Dealing with the proxy was a beast for me, with so many moving parts. It was hard to pinpoint exactly which changes make a difference, but I'll share some of my thoughts / observations.
1. *Certs*. Do you have a way to ensure that your certs are good? 2. *Port status*. Check open ports to see that 443 is open: sudo ufw status 2. *Order of clauses*. I did notice a change in how Nginx behaved when I changed the order of the location clauses, with "/" coming before "/server". At least it seemed that way... I'm willing to be wrong on this... 3. *Localhost.* I seemed to have better success with the proxy when I proxy_passed internal IP instead of localhost. Try this out in Nginx: before making the jump to https, try out http, listen 80, but with your internal IP address in the location clauses (examples below). 4. *Yarn first.* Try running your UI with just yarn start (which will pull config from config.prod.yml and any .env overrides, from within your dspace-angular install/build directory) and don't do the PM2 yet. See if you can get your Nginx proxy to work with that. I found that PM2 added another layer of problems that were difficult to sort out. Once you have Nginx and the yarn server (UI) working together nicely, then add in PM2 and see if you can get that working. 5. *Be reboot-friendly.* I found too that sometimes when playing around with config.prod.yml and .env and rebuilding and restarting yarn or PM2, the system wouldn't fully take the new settings. Not sure what I am missing there. Safest thing to do was to reboot the system after changing stuff in those files and retry "yarn start". Sometimes it made the difference. 6. *Deployment location*. PM2 works and doesn't cause CORS problems when I run it using a dspace-ui.json file in the *dspace-angular install build directory*. However, when I run PM2 from a dspace-ui.json file in a *dspace-ui-deploy directory *that has dist and config.prod.yml copied to it (as per the Lyrasis installation suggestions), the UI has CORS issues. Not sure what I am missing yet... maybe some environment variables?? So many moving parts that all have to talk exactly in the right way. Here are mine, for reference. With these settings I am able to access the server remotely with my proper URL (I substituted it with "myfqdn.com" below) and I can log in, do administration stuff, etc. Hope it is useful for your troubleshooting. --- Pertinent stuff from* local.cfg* dspace.dir=/opt/dspace-7/server dspace.server.url = http://myfqdn.com/server dspace.ui.url = http://myfqdn.com rest.cors.allowed-origins = ${dspace.ui.url}, "http://10.10.10.177:4000";, "http://localhost:4000";, "http://127.0.0.1:4000"; Pertinent stuff from */etc/nginx/sites-enabled/default* server { listen 80 default_server; index index.html index.htm index.nginx-debian.html; server_name myfqdn.com; location / { proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Host $host; proxy_pass http://10.10.10.177:4000; } location /server { proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Host $host; proxy_pass http://10.10.10.177:8080/server; } location ~ /\.ht { deny all; } } Pertinent stuff from */opt/dspace-7-angular/config/config.prod.yml (Note that port #s are commented out)* ui: ssl: false host: myfqdn.com #port: 4000 nameSpace: / rateLimiter: windowMs: 60000 # 1 minute max: 500 # limit each IP to 500 requests per windowMs useProxies: true rest: ssl: false host: myfqdn.com #port: 8080 nameSpace: /server (Aside: This .env file really was necessary for yarn and the proxy to work!!! There may be other places to put the data, but this worked for me. I'm not sure of the role of .env when using PM2? Does PM2 see it? Anyone have insight on that? ) */opt/dspace-7-angular/.env (Note I am using DSpace v.7.6.1, for which I think the environment variables are a little different from earlier versions of DSpace)* "DSPACE_HOST": "myfqdn.com" "DSPACE_PORT": "80" "DSPACE_NAMESPACE": "/" "DSPACE_SSL": "false" --- *ADDING IN PM2:* With the above settings, I can run "yarn start" from /opt/dspace-7-angular with no issues. When I switch to running PM2 from /opt/dspace-7-angular, these settings in dspace-ui.json worked for me there. However, I could not get dspace-ui.json (with the tweaked cwd) and PM2 to work properly when I tried running it from a separate deployment folder. I'm hoping I'll find an answer to that later.... */opt/dspace-7-angular/dspace-ui.json* { "apps": [ { "name": "dspace-ui", "cwd": "/opt/dspace-7-angular", "script": "dist/server/main.js", "instances": "max", "exec_mode": "cluster", "env": { "NODE_ENV": "production" } } ] } I'll be trying to change this over to HTTPS soon, have some cert stuff to