Scribd Logo
Upload

Welcome to Scribd!

  • 135 views

    Installing DSpace 4.X On CentOS 6.6

    Uploaded by

    Godspower Inibu
    This document provides instructions for installing and configuring DSpace 4.X on CentOS 6.6. It includes steps to install Java, Maven, Ant, Tomcat, PostgreSQL, and DSpace. It also covers enabling HTTPS for Tomcat, generating an SSL certificate, and configuring LDAP authentication for DSpace.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd

    Installing DSpace 4.X On CentOS 6.6

    Uploaded by

    Godspower Inibu
    135 views11 pages
    This document provides instructions for installing and configuring DSpace 4.X on CentOS 6.6. It includes steps to install Java, Maven, Ant, Tomcat, PostgreSQL, and DSpace. It also covers enabling HTTPS for Tomcat, generating an SSL certificate, and configuring LDAP authentication for DSpace.

    Original Description:

    E-library installation

    Original Title

    Installing DSpace 4.X on CentOS 6.6

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for installing and configuring DSpace 4.X on CentOS 6.6. It includes steps to install Java, Maven, Ant, Tomcat, PostgreSQL, and DSpace. It also covers enabling HTTPS for Tomcat, generating an SSL certificate, and configuring LDAP authentication for DSpace.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    135 views11 pages

    Installing DSpace 4.X On CentOS 6.6

    Uploaded by

    Godspower Inibu
    This document provides instructions for installing and configuring DSpace 4.X on CentOS 6.6. It includes steps to install Java, Maven, Ant, Tomcat, PostgreSQL, and DSpace. It also covers enabling HTTPS for Tomcat, generating an SSL certificate, and configuring LDAP authentication for DSpace.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    of 11

    Installing DSpace 4.X on CentOS 6.

    JDK 7

    Download jdk7 rpm from oracle to /opt

    Then run the rpm command:


    rpm -Uvh jdk-7u79-linux-x64.rpm

    MAVEN

    Download the latest version of binary of maven from:


    http://maven.apache.org/download.cgi

    e.g. if you download to /opt,


    cd /opt
    tar -zxvf apache-maven-3.3.9-bin.tar.gz

    Rename the directory apache-maven-3.3.9 to maven


    mv apache-maven-3.3.9 maven

    Make a symlink to maven/bin folder as shown below.

    ln -s /opt/maven/bin/mvn /usr/bin/mvn

    Create and add the following to /etc/profile.d/maven.sh


    #!/bin/bash
    export M2_HOME=/opt/maven
    export M2=$M2_HOME/bin
    export MAVEN_OPTS="-Xms1g -Xmx2g"
    export JAVA_HOME=/usr/java/jdk1.7.0_79/
    PATH=$PATH:$HOME/bin:$M2:$JAVA_HOME:/bin
    export PATH

    Make sure that the file is executable:


    chmod +x /etc/profile.d/maven.sh

    Reload the environment variables:


    source /etc/profile.d/maven.sh

    Check whether the installation is correct by running the command:


    mvn –version
    ANT

    Download and extract the latest version of Ant from:


    http://ant.apache.org/bindownload.cgi

    Rename the directory apache-ant-1.9.6 to ant


    mv apache-ant-1.9.6 ant

    Create a symbolic link as follows:


    ln -s /opt/ant/bin/ant /usr/bin/ant

    Create a file called ant.sh under profile.d


    vim /etc/profile.d/ant.sh

    Add the following contents:


    #!/bin/bash
    ANT_HOME=/opt/ant
    PATH=$ANT_HOME/bin:$PATH
    export PATH ANT_HOME
    export CLASSPATH=.

    Make the file executable:


    chmod +x /etc/profile.d/ant.sh

    Set the environment variables permanently:


    source /etc/profile.d/ant.sh

    Check whether installation of Ant is performed correctly:


    ant –version

    TOMCAT

    Download and extract Tomcat 8.0 to /opt from:


    http://tomcat.apache.org/download-80.cgi

    Create a file under /etc/profile.d/tomcat.sh and add the following contents:


    #!/bin/bash
    CATALINA_HOME=/opt/apache-tomcat-8.0.15
    PATH=$CATALINA_HOME/bin:$PATH
    TOMCAT_USER=dspace
    JAVA_OPTS="-Xmx2G -Xms1G -Dfile.encoding=UTF-8"
    export PATH CATALINA_HOME
    export CLASSPATH=.
    export JAVA_OPTS
    export TERM=xterm

    Make the file executable and update environment variables.


    chmod +x /etc/profile.d/tomcat.sh
    source /etc/profile.d/tomcat.sh

    Make some tomcat files executable.


    chmod +x $CATALINA_HOME/bin/startup.sh
    chmod +x $CATALINA_HOME/bin/shutdown.sh
    chmod +x $CATALINA_HOME/bin/catalina.sh

    Allow port 8080 through the firewall by adding the following line:
    iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

