On Thu, Apr 9, 2015 at 5:10 PM, Chris Gray <cpg...@uwaterloo.ca> wrote:
> We're using DSpace 5.1 and when we turn on SSL as per the instructions
> in the installation documentation then browsing and RSS feeds break.
>
> Looking at the localhost access logs it looks like requests to solr on
> 127.0.0.1 return a 302 status rather than 200.
>
If you're forcing HTTPS and redirects are causing problems, why don't you
configure DSpace to talk to Solr via HTTPS?
server=https://localhost:8080/solr/statistics in [dspace]/config/modules/
solr-statistics.cfg.
solr.url=https://localhost:8080/solr/oai in [dspace]/config/modules/oai.cfg
and
search.server=https://localhost:8080/solr/search in [dspace]/config/modules/
discovery.cfg
All of these can be changed at once at build time by changing
solr.server=https://localhost:8080/solr in [dspace-source]/build.properties
> Using wget from the command line I'm told I need to add the
> --no-check-certificate parameter.
>
All works as expected here, tools like wget and curl want you to explicitly
acknowledge that you want to skip certificate chain validation. If you're
using these often, make an alias:
alias wget='wget --no-check-certificate'
> Is there a way to have tomcat7 force 8080 traffic to 8443 only for the
> hostname and public IP address and not for localhost and 127.0.0.1?
>
I just did some research and I don't think Tomcat can do this on its own.
1) You can only have a single <Server> in configuration per Tomcat instance
as it's the application (Tomcat) as a whole which binds to an IP/port
2) <Host> isn't helpful here, either
3) you can't <Connector> (which forces the redirect) twice with the same
port number
Since you're using 8080, this probably means you're running a web server as
a frontend to Tomcat, you could take care of it there as Stuart suggests.
Another solution would be to have another Connector on another port number
which doesn't force the redirect to HTTPS. While you can't disallow
non-localhost access to this in Tomcat (due to 1) above), you could
restrict it using iptables or other methods.
Regards,
~~helix84
Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
