Installing DSpace 4.X on CentOS 6.

JDK 7

Download jdk7 rpm from oracle to /opt

Then run the rpm command:

rpm -Uvh jdk-7u79-linux-x64.rpm

MAVEN

Download the latest version of binary of maven from:

http://maven.apache.org/download.cgi

e.g. if you download to /opt,

cd /opt
tar -zxvf apache-maven-3.3.9-bin.tar.gz

Rename the directory apache-maven-3.3.9 to maven

mv apache-maven-3.3.9 maven

Make a symlink to maven/bin folder as shown below.

ln -s /opt/maven/bin/mvn /usr/bin/mvn

Create and add the following to /etc/profile.d/maven.sh

#!/bin/bash
export M2_HOME=/opt/maven
export M2=$M2_HOME/bin
export MAVEN_OPTS="-Xms1g -Xmx2g"
export JAVA_HOME=/usr/java/jdk1.7.0_79/
PATH=$PATH:$HOME/bin:$M2:$JAVA_HOME:/bin
export PATH

Make sure that the file is executable:

chmod +x /etc/profile.d/maven.sh

Reload the environment variables:

source /etc/profile.d/maven.sh

Check whether the installation is correct by running the command:

mvn –version
ANT

Download and extract the latest version of Ant from:

http://ant.apache.org/bindownload.cgi

Rename the directory apache-ant-1.9.6 to ant

mv apache-ant-1.9.6 ant

Create a symbolic link as follows:

ln -s /opt/ant/bin/ant /usr/bin/ant

Create a file called ant.sh under profile.d

vim /etc/profile.d/ant.sh

Add the following contents:

#!/bin/bash
ANT_HOME=/opt/ant
PATH=$ANT_HOME/bin:$PATH
export PATH ANT_HOME
export CLASSPATH=.

Make the file executable:

chmod +x /etc/profile.d/ant.sh

Set the environment variables permanently:

source /etc/profile.d/ant.sh

Check whether installation of Ant is performed correctly:

ant –version

TOMCAT

Download and extract Tomcat 8.0 to /opt from:

http://tomcat.apache.org/download-80.cgi

Create a file under /etc/profile.d/tomcat.sh and add the following contents:

#!/bin/bash
CATALINA_HOME=/opt/apache-tomcat-8.0.15
PATH=$CATALINA_HOME/bin:$PATH
TOMCAT_USER=dspace
JAVA_OPTS="-Xmx2G -Xms1G -Dfile.encoding=UTF-8"
export PATH CATALINA_HOME
export CLASSPATH=.
export JAVA_OPTS
export TERM=xterm

Make the file executable and update environment variables.

chmod +x /etc/profile.d/tomcat.sh
source /etc/profile.d/tomcat.sh

Make some tomcat files executable.

chmod +x $CATALINA_HOME/bin/startup.sh
chmod +x $CATALINA_HOME/bin/shutdown.sh
chmod +x $CATALINA_HOME/bin/catalina.sh

Allow port 8080 through the firewall by adding the following line:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

Now that we have all the configuration in, we can list the rules to see if anything is missing.
iptables -L

Then save settings

iptables-save | sudo tee /etc/sysconfig/iptables

Restart iptables service.

service iptables restart

Note: To flush the filter use the following command

iptables -F

Create a user called dspace that will run tomcat:

useradd dspace

Set password of dspace:

passwd dspace

Change owner of every file that is part of tomcat to dspace

chown -R dspace:dspace /opt/apache-tomcat-8.0.17

Create a startup and shutdown script for tomcat:

vim /etc/init.d/tomcat

Add the following contents, changing JAVA_HOME and CATALINA_HOME appropriately:

