Hi Mark,
thank you for the helpful reply.
I did as you mentioned, and changed ProxyPass related settings to localhost.
I also implement the same configuration for the frontend. The end result
looks like this:
<VirtualHost *:443>
ServerName https://www.my-repo.com:443
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# via mod_proxy_http
#for backend
ProxyPass /server http://localhost:8080/server
ProxyPassReverse /server http://localhost:8080/server
#for frontend
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
#required for proxy_http, to respond from http://localhost
with https://
RequestHeader set X-Forwarded-Proto https
...
</VirtualHost>
I can access the frontend via https://my-repo.com/ and my backend
via https://my-repo.com/server.
The problem that I see now has to do with the frontend. It seems to not
connect to the backend.
It shows the loading bar, and stays like this.
The local.cfg file is set like this:
dspace.server.url = https://my-repo.com:443/server
dspace.ui.url = https://my-repo.com
Furthermore, the environment.prod.ts is configured as follows:
ui:{
ssl: false,
host: 'localhost',
port: 4000,
nameSpace: '/'
},
rest:{
ssl: true,
host: 'repotest.ub.fau.de',
port: 443,
nameSpace: '/server'
}
In the Browser -> Network, I have a get request with a 404, with the
following details:
scheme
https
host
my-repo.com
filename
/main-es2015.37e9cb1fafd9d2217dee.js
Address
xxx.xx.xx.xx
Status404
Not found
VersionHTTP/1.1
Transferred443 B (0 B size)
Referrer Policystrict-origin-when-cross-origin
Cache-Control
max-age=60
Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 11 Aug 2021 11:36:00 GMT
ETag
W/"927b-A6c6GsaLYFd/J6Lq8aarXS2hZgk"
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.41 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
Express
X-RateLimit-Limit
500
X-RateLimit-Remaining
495
X-RateLimit-Reset
1628681819
Accept
*/*
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US,en;q=0.5
Cache-Control
no-cache
Connection
keep-alive
Cookie
klaro-anonymous=%7B%22authentication%22%3Atrue%2C%22preferences%22%3Atrue%2C%22acknowledgement%22%3Atrue%2C%22google-analytics%22%3Atrue%7D
Host
my-repo.com
Pragma
no-cache
Referer
https://my-repo.com/
Sec-Fetch-Dest
script
Sec-Fetch-Mode
cors
Sec-Fetch-Site
same-origin
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Firefox/91.0
For the certificates, I used the default Linux certificates.
What could be wrong with the frontend that it cant access the backend?
Maybe I should configure the Virtual Host somehow different?
Thank you
Best regards,
Valianos
Mark H. Wood schrieb am Dienstag, 10. August 2021 um 15:31:47 UTC+2:
> On Mon, Aug 09, 2021 at 08:21:01AM -0700, Steli Vali wrote:
> > I am testing DSpace 7, and I want to enable https. Unfortunately the
> > instructions online are not so detailed and I am confused.
> > I am using dspace.server.url = " http//my-repo.com:8009/server "
> instead of
> > "http://localhost:8080/server"; in the local.cfg file.
>
> 8009 is the AJP port. That's only for the proxy link between Apache
> HTTPD and Tomcat. HTTP won't work there, and you should have that port
> firewalled from end users anyway. (I have my proxy links set up on
> 'localhost' (127.0.0.1 or ::1) just to make certain that they cannot
> leak out of the server.)
>
> Try 'https://my-repo.com/server'.
>
> > I have installed the Apache2 Proxy and the additional modules, and in
> > /etc/apache2/sites-enabled, I have created a file called mySsl.conf,
> with
> > the following configuration:
> >
> > <IfModule mod_ssl.c>
> > <VirtualHost _default_:443>
> > ServerAdmin webmaster@localhost
> >
> > DocumentRoot /var/www/html
> >
> > ErrorLog ${APACHE_LOG_DIR}/error.log
> > CustomLog ${APACHE_LOG_DIR}/access.log combined
> >
> > # SSL Engine Switch:
> > # Enable/Disable SSL for this virtual host.
> > SSLEngine on
> >
> > # A self-signed (snakeoil) certificate can be created by
> > installing
> > # the ssl-cert package. See
> > # /usr/share/doc/apache2/README.Debian.gz for more info.
> > # If both key and certificate are stored in the same
> > file, only the
> > # SSLCertificateFile directive is needed.
> > SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
> > SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
> >
> > ProxyPass /server ajp://my-repo.com:8009/server
> > ProxyPassReverse /server ajp://my-repo.com:80009/server
>
> Oops! Too many zeroes. ----------------------------------------^
>
> > ...
> >
> > When I try to access the backend via https://my-repo.com:443/server, I
> get
> > an error.
>
> What error is that? Details will be helpful.
>
> --
> Mark H. Wood
> Lead Technology Analyst
>
> University Library
> Indiana University - Purdue University Indianapolis
> 755 W. Michigan Street
> Indianapolis, IN 46202
> 317-274-0749 <(317)%20274-0749>
> www.ulib.iupui.edu
>
--
All messages to this mailing list should adhere to the Code of Conduct:
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/dspace-tech/b7e54db1-33b3-4e32-aa1b-1b957628962en%40googlegroups.com.
