbot certonly -n --standalone -d yourDomain --agree-tos --email yourEmailAddress
sudo systemctl status certbot.timer
-----------------------------------------------------
8. Verify, if your Apache2's default web page is accessible (through port 443) from your browser at: https://yourdomain
If doesn’t work, try to resolve this problem. It is important that Apache works fine under https.
Restart Apache if needed.
-----------------------------------------------------
9. Remove old apache virtual host config files enabled in apache2
#open directory
cd /etc/apache2/sites-enabled/
#list old configs
ls
#remove them one by one carefully (X - the filename)
sudo rm X.conf
-----------------------------------------------------
10. create a blank config file for your new DSpace site:
vim /etc/apache2/sites-available/dspace.conf
-----------------------------------------------------
11. Insert the following code to dspace.conf.
Edit and customize your dspace.conf file. Use your own domain name instead my "repozitar.fhv.uniza.sk" in the example below.
Do not forget to change the used paths for SSL certificates /etc/letsencrypt/live/DOMAIN XYZ/...:
ServerName repozitar.fhv.uniza.sk
#automatic redirection from http to https
Redirect / https://repozitar.fhv.uniza.sk
ServerName repozitar.fhv.uniza.sk
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/repozitar.fhv.uniza.sk.error.log
CustomLog ${APACHE_LOG_DIR}/repozitar.fhv.uniza.sk.access.log combined
ProxyRequests on
SSLEngine on
SSLProxyEngine on
#check and insert here the correct paths to your domain certs:
#If you used Certbot to install certs, the certs paths are shown here:
SSLCertificateFile /etc/letsencrypt/live/repozitar.fhv.uniza.sk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/repozitar.fhv.uniza.sk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/repozitar.fhv.uniza.sk/chain.pem
SSLCompression off
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Host repozitar.fhv.uniza.sk
AddDefaultCharset Off
Require all granted
# PROXY for backend. Keep only localhost here! not insert your domain name!
ProxyPass /server http://localhost:8080/server
ProxyPassReverse /server http://localhost:8080/server
# PROXY for frontend. Keep only localhost here! not insert your domain name!
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
--------------------------------------------------------
12. Enable your site in Apache2 and restart Apache2:
sudo a2ensite dspace.conf
sudo service apache2 restart
If any error occurs, try to resolve it. You cannot continue in the steps if apache2 is not working properly.
--------------------------------------------------------
13. Edit the DSpace backend settings (usually local.cfg file located in dspace-backend/REST home directory):
sudo vim /dspace/config/local.cfg
change only the following keys:
dspace.server.url = https://yourdomain/server
#(e.g. now without port 8080!)
dspace.ui.url = https://yourdomain
#(e.g. now without port 4000!)
#do not forget to use https instead http
--------------------------------------------------------
14. Restart Tomcat
sudo service tomcat9 restart
--------------------------------------------------------
15. Try to access to your REST API (backend) - if it works
open https://yourdomain/server in your browser
Your request should be redirected automatically on the background.
--------------------------------------------------------
16. I suppose, you have created (during the installation process of Dspace) the frontend production config file - as a copy of [dspace-angular]/config/config.example.yml.
It should be called "config.prod.yml".
Edit this "config.prod.yml" by sudo vim [dspace-angular]/config/config.prod.yml
ui:
ssl: false
host: localhost
port: 4000
#...keep localhost and port 4000 here. Requests will be proxied through Apache.
change the following keys related to REST:
rest:
ssl: true
#we use HTTPS now
host: repozitar.fhv.uniza.sk
#insert your own domain name without "https".
port: 443
#we use HTTPs now - instead 8080
nameSpace: /server
---------------------------------------------------------
17. (If it is used,) edit and correct the values in JSON file usually used to start DSpace frontend!
vim /home/dspace/dspace-angular-dspace-7.4/dspace-ui.json (Remember ,the absolute path may be different!)
Replace the IP with your domain name and enable SSL (port 443)!
Example with correctly changed values:
{
"apps": [
{
"name": "dspace-ui",
"cwd": "/home/dspace/dspace-angular-dspace-7.4/",
"script": "dist/server/main.js",
"env": {
"NODE_ENV": "production",
"DSPACE_REST_SSL": "true",
"DSPACE_REST_HOST": "repozitar.fhv.uniza.sk",
"DSPACE_REST_PORT": "443",
"DSPACE_REST_NAMESPACE": "/server"
}
}
]
}
-----------------------------------------------------------
18. (If it is used,),restart frontend via pm2:
stop frontend if needed: pm2 stop /home/dspace/dspace-angular-dspace-7.4/dspace-ui.json
then start it again by:
pm2 start /home/dspace/dspace-angular-dspace-7.4/dspace-ui.json
-----------------------------------------------------------
19. your Dspace is now available at https://yourdomain
Just try it and enjoy!