sort out, but perhaps I'll share successful settings when I get there. These proxy / CORS issues with the DSpace UI seem to be common, and it is a challenge to sort out. May the odds be ever in your favor. Katy On Friday, August 4, 2023 at 4:43:13 PM UTC-7 Andrew Purnama wrote: > Hi Tim, > > I followed as per front end installation > <https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-FrontendInstallation> > > step *8.1.iii*, only changed the URL to match ours. > ### > # HTTPS server > server { > listen 443 ssl; > server_name repository.bionicsinstitute.org; > ssl_certificate C:/nginx-1.25.1/cert/wildcardChain.crt; > ssl_certificate_key C:/nginx-1.25.1/cert/domain.rsa; > > # Proxy all HTTPS requests to "/server" from NGinx to Tomcat on port 8080 > location /server { > proxy_set_header X-Forwarded-Proto https; > proxy_set_header X-Forwarded-Host $host; > proxy_pass http://localhost:8080/server; > } > > # For UI > # proxy all HTTPS requests from NGinx to PM2 on localhost, port 4000 > # URL must match the "ui" settings in config.prod.yml > location / { > proxy_pass http://localhost:4000/; > } > } > ### > > > I thought of matching the "location /" code block with the other one by > adding below but no luck. > ### > proxy_set_header X-Forwarded-Proto https; > proxy_set_header X-Forwarded-Host $host; > ### > > > I did look around in the logs folder but not sure what to look for. > attached are the 2 log files from \nginx\*logs* folder. > F12 on Edge shows below. > [image: image.png] > > I also tried adding below (bold) in \DSpace\config\*local.cfg* but still > no luck (found some old post about CORS issue > <https://github.com/DSpace/dspace-angular/issues/1036>). > At least due to the highlighted part I can access http://localhost:4000 > from the server again. > ### > dspace.server.url = https://repository.bionicsinstitute.org/server > dspace.ui.url = https://repository.bionicsinstitute.org > > *rest.cors.allowed-origins = ${dspace.ui.url}, http://localhost:4000 > <http://localhost:4000>, https://repository.bionicsinstitute.org:443 > <https://repository.bionicsinstitute.org:443>proxies.trusted.ipranges = > 192.168.110.6* > ### > > > Not sure if it cause issue, I've added a manual entry in > C:\Windows\System32\drivers\etc\*hosts* file: > ### > 192.168.110.6 repository.bionicsinstitute.org > ### > > I have yet to try Apache HTTPD, will explore that next week. > > > Regards, > Andrew > > > > On Sat, Aug 5, 2023 at 3:14 AM DSpace Technical Support < > dspac...@googlegroups.com> wrote: > >> Hi, >> >> It sounds like your Nginx setup isn't working properly... but it's hard >> to say exactly *why*. You may want to check the Nginx logs, as it could be >> a simple misconfiguration or similar. >> >> Port 4000 (or any "localhost" style URLs) won't be available from a >> different host. This is why you need Nginx (or Apache) to turn that >> localhost URL into an actual hostname/domain (like "demo.dspace.org"). >> The localhost URLs will only work from the same machine that site is on... >> so they are really only useful for development/quick testing. >> >> Tim >> >> On Thursday, August 3, 2023 at 6:16:26 AM UTC-5 abys...@gmail.com wrote: >> >>> Hi there, >>> >>> I followed the instruction here: >>> https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-FrontendRequirements >>> >>> I used NGinx and on frontend installation: >>> >>> - step 5; used YAML configuration >>> - step 6: run via PM2 >>> >>> Everything went well but after finishing up the last part (step 8, add >>> HTTPS support): >>> >>> - accessing https://host.domain.com shows: 502 Bad Gateway >>> can still access backend (https://host.domain.com/server) >>> - can't access http://localhost:4000 anymore, shows: 500 Service >>> Unavailable >>> if I revert the *dspace.ui.url* back to default ( >>> http://localhost:4000), it works >>> >>> Also, seems like port 4000 is not accessible from different host. >>> Not sure where to go from here so really appreciate any >>> help/hint/anything. >>> >>> Thank you in advance. >>> >> -- >> All messages to this mailing list should adhere to the Code of Conduct: >> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >> --- >> You received this message because you are subscribed to the Google Groups >> "DSpace Technical Support" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to dspace-tech...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/dspace-tech/ed8dbaa5-1704-4b32-a3aa-8fb32886b5d8n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/dspace-tech/ed8dbaa5-1704-4b32-a3aa-8fb32886b5d8n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/74379d91-2025-4953-ae04-212f026d1186n%40googlegroups.com.