    Now that we have all the configuration in, we can list the rules to see if anything is missing.
    iptables -L

    Then save settings


    iptables-save | sudo tee /etc/sysconfig/iptables

    Restart iptables service.


    service iptables restart

    Note: To flush the filter use the following command


    iptables -F

    Create a user called dspace that will run tomcat:


    useradd dspace

    Set password of dspace:


    passwd dspace

    Change owner of every file that is part of tomcat to dspace


    chown -R dspace:dspace /opt/apache-tomcat-8.0.17

    Create a startup and shutdown script for tomcat:


    vim /etc/init.d/tomcat

    Add the following contents, changing JAVA_HOME and CATALINA_HOME appropriately:


    #!/bin/sh
    # chkconfig: 2345 80 20
    # Description: Tomcat Start/Shutdown script
    export JAVA_HOME=/usr/java/jdk1.7.0_71/
    export USER=dspace
    export CATALINA_HOME=/opt/apache-tomcat-8.0.15
    case $1 in
    start)
    su ${USER} -c "${CATALINA_HOME}/bin/startup.sh"
    ;;
    stop)
    su ${USER} -c "${CATALINA_HOME}/bin/shutdown.sh"
    ;;
    restart)
    su ${USER} -c "${CATALINA_HOME}/bin/shutdown.sh"
    su ${USER} -c "${CATALINA_HOME}/bin/startup.sh"
    ;;
    esac
    exit 0

    Make tomcat startup script executable:


    chmod +x /etc/init.d/tomcat

    Make tomcat start upon starting the system


    chkconfig --add tomcat
    chkconfig tomcat on

    Edit the file $CATALINA_HOME/conf/server.xml and add the following attribute to


    the Connector element:
    URIEncoding="UTF-8"

    It should now look something like this:


    <Connector port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    redirectPort="8443"
    URIEncoding="UTF-8"/>

    Edit the file $CATALINA_HOME/conf/tomcat-users.xml and add the following line


    <user username="admin" password="admin" roles="manager-gui,manager-
    script,manager-jmx,manager-status,admin-gui,admin-script"/>
    POSTGRESQL

    Run the following commands to install postgresql


    yum install postgresql-server

    Run the following post-installation commands


    service postgresql-9.4 initdb
    chkconfig postgresql-9.4 on
    service postgresql-9.4 start

    Edit the file /var/lib/pgsql/9.4/data/postgresql.conf


    and uncomment the line:
    listen_addresses = 'localhost'

    Edit the file /var/lib/pgsql/9.4/data/pg_hba.conf and add this line before any
    uncommented lines:
    host dspace dspace 127.0.0.1/32 md5

    Restart postgresql server:


    service postgresql-9.4 restart

    DSPACE

    Download and extract the latest version of DSpace from


    http://sourceforge.net/projects/dspace/

    Change user to postgres


    su - postgres

    Setup the dspace user


    createuser --no-superuser --pwprompt dspace
    Shall the new role be allowed to create databases? (y/n) y
    Shall the new role be allowed to create more new roles? (y/n) y

    Setup the dspace database


    createdb --owner=dspace --encoding=UNICODE dspace

    Go back to being root


    exit

    Change the following lines in /opt/dspace-4.2-src-release/build.properties


    solr.server=https://localhost/solr
    db.password=yourpassword in database creation step

    Create the dspace installation directory:


    mkdir /dspace
    chown dspace:dspace /dspace

    Change user to DSpace:


    su - dspace

    Run Maven to download and install packages:


    cd /opt/dspace-4.2-src-release/dspace
    mvn package

    Install DSpace and initialize database:


    cd /opt/dspace-4.2-src-release/dspace/target/dspace-4.2-build
    ant fresh_install

    Deploy web applications:

    Create the file $CATALINA_HOME/conf/Catalina/localhost/ROOT.xml and add the following:


    <?xml version='1.0'?>
    <Context
    docBase="/dspace/webapps/jspui"
    reloadable="true"/>

    Create the file $CATALINA_HOME/conf/Catalina/localhost/xmlui.xml and add the


    following:
    <?xml version='1.0'?>
    <Context
    docBase="/dspace/webapps/xmlui"
    reloadable="true"/>
    Create the file $CATALINA_HOME/conf/Catalina/localhost/jspui.xml and add the
    following:
    <?xml version='1.0'?>
    <Context
    docBase="/dspace/webapps/jspui"
    reloadable="true"/>

    Create the file $CATALINA_HOME/conf/Catalina/localhost/oai.xml and add the following:


    <?xml version='1.0'?>
    <Context
    docBase="/dspace/webapps/oai"
    reloadable="true"/>

    Create an initial administrator account:


    /dspace/bin/dspace create-administrator

    Check your installation by going to


    http://localhost:8080

    RUNNING TOMCAT ON HTTPS

    The following steps detail how to run Tomcat over HTTPS and have its HTTP pages redirected
    to HTTPS.

