Repository Checklist

Ondřej Košarko edited this page Jun 7, 2017 · 8 revisions

Handle server

Verify handle server is running

The $DSPACE_INSTALLATION_DIRECTORY/handle-server should contain multiple files including config.dct. Verify that the java process is running

~# ps aux | grep handle
root      6036  0.1  2.8 1648728 59296 ?       Sl   08:42   0:01 /usr/bin/java -Xmx256m -Ddspace.log.init.disable=true -classpath ... net.handle.server.Main /installation/handle-server

Verify handles correctly resolve

If you already have an item access it via


Turn shibboleth debug logging on

Go to /etc/shibboleth/shibd.logger and turn requested DEBUG on e.g.,

  1 # set overall behavior
  2 log4j.rootCategory=DEBUG, shibd_log, warn_log
  4 # fairly verbose for DEBUG, so generally leave at INFO
  5 log4j.category.XMLTooling.XMLObject=INFO
  6 log4j.category.XMLTooling.KeyInfoResolver=INFO
  7 log4j.category.Shibboleth.IPRange=INFO
  8 log4j.category.Shibboleth.PropertySet=DEBUG
 10 # raise for low-level tracing of SOAP client HTTP/SSL behavior
 11 log4j.category.XMLTooling.libcurl=INFO
 13 # useful categories to tune independently:
 14 #
 15 # tracing of SAML messages and security policies
 16 log4j.category.OpenSAML.MessageDecoder=DEBUG
 17 log4j.category.OpenSAML.MessageEncoder=DEBUG
 18 log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
 19 #log4j.category.XMLTooling.SOAPClient=DEBUG
 20 # interprocess message remoting
 21 #log4j.category.Shibboleth.Listener=DEBUG
 22 # mapping of requests to applicationId
 23 log4j.category.Shibboleth.RequestMapper=DEBUG

Make sure you have made available and shibboleth protected the test script.

SSL certificates

Ensure that the ssl certificates are stricly valid as they are accessed from a java application that does not ignore even small glitches (Shibboleth.sso/DiscoFeed, lr.statistics.api.url in case it uses https).

You can verify with this command

openssl s_client -showcerts -connect

Monitoring urls

Exclude traffic from specific monitoring urls from piwik (see and from dspace by adding the ip address (range) to ingore file.

Number of Connections to database

db.maxconnections ( + hibernate.c3p0.max_size (hibernate.cfg.xml) < max_connections (postgres/postgresql.conf)

Web server rewrites/redirects

This section contains the necessary rewrites/redirects, it's a mix of apache and nginx configs that should provide the general idea. Depending on your settings you might need to change the ports/paths/hostnames.

For accept header cmdi and query string format=cmdi. In apache it's as follows:

# handle cmdi requests with redirects
RewriteCond %{HTTP_ACCEPT} (.*cmdi.xml.*)
RewriteRule ^(.*)/xmlui/handle/(.*)$ https://%{HTTP_HOST}$1/oai/cite?metadataPrefix=cmdi&handle=$2 [L,R=301]
RewriteCond %{QUERY_STRING} format=cmdi [NC]
RewriteRule ^(.*)/xmlui/handle/(.*)$ https://%{HTTP_HOST}$1/oai/cite?metadataPrefix=cmdi&handle=$2 [L,R=301]

You can check it using

curl -L -H "Accept: application/x-cmdi+xml"

If you use handle prefix from EPIC, the prefix should have the namespace handle fragments set correctly to be able to resolve @format=cmdi, see e.g.,

<template delimiter="@">
<if value="type" test="equals" expression="URL">
<value data="${data}?${extension}"/>
<if value="type" test="equals" expression="HS_ALIAS">
<value data="${data}@${extension}"/>

If the query string is not working try what's suggested in #543

Metadata suggester configuration (location must match what is in lr.autocomplete.solr.url) for nginx. Where lr.autocomplete.solr.url=${dspace.baseUrl}/JSON/solr/ and baseUrl ends with /repository


    location /repository/JSON/solr/ {
      rewrite /repository/JSON/solr/(.*) /repository/solr/search/select/?q=*:*&rows=0&facet=on&wt=json&indent=true&facet.field=$1 break;

      proxy_pass http://localhost:8088;

apache (VirtualHost)

RewriteEngine On
RewriteRule /repository/JSON/solr/(.*) /repository/solr/search/select/?q=*:*&rows=0&facet=on&wt=json&indent=true&facet.field=$1 [L,PT]

OAI-PMH must be available on http. example defaul site from nginx conf:

server {
  listen 80 default_server;
  server_name fqdn localhost;

  location ~ .*/repository/oai.* {
    ajp_keep_conn on;
    ajp_pass tomcat8;

  location / {
          return 301 https://$http_host$request_uri;
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.