Turns out that I have a bigger problem than just having to reload pages. When I restart Ubuntu, Tomcat, HAL, SOLR work fine in the browser, but trying to access DSpace Frontend gives me error 503 "Service Unavailable".
/dspace-angular/config/config.prod.yml # Angular Universal server settings # NOTE: these must be 'synced' with the 'dspace.ui.url' setting in your backend's local.cfg. ui: ssl: true host: localhost port: 443 # NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript nameSpace: / <...> # The REST API server settings # NOTE: these must be 'synced' with the 'dspace.server.url' setting in your backend's local.cfg. rest: ssl: true host: mycompany.ca port: 443 # NOTE: Space is capitalized because 'namespace' is a reserved string in TypeScript nameSpace: /server -------------------------------------------------------------------------------------- /dspace-angular/dspace-ui.json { "apps": [ { "name": "dspace-ui", "cwd": "/dspace-angular", "script": "dist/server/main.js", "env": { "NODE_ENV": "production", "DSPACE_REST_SSL": "true", "DSPACE_REST_HOST": "mycompany.ca", "DSPACE_REST_PORT": "443", "DSPACE_REST_NAMESPACE": "/server" } } ] } --------------------------------------------------------------------------------------- /dspace/config/local.cfg ########################## # SERVER CONFIGURATION # ########################## # DSpace installation directory. dspace.dir=/dspace # URL of DSpace backend ('server' webapp). Include port number etc. dspace.server.url = https://mycompany.ca/server # URL of DSpace frontend (Angular UI). Include port number etc. dspace.ui.url = https://mycompany.ca # Name of the site dspace.name = My repository <...> # Solr server/webapp. solr.server = http://localhost:8983/solr --------------------------------------------------------------------------------------- /etc/apache2/sites-available <VirtualHost *:443> #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html <...> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <...> SSLEngine On SSLCertificateFile /etc/apache2/ssl/certs/wildcard_mycompany_ca.crt SSLCertificateKeyFile /etc/apache2/ssl/private/wildcard_mycompany_ca.key SSLCertificateChainFile /etc/apache2/ssl/certs/DigiCertCA.crt # Proxy all HTTPS requests to "/server" from Apache to Tomcat via AJP connector ProxyPass /server ajp://localhost:8009/server ProxyPassReverse /server ajp://localhost:8009/server <...> # Proxy all HTTPS requests from Apache to PM2 on port 4000 # NOTE that this proxy URL must match the "ui" settings in your config.prod.yml ProxyPass / http://localhost:4000/ ProxyPassReverse / http://localhost:4000/ </VirtualHost> --------------------------------------------------------------------------------------- /etc/tomcat9/server.xml <!-- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> <Connector port="8080" protocol="HTTP/1.1" minSpareThreads="25" enableLookups="false" connectionTimeout="20000" redirectPort="8443" disableUploadTimeout="true" URIEncoding="UTF-8"/> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector protocol="AJP/1.3" address="::" port="8009" redirectPort="8443" tomcatAuthentication="false" enableLookups="false" secretRequired="false" URIEncoding="UTF-8" /> --------------------------------------------------------------------------------------- Dev tools say: "GET https://mycompany.ca/ [HTTP/1.1 503 Service Unavailable 41ms]". Network tab has this: websocket?url=https%3A%2F%2Fmycompany.ca%2F&nocache=1662874542940: Request URL: wss://me.kis.v2.scr.kaspersky-labs.com/7D8B79A2-8974-4D7B-A76A-F4F29624C06BgRTf2XFqPinpC4nCnUthd68wxfoCLgSlMs5di1UJi-DmJ1Mp5c5zD2Ik7JrtlYhTxPivLp8WuTF9axm3UQhQxw/websocket?url=https%3A%2F%2Fmycompany.ca%2F&nocache=1662874542940 Request Method: GET Status Code: 101 Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Connection: Upgrade Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Mon, 04 Dec 1999 21:29:02 GMT Pragma: no-cache Sec-WebSocket-Accept: H3VEl0aWr9UdeTXDpVhdALMVJ44= Upgrade: websocket Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9,es;q=0.8,ru;q=0.7,fr;q=0.6 Cache-Control: no-cache Connection: Upgrade Host: me.kis.v2.scr.kaspersky-labs.com Origin: https://mycompany.ca Pragma: no-cache Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits Sec-WebSocket-Key: ifpMhcbVqO+kSgKTkpLtGg== Sec-WebSocket-Version: 13 Upgrade: websocket User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.27 mycompany.ca: Request URL: https://mycompany.ca/ Request Method: GET Status Code: 503 Service Unavailable Remote Address: [IP address]:443 Referrer Policy: strict-origin-when-cross-origin Connection: close Content-Length: 601 Content-Type: text/html; charset=iso-8859-1 Date: Sun, 11 Sep 2022 05:35:43 GMT Server: Apache/2.4.41 (Ubuntu) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9,es;q=0.8,ru;q=0.7,fr;q=0.6 Cache-Control: max-age=0 Connection: keep-alive Cookie: _<...> Host: mycompany.ca sec-ch-ua: "Microsoft Edge";v="105", " Not;A Brand";v="99", "Chromium";v="105" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.27 main.js?attr=<...> : Request URL: https://me.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=gRTf2XFqPinpC4nCnUthd1fRNl647BHuclZhtDL4ZyXEGIYwu_bR72lP9tAT4fKr Request Method: GET Status Code: 200 Remote Address: 185.85.13.154:443 Referrer Policy: strict-origin-when-cross-origin cache-control: no-store, no-cache, must-revalidate, max-age=0 content-length: 112656 content-type: application/x-javascript;charset=UTF-8 expires: Mon, 04 Dec 1999 21:29:02 GMT pragma: no-cache :authority: me.kis.v2.scr.kaspersky-labs.com :method: GET :path: /FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=gRTf2XFqPinpC4nCnUthd1fRNl647BHuclZhtDL4ZyXEGIYwu_bR72lP9tAT4fKr :scheme: https accept: */* accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9,es;q=0.8,ru;q=0.7,fr;q=0.6 referer: https://mycompany.ca/ sec-ch-ua: "Microsoft Edge";v="105", " Not;A Brand";v="99", "Chromium";v="105" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-dest: script sec-fetch-mode: no-cors sec-fetch-site: cross-site user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.27 --------------------------------------------------------------------------------------- Finally, pm2 logs complain about service key/certificate not found at ./config/ssl/key.pem, but I have a valid certificate from Digicert that has .crt and .key files in apache2 directory and the browser shows my site as secure. Service key not found at ./config/ssl/key.pem Certificate not found at ./config/ssl/key.pem Disabling certificate validation and proceeding with a self-signed certificate. If this is a production server, it is recommended that you configure a valid certificate instead. Error: listen EADDRINUSE: address already in use 127.0.0.1:443 at Server.setupListenHandle [as _listen2] (node:net:1432:16) at listenInCluster (node:net:1480:12) at GetAddrInfoReqWrap.doListen [as callback] (node:net:1629:7) at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:111:8) { code: 'EADDRINUSE', errno: -98, syscall: 'listen', address: '127.0.0.1', port: 443 } I am sorry for the lengthy post. I read the installation and troubleshooting instructions and various posts in this group, and then tried to get as much info as I could. All suggestions will be very much appreciated! -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/32946f66-d2b7-4b59-b059-8c4883fd1db0n%40googlegroups.com.