forked from DSpace/DSpace
-
Notifications
You must be signed in to change notification settings - Fork 21
Samples
Ondřej Košarko edited this page Dec 5, 2025
·
5 revisions
This is a sample .env as currently (2025-09-16) used on lindat production machine.
Don't mind the DSPACE_VER, DOCKER_OWNER and DSPACE_*_IMAGE variables too much (they are there to test upcoming releases from dataquest and/or apply hotfixes). Most deployments will default to what's in Installation
The URLs are https://lindat.mff.cuni.cz/repository/ for the UI and https://lindat.mff.cuni.cz/repository/server for the REST API. There's a HOST_IP as the machine where the docker host sites is a different machine than the one with nginx server.
INSTANCE=0
DSPACE_HOST=lindat.mff.cuni.cz
DSPACE_VER=lindat-2025.07.16502729677
DSPACE_SSL=true
DOCKER_OWNER=dataquest
DSPACE_UI_IMAGE=${DOCKER_OWNER}/dspace-angular:$DSPACE_VER
DSPACE_REST_IMAGE=ufal/dspace:1f2eb0a31cada0d641585448dbaffc9b9056617a
DSPACE_REST_PORT=443
DSPACE_REST_NAMESPACE=/repository/server
DSPACE_UI_NAMESPACE=/repository/
REST_URL=https://${DSPACE_HOST}${DSPACE_REST_NAMESPACE}
UI_URL=https://${DSPACE_HOST}${DSPACE_UI_NAMESPACE}
HOST_IP=10.10.51.174
Below you can see the full local.cfg for version 7 (with passwords and some other sensitive info replaced). It's just 46 lines as of 2025-09-16
rest.cors.allowed-origins = ${dspace.ui.url}, https://lindat.cz/repository, https://lindat.cz, https://shortref.org
s3.download.direct.enabled = false
s3.upload.by.parts.enabled = false
sync.storage.service.enabled = false
mail.server.disabled = false
mail.server = 10.10.51.174
shibboleth.discofeed.allowed = true
shibboleth.discofeed.url = https://lindat.mff.cuni.cz/Shibboleth.sso/DiscoFeed
spring.servlet.multipart.max-file-size = 10GB
spring.servlet.multipart.max-request-size = 10GB
lr.pid.service.type = epic2
lr.pid.service.url = https://pid.gwdg.de/handles
lr.pid.service.user = USERNAME
lr.pid.service.pass = PASSWORD
lr.pid.service.testPid = 11372/LRT-TEST_PID
lr.pid.community.configurations = community=c835ba15-f917-4987-b655-7630a6018907,prefix=11372,type=epic,canonical_prefix=http://hdl.handle.net/,subprefix=LRT;community=a0aa95ac-e291-49d7-a9a7-ffa87ea9eeaf,prefix=20.500.12800,type=local,canonical_prefix=http://hdl.handle.net/,subprefix=1;community=fae21c63-1384-490c-8548-8cf8b2c03e55,prefix=20.500.12800,type=local,canonical_prefix=http://hdl.handle.net/,subprefix=1;community=74922fdb-0182-4e47-b39a-6c28d32469da,prefix=20.500.12801,type=local,canonical_prefix=http://hdl.handle.net/,subprefix=1;community=*,prefix=11234,type=local,canonical_prefix=http://hdl.handle.net/,subprefix=1
dspace.name = LINDAT/CLARIAH-CZ digital library at the Institute of Formal and Applied Linguistics (ÚFAL), Faculty of Mathematics and Physics, Charles University
dspace.shortname = LINDAT/CLARIAH-CZ repository
mail.admin = [email protected]
lr.help.mail = ${mail.admin}
feedback.recipient = ${mail.admin}
registration.notify = ${mail.admin}
mail.from.address = [email protected]
download.email.cc = [email protected]
allow.edit.metadata = LRT + Open Submissions Data & Tools
oai.sample.identifier = oai:lindat.mff.cuni.cz:11858/00-097C-0000-0001-487A-4
description.archiveURL = https://lindat.mff.cuni.cz/repository/
description.participant.name = Ondrej Kosarko
help.mail = ${mail.admin}
description.institution = Institute of Formal and Applied Linguistics
description.institutionURL = http://ufal.mff.cuni.cz
description.shortLocation = Prague, Czech Republic
description.location = Malostranské náměstí 25,118 00 Prague, Czech Republic
description.synopsis = http://lindat.cz
matomo.auth.token = TOKEN
matomo.tracker.bitstream.site_id = 44
matomo.tracker.oai.site_id = 33
matomo.tracker.host.url = https://lindat.mff.cuni.cz/piwik/piwik.php