#!/bin/sh
# chkconfig: 2345 80 20
# Description: Tomcat Start/Shutdown script
export JAVA_HOME=/usr/java/jdk1.7.0_71/
export USER=dspace
export CATALINA_HOME=/opt/apache-tomcat-8.0.15
case $1 in
start)
su ${USER} -c "${CATALINA_HOME}/bin/startup.sh"
;;
stop)
su ${USER} -c "${CATALINA_HOME}/bin/shutdown.sh"
;;
restart)
su ${USER} -c "${CATALINA_HOME}/bin/shutdown.sh"
su ${USER} -c "${CATALINA_HOME}/bin/startup.sh"
;;
esac
exit 0

Make tomcat startup script executable:

chmod +x /etc/init.d/tomcat

Make tomcat start upon starting the system

chkconfig --add tomcat
chkconfig tomcat on

Edit the file $CATALINA_HOME/conf/server.xml and add the following attribute to

the Connector element:
URIEncoding="UTF-8"

It should now look something like this:

<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
URIEncoding="UTF-8"/>

Edit the file $CATALINA_HOME/conf/tomcat-users.xml and add the following line

<user username="admin" password="admin" roles="manager-gui,manager-
script,manager-jmx,manager-status,admin-gui,admin-script"/>
POSTGRESQL

Run the following commands to install postgresql

yum install postgresql-server

Run the following post-installation commands

service postgresql-9.4 initdb
chkconfig postgresql-9.4 on
service postgresql-9.4 start

Edit the file /var/lib/pgsql/9.4/data/postgresql.conf

and uncomment the line:
listen_addresses = 'localhost'

Edit the file /var/lib/pgsql/9.4/data/pg_hba.conf and add this line before any
uncommented lines:
host dspace dspace 127.0.0.1/32 md5

Restart postgresql server:

service postgresql-9.4 restart

DSPACE

Download and extract the latest version of DSpace from

http://sourceforge.net/projects/dspace/

Change user to postgres

su - postgres

Setup the dspace user

createuser --no-superuser --pwprompt dspace
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) y

Setup the dspace database

createdb --owner=dspace --encoding=UNICODE dspace

Go back to being root

exit

Change the following lines in /opt/dspace-4.2-src-release/build.properties

solr.server=https://localhost/solr
db.password=yourpassword in database creation step

Create the dspace installation directory:

mkdir /dspace
chown dspace:dspace /dspace

Change user to DSpace:

su - dspace

Run Maven to download and install packages:

cd /opt/dspace-4.2-src-release/dspace
mvn package

Install DSpace and initialize database:

cd /opt/dspace-4.2-src-release/dspace/target/dspace-4.2-build
ant fresh_install

Deploy web applications:

Create the file $CATALINA_HOME/conf/Catalina/localhost/ROOT.xml and add the following:

<?xml version='1.0'?>
<Context
docBase="/dspace/webapps/jspui"
reloadable="true"/>

Create the file $CATALINA_HOME/conf/Catalina/localhost/xmlui.xml and add the

following:
<?xml version='1.0'?>
<Context
docBase="/dspace/webapps/xmlui"
reloadable="true"/>
Create the file $CATALINA_HOME/conf/Catalina/localhost/jspui.xml and add the
following:
<?xml version='1.0'?>
<Context
docBase="/dspace/webapps/jspui"
reloadable="true"/>

Create the file $CATALINA_HOME/conf/Catalina/localhost/oai.xml and add the following:

<?xml version='1.0'?>
<Context
docBase="/dspace/webapps/oai"
reloadable="true"/>

Create an initial administrator account:

/dspace/bin/dspace create-administrator

Check your installation by going to

http://localhost:8080

RUNNING TOMCAT ON HTTPS

The following steps detail how to run Tomcat over HTTPS and have its HTTP pages redirected
to HTTPS.

