Hi Mark, thank you for the helpful reply. I did as you mentioned, and changed ProxyPass related settings to localhost. I also implement the same configuration for the frontend. The end result looks like this:
<VirtualHost *:443> ServerName https://www.my-repo.com:443 ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # via mod_proxy_http #for backend ProxyPass /server http://localhost:8080/server ProxyPassReverse /server http://localhost:8080/server #for frontend ProxyPass / http://localhost:4000/ ProxyPassReverse / http://localhost:4000/ #required for proxy_http, to respond from http://localhost with https:// RequestHeader set X-Forwarded-Proto https ... </VirtualHost> I can access the frontend via https://my-repo.com/ and my backend via https://my-repo.com/server. The problem that I see now has to do with the frontend. It seems to not connect to the backend. It shows the loading bar, and stays like this. The local.cfg file is set like this: dspace.server.url = https://my-repo.com:443/server dspace.ui.url = https://my-repo.com Furthermore, the environment.prod.ts is configured as follows: ui:{ ssl: false, host: 'localhost', port: 4000, nameSpace: '/' }, rest:{ ssl: true, host: 'repotest.ub.fau.de', port: 443, nameSpace: '/server' } In the Browser -> Network, I have a get request with a 404, with the following details: scheme https host my-repo.com filename /main-es2015.37e9cb1fafd9d2217dee.js Address xxx.xx.xx.xx Status404 Not found VersionHTTP/1.1 Transferred443 B (0 B size) Referrer Policystrict-origin-when-cross-origin Cache-Control max-age=60 Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Wed, 11 Aug 2021 11:36:00 GMT ETag W/"927b-A6c6GsaLYFd/J6Lq8aarXS2hZgk" Keep-Alive timeout=5, max=100 Server Apache/2.4.41 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding X-Powered-By Express X-RateLimit-Limit 500 X-RateLimit-Remaining 495 X-RateLimit-Reset 1628681819 Accept */* Accept-Encoding gzip, deflate, br Accept-Language en-US,en;q=0.5 Cache-Control no-cache Connection keep-alive Cookie klaro-anonymous=%7B%22authentication%22%3Atrue%2C%22preferences%22%3Atrue%2C%22acknowledgement%22%3Atrue%2C%22google-analytics%22%3Atrue%7D Host my-repo.com Pragma no-cache Referer https://my-repo.com/ Sec-Fetch-Dest script Sec-Fetch-Mode cors Sec-Fetch-Site same-origin User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 For the certificates, I used the default Linux certificates. What could be wrong with the frontend that it cant access the backend? Maybe I should configure the Virtual Host somehow different? Thank you Best regards, Valianos Mark H. Wood schrieb am Dienstag, 10. August 2021 um 15:31:47 UTC+2: > On Mon, Aug 09, 2021 at 08:21:01AM -0700, Steli Vali wrote: > > I am testing DSpace 7, and I want to enable https. Unfortunately the > > instructions online are not so detailed and I am confused. > > I am using dspace.server.url = " http//my-repo.com:8009/server " > instead of > > "http://localhost:8080/server" in the local.cfg file. > > 8009 is the AJP port. That's only for the proxy link between Apache > HTTPD and Tomcat. HTTP won't work there, and you should have that port > firewalled from end users anyway. (I have my proxy links set up on > 'localhost' (127.0.0.1 or ::1) just to make certain that they cannot > leak out of the server.) > > Try 'https://my-repo.com/server'. > > > I have installed the Apache2 Proxy and the additional modules, and in > > /etc/apache2/sites-enabled, I have created a file called mySsl.conf, > with > > the following configuration: > > > > <IfModule mod_ssl.c> > > <VirtualHost _default_:443> > > ServerAdmin webmaster@localhost > > > > DocumentRoot /var/www/html > > > > ErrorLog ${APACHE_LOG_DIR}/error.log > > CustomLog ${APACHE_LOG_DIR}/access.log combined > > > > # SSL Engine Switch: > > # Enable/Disable SSL for this virtual host. > > SSLEngine on > > > > # A self-signed (snakeoil) certificate can be created by > > installing > > # the ssl-cert package. See > > # /usr/share/doc/apache2/README.Debian.gz for more info. > > # If both key and certificate are stored in the same > > file, only the > > # SSLCertificateFile directive is needed. > > SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem > > SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key > > > > ProxyPass /server ajp://my-repo.com:8009/server > > ProxyPassReverse /server ajp://my-repo.com:80009/server > > Oops! Too many zeroes. ----------------------------------------^ > > > ... > > > > When I try to access the backend via https://my-repo.com:443/server, I > get > > an error. > > What error is that? Details will be helpful. > > -- > Mark H. Wood > Lead Technology Analyst > > University Library > Indiana University - Purdue University Indianapolis > 755 W. Michigan Street > Indianapolis, IN 46202 > 317-274-0749 <(317)%20274-0749> > www.ulib.iupui.edu > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/b7e54db1-33b3-4e32-aa1b-1b957628962en%40googlegroups.com.