matomo.custom.dimension.handle.id = 1
download.email.cc.hamledt_3.0_license_terms = [email protected]
download.email.cc.agreement_on_the_use_of_data_in_qt21 = [email protected],[email protected]
handle.prefix = 11234
shortener.handle.prefix=11346
description.currentAsOf=2025-05-29
Mainly to document the redirects we have in place to migrate from v5. There's more complete setup in https://github.com/ufal/dockerized-nginx-with-shibboleth
# backend
location /repository/server/ {
# This is here to override the cors_headers included on server level
# we have add_header here so no add_header gets inherited from the upper level
# It also seems that nginx does not actually add headers with a blank value
# though I didn't find documentation to support this
add_header X-No-Op "" always;
#limit_req zone=req_per_ip burst=5120 nodelay;
#limit_req_dry_run on;
if ($host != lindat.mff.cuni.cz) {
rewrite .* $scheme://lindat.mff.cuni.cz$request_uri? redirect;
}
include proxy_params;
# see https://github.com/ufal/clarin-dspace/issues/1130#issuecomment-2721421902
# 128m/20s -> 6.4MB/s; if this is not good enough maybe X-Accel-Redirect?
#proxy_max_temp_file_size 128m;
# The zero value disables buffering of responses to temporary files.
proxy_max_temp_file_size 0;
client_max_body_size 10G;
#https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout says this shouldn't exceed 75 seconds
proxy_connect_timeout 75;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
proxy_pass http://repo7_be;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# shib protection of backend
location /repository/server/api/authn/shibboleth {
if ($host != lindat.mff.cuni.cz) {
rewrite .* $scheme://lindat.mff.cuni.cz$request_uri? redirect;
}
include shibboleth_auth;
include proxy_params;
proxy_pass http://repo7_be;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# frontend
location /repository/ {
if ($host != lindat.mff.cuni.cz) {
rewrite .* $scheme://lindat.mff.cuni.cz$request_uri? redirect;
}
#error_page 403 =503 /maintenance-repo.html;
# CMDI content
if ($arg_format ~* "cmdi"){
rewrite ^/repository/handle/(.*)$ /repository/server/cmdi/oai-metadata?metadataPrefix=cmdi&handle=$1? last;
}
if ($http_accept = "application/x-cmdi+xml"){
rewrite ^/repository/handle/(.*)$ /repository/server/cmdi/oai-metadata?metadataPrefix=cmdi&handle=$1? last;
}
# /CMDI content
include proxy_params;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://repo7_fe;
proxy_http_version 1.1;
}
# rewrites
# XXX don't forget to update repository-ng to repository when switching
# and after some time switch to permanent codes
location /repository/xmlui/page/ {
rewrite ^/repository/xmlui/page/(.*) /repository/static/$1? redirect;
}
location = /repository/xmlui {
return 302 /repository/;
}
location /repository/xmlui/ {
rewrite ^(.*)/xmlui/(.*)$ $1/$2 redirect;
}
location = /repository/xmlui/page/licenses {
rewrite .* /repository/licenses redirect;
}
location = /repository/xmlui/submissions {
rewrite .* /repository/mydspace? redirect;
}
location = /repository/oai {
return 307 /repository/server/oai$is_args$args;
}
location ~ ^/repository/oai/(.*)$ {
return 307 /repository/server/oai/$1$is_args$args;
}
location ~ ^/repository/rest/handle/(.*)/(.*)/refbox {
return 302 /repository/server/api/core/refbox?handle=$1/$2;
}
# TODO
# \t on
# select concat('hdl_', replace(handle, '/', '_')), concat(case when resource_type_id = 3 then 'col_' else 'com_' end, replace(handle, '/', '_')) from handle where resource_type_id in (3,4);
# \t off
#
upstream repo7_fe {
server 10.10.51.XX:4000;
keepalive 2;
# express closes idle connections after 5s, we need to close first
keepalive_timeout 4s;
}
upstream repo7_be {
server 10.10.51.XX:8080;
keepalive 2;
# tomcat closes idle connections after 20s, we need to close first
keepalive_timeout 19s;
}