AUTHBIND

Download authbind from

http://ftp.debian.org/debian/pool/main/a/authbind/authbind_2.1.1.tar.gz

Get a few more packages:

yum install gcc

Extract, change to its directory and then run the commands:

make
make install

Configure a few ports for authbind:

touch /etc/authbind/byport/80
chmod 500 /etc/authbind/byport/80
chown dspace:dspace /etc/authbind/byport/80
touch /etc/authbind/byport/443
chmod 500 /etc/authbind/byport/443
chown dspace:dspace /etc/authbind/byport/443

MODIFY APACHE AGAIN

Create $CATALINA_HOME/bin/setenv.sh and put the following:

CATALINA_OPTS="-Djava.net.preferIPv4Stack=true -Xms2048m -Xmx4096m
-XX:MaxPermSize=256m"

Change the owner and permissions:

chown dspace:dspace $CATALINA_HOME/bin/setenv.sh
chmod 755 $CATALINA_HOME/bin/setenv.sh

Change the last line of $CATALINA_HOME/bin/startup.sh to

exec /usr/local/bin/authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"

INSTALLING SSL OVER TOMCAT

Run the keystore generation command under the dspace user:

su - dspace
cd
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
What is your first and last name?
[Unknown]: localhost
.
.
.
exit

Change the following tag in $CATALINA_HOME/conf/server.xml:

<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
URIEncoding="UTF-8"/>

to
<Connector port="80" enableLookups="false"
redirectPort="443" />

In the same file, change the following tag:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
/>

to
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${user.home}/.keystore" keystorePass="yourpasswordjustnow"
/>

Add the following tag before the closing </webapp> in $CATALINA_HOME/conf/web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Restart tomcat.

Download and install your self-signed certificate into JDK.

echo -n | openssl s_client -connect localhost:443 | sed -ne '/-BEGIN
CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/localhost.cer
sudo $JAVA_HOME/bin/keytool -import -alias "tomcat" -file /tmp/localhost.cer
-keystore $JAVA_HOME/jre/lib/security/cacerts
Enter keystore password: changeit
Trust this certificate? [no]: yes

Restart tomcat again.

LDAP AUTHENTICATION

Edit /dspace/config/modules/authentication.cfg and change the line from

plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.PasswordAuthentication

to
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.LDAPAuthentication

Edit /dspace/config/modules/authentication-ldap.cfg and change the lines to

enable = true

and add the following line:

provider_url = ldaps://yourhostname:636/

Modify /opt/dspace-4.2-src-release/dspace-jspui/src/main/webapp/layout/navbar-
default.jsp and change line 120 to

<fmt:param><%= user.getNetid() %></fmt:param>

Open /opt/dspace-4.2-src-release/dspace-
api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java and comment
the line starting from
SpeakerToLDAP ldap = new SpeakerToLDAP(log);
// Get the DN of the user
boolean anonymousSearch =
ConfigurationManager.getBooleanProperty("authentication-ldap",
"search.anonymous");
.
.
.

and ending with

finally
{
context.setIgnoreAuthorization(false);
}
}
}
}*/
return BAD_ARGS;
Above the commented code block, add the following code:

// Try login locally first

if (eperson.checkPassword(password))
{
context.setCurrentUser(eperson);
return SUCCESS;
}
String ldap_provider_url = ConfigurationManager.getProperty("authentication-
ldap", "provider_url");
Hashtable env = new Hashtable();
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url);
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "Simple");
env.put(javax.naming.Context.SECURITY_CREDENTIALS, password);
env.put(javax.naming.Context.SECURITY_PRINCIPAL, "firstdomain\\" + netid);
try {
DirContext ctx = new InitialDirContext(env);
context.setCurrentUser(eperson);
return SUCCESS;
} catch (Exception exp) {
try {
env.put(javax.naming.Context.SECURITY_PRINCIPAL, "seconddomain\\" + netid);
DirContext ctx = new InitialDirContext(env);
context.setCurrentUser(eperson);
return SUCCESS;
} catch (Exception exp1) {
log.error("LDAP Login failure", exp1);
return BAD_CREDENTIALS;
}
}
Recompile DSpace.

Rebuild packages
su - dspace
cd /opt/dspace-4.2-src-release
mvn package

Copy the rebuilt packages

cd /opt/dspace-4.2-src-release/dspace/target/dspace-4.2-build
ant update

Restart tomcat
exit
service tomcat restart