    AUTHBIND

    Download authbind from


    http://ftp.debian.org/debian/pool/main/a/authbind/authbind_2.1.1.tar.gz

    Get a few more packages:


    yum install gcc

    Extract, change to its directory and then run the commands:


    make
    make install

    Configure a few ports for authbind:


    touch /etc/authbind/byport/80
    chmod 500 /etc/authbind/byport/80
    chown dspace:dspace /etc/authbind/byport/80
    touch /etc/authbind/byport/443
    chmod 500 /etc/authbind/byport/443
    chown dspace:dspace /etc/authbind/byport/443

    MODIFY APACHE AGAIN

    Create $CATALINA_HOME/bin/setenv.sh and put the following:


    CATALINA_OPTS="-Djava.net.preferIPv4Stack=true -Xms2048m -Xmx4096m
    -XX:MaxPermSize=256m"

    Change the owner and permissions:


    chown dspace:dspace $CATALINA_HOME/bin/setenv.sh
    chmod 755 $CATALINA_HOME/bin/setenv.sh

    Change the last line of $CATALINA_HOME/bin/startup.sh to


    exec /usr/local/bin/authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"

    INSTALLING SSL OVER TOMCAT

    Run the keystore generation command under the dspace user:


    su - dspace
    cd
    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
    What is your first and last name?
    [Unknown]: localhost
    .
    .
    .
    exit

    Change the following tag in $CATALINA_HOME/conf/server.xml:


    <Connector port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    redirectPort="8443"
    URIEncoding="UTF-8"/>

    to
    <Connector port="80" enableLookups="false"
    redirectPort="443" />

    In the same file, change the following tag:


    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    />

    to
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="${user.home}/.keystore" keystorePass="yourpasswordjustnow"
    />

    Add the following tag before the closing </webapp> in $CATALINA_HOME/conf/web.xml


    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Protected Context</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!-- auth-constraint goes here if you requre authentication -->
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>

    Restart tomcat.

    Download and install your self-signed certificate into JDK.


    echo -n | openssl s_client -connect localhost:443 | sed -ne '/-BEGIN
    CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/localhost.cer
    sudo $JAVA_HOME/bin/keytool -import -alias "tomcat" -file /tmp/localhost.cer
    -keystore $JAVA_HOME/jre/lib/security/cacerts
    Enter keystore password: changeit
    Trust this certificate? [no]: yes

    Restart tomcat again.

    LDAP AUTHENTICATION

    Edit /dspace/config/modules/authentication.cfg and change the line from


    plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
    org.dspace.authenticate.PasswordAuthentication

    to
    plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
    org.dspace.authenticate.LDAPAuthentication

    Edit /dspace/config/modules/authentication-ldap.cfg and change the lines to


    enable = true

    and add the following line:


    provider_url = ldaps://yourhostname:636/

    Modify /opt/dspace-4.2-src-release/dspace-jspui/src/main/webapp/layout/navbar-
    default.jsp and change line 120 to

    <fmt:param><%= user.getNetid() %></fmt:param>

    Open /opt/dspace-4.2-src-release/dspace-
    api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java and comment
    the line starting from
    SpeakerToLDAP ldap = new SpeakerToLDAP(log);
    // Get the DN of the user
    boolean anonymousSearch =
    ConfigurationManager.getBooleanProperty("authentication-ldap",
    "search.anonymous");
    .
    .
    .

    and ending with

    finally
    {
    context.setIgnoreAuthorization(false);
    }
    }
    }
    }*/
    return BAD_ARGS;
    Above the commented code block, add the following code:

    // Try login locally first


    if (eperson.checkPassword(password))
    {
    context.setCurrentUser(eperson);
    return SUCCESS;
    }
    String ldap_provider_url = ConfigurationManager.getProperty("authentication-
    ldap", "provider_url");
    Hashtable env = new Hashtable();
    env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url);
    env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "Simple");
    env.put(javax.naming.Context.SECURITY_CREDENTIALS, password);
    env.put(javax.naming.Context.SECURITY_PRINCIPAL, "firstdomain\\" + netid);
    try {
    DirContext ctx = new InitialDirContext(env);
    context.setCurrentUser(eperson);
    return SUCCESS;
    } catch (Exception exp) {
    try {
    env.put(javax.naming.Context.SECURITY_PRINCIPAL, "seconddomain\\" + netid);
    DirContext ctx = new InitialDirContext(env);
    context.setCurrentUser(eperson);
    return SUCCESS;
    } catch (Exception exp1) {
    log.error("LDAP Login failure", exp1);
    return BAD_CREDENTIALS;
    }
    }
    Recompile DSpace.

    Rebuild packages
    su - dspace
    cd /opt/dspace-4.2-src-release
    mvn package

    Copy the rebuilt packages


    cd /opt/dspace-4.2-src-release/dspace/target/dspace-4.2-build
    ant update

    Restart tomcat
    exit
    service tomcat restart

    You might also like