Turns out that I have a bigger problem than just having to reload pages.
When I restart Ubuntu, Tomcat, HAL, SOLR work fine in the browser, but
trying to access DSpace Frontend gives me error 503 "Service Unavailable".
/dspace-angular/config/config.prod.yml
# Angular Universal server settings
# NOTE: these must be 'synced' with the 'dspace.ui.url' setting in your
backend's local.cfg.
ui:
ssl: true
host: localhost
port: 443
# NOTE: Space is capitalized because 'namespace' is a reserved string in
TypeScript
nameSpace: /
<...>
# The REST API server settings
# NOTE: these must be 'synced' with the 'dspace.server.url' setting in your
backend's local.cfg.
rest:
ssl: true
host: mycompany.ca
port: 443
# NOTE: Space is capitalized because 'namespace' is a reserved string in
TypeScript
nameSpace: /server
--------------------------------------------------------------------------------------
/dspace-angular/dspace-ui.json
{
"apps": [
{
"name": "dspace-ui",
"cwd": "/dspace-angular",
"script": "dist/server/main.js",
"env": {
"NODE_ENV": "production",
"DSPACE_REST_SSL": "true",
"DSPACE_REST_HOST": "mycompany.ca",
"DSPACE_REST_PORT": "443",
"DSPACE_REST_NAMESPACE": "/server"
}
}
]
}
---------------------------------------------------------------------------------------
/dspace/config/local.cfg
##########################
# SERVER CONFIGURATION #
##########################
# DSpace installation directory.
dspace.dir=/dspace
# URL of DSpace backend ('server' webapp). Include port number etc.
dspace.server.url = https://mycompany.ca/server
# URL of DSpace frontend (Angular UI). Include port number etc.
dspace.ui.url = https://mycompany.ca
# Name of the site
dspace.name = My repository
<...>
# Solr server/webapp.
solr.server = http://localhost:8983/solr
---------------------------------------------------------------------------------------
/etc/apache2/sites-available
<VirtualHost *:443>
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<...>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<...>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certs/wildcard_mycompany_ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/private/wildcard_mycompany_ca.key
SSLCertificateChainFile /etc/apache2/ssl/certs/DigiCertCA.crt
# Proxy all HTTPS requests to "/server" from Apache to Tomcat via AJP
connector
ProxyPass /server ajp://localhost:8009/server
ProxyPassReverse /server ajp://localhost:8009/server
<...>
# Proxy all HTTPS requests from Apache to PM2 on port 4000
# NOTE that this proxy URL must match the "ui" settings in your
config.prod.yml
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
</VirtualHost>
---------------------------------------------------------------------------------------
/etc/tomcat9/server.xml
<!-- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" protocol="HTTP/1.1"
minSpareThreads="25"
enableLookups="false"
connectionTimeout="20000"
redirectPort="8443"
disableUploadTimeout="true"
URIEncoding="UTF-8"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3"
address="::"
port="8009"
redirectPort="8443"
tomcatAuthentication="false"
enableLookups="false"
secretRequired="false"
URIEncoding="UTF-8" />
---------------------------------------------------------------------------------------
Dev tools say: "GET https://mycompany.ca/ [HTTP/1.1 503 Service
Unavailable 41ms]". Network tab has this:
websocket?url=https%3A%2F%2Fmycompany.ca%2F&nocache=1662874542940:
Request URL:
wss://me.kis.v2.scr.kaspersky-labs.com/7D8B79A2-8974-4D7B-A76A-F4F29624C06BgRTf2XFqPinpC4nCnUthd68wxfoCLgSlMs5di1UJi-DmJ1Mp5c5zD2Ik7JrtlYhTxPivLp8WuTF9axm3UQhQxw/websocket?url=https%3A%2F%2Fmycompany.ca%2F&nocache=1662874542940
Request Method: GET
Status Code: 101
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: Upgrade
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Mon, 04 Dec 1999 21:29:02 GMT
Pragma: no-cache
Sec-WebSocket-Accept: H3VEl0aWr9UdeTXDpVhdALMVJ44=
Upgrade: websocket
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8,ru;q=0.7,fr;q=0.6
Cache-Control: no-cache
Connection: Upgrade
Host: me.kis.v2.scr.kaspersky-labs.com
Origin: https://mycompany.ca
Pragma: no-cache
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Key: ifpMhcbVqO+kSgKTkpLtGg==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.27
mycompany.ca:
Request URL: https://mycompany.ca/
Request Method: GET
Status Code: 503 Service Unavailable
Remote Address: [IP address]:443
Referrer Policy: strict-origin-when-cross-origin
Connection: close
Content-Length: 601
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 11 Sep 2022 05:35:43 GMT
Server: Apache/2.4.41 (Ubuntu)
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,es;q=0.8,ru;q=0.7,fr;q=0.6
Cache-Control: max-age=0
Connection: keep-alive
Cookie: _<...>
Host: mycompany.ca
sec-ch-ua: "Microsoft Edge";v="105", " Not;A Brand";v="99",
"Chromium";v="105"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.27
main.js?attr=<...> :
Request URL:
https://me.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=gRTf2XFqPinpC4nCnUthd1fRNl647BHuclZhtDL4ZyXEGIYwu_bR72lP9tAT4fKr
Request Method: GET
Status Code: 200
Remote Address: 185.85.13.154:443
Referrer Policy: strict-origin-when-cross-origin
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-length: 112656
content-type: application/x-javascript;charset=UTF-8
expires: Mon, 04 Dec 1999 21:29:02 GMT
pragma: no-cache
:authority: me.kis.v2.scr.kaspersky-labs.com
:method: GET
:path:
/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=gRTf2XFqPinpC4nCnUthd1fRNl647BHuclZhtDL4ZyXEGIYwu_bR72lP9tAT4fKr
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,es;q=0.8,ru;q=0.7,fr;q=0.6
referer: https://mycompany.ca/
sec-ch-ua: "Microsoft Edge";v="105", " Not;A Brand";v="99",
"Chromium";v="105"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.27
---------------------------------------------------------------------------------------
Finally, pm2 logs complain about service key/certificate not found at
./config/ssl/key.pem, but I have a valid certificate from Digicert that has
.crt and .key files in apache2 directory and the browser shows my site as
secure.
Service key not found at ./config/ssl/key.pem
Certificate not found at ./config/ssl/key.pem
Disabling certificate validation and proceeding with a self-signed
certificate. If this is a production server, it is recommended that you
configure a valid certificate instead.
Error: listen EADDRINUSE: address already in use 127.0.0.1:443
at Server.setupListenHandle [as _listen2] (node:net:1432:16)
at listenInCluster (node:net:1480:12)
at GetAddrInfoReqWrap.doListen [as callback] (node:net:1629:7)
at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:111:8) {
code: 'EADDRINUSE',
errno: -98,
syscall: 'listen',
address: '127.0.0.1',
port: 443
}
I am sorry for the lengthy post. I read the installation and
troubleshooting instructions and various posts in this group, and then
tried to get as much info as I could. All suggestions will be very much
appreciated!
--
All messages to this mailing list should adhere to the Code of Conduct:
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/dspace-tech/32946f66-d2b7-4b59-b059-8c4883fd1db0n%40googlegroups.com.
