Serving over subdomains
This document describes how to configure ArchivesSpace and your web server to serve the application over subdomains (e.g., http://staff.myarchive.org/ and http://public.myarchive.org/), which is the recommended
practice. Separate documentation is available if you wish to serve ArchivesSpace under a prefix (e.g., http://aspace.myarchive.org/staff and
http://aspace.myarchive.org/public).
Step 1: Configuring Your Firewall
Since using subdomains negates the need for users to access the application directly on ports 8080 and 8081, these should be locked down to access by localhost only. On a Linux server, this can be done using iptables:
 iptables -A INPUT -p tcp -s localhost --dport 8080 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -j DROP iptables -A INPUT -p tcp -s localhost --dport 8081 -j ACCEPT iptables -A INPUT -p tcp --dport 8081 -j DROPStep 2: Configuring Your Web Server
Apache
The mod_proxy module is necessary for Apache to route public web traffic to ArchivesSpace’s ports as designated in your config.rb file (ports 8080 and 8081 by default).
This can be set up as a reverse proxy in the Apache configuration like so:
  <VirtualHost *:80>  ServerName public.myarchive.org  ProxyPass / http://localhost:8081/  ProxyPassReverse / http://localhost:8081/  </VirtualHost>
  <VirtualHost *:80>  ServerName staff.myarchive.org  ProxyPass / http://localhost:8080/  ProxyPassReverse / http://localhost:8080/  </VirtualHost>The purpose of ProxyPass is to route incoming traffic on the public URL (public.myarchive.org) to port 8081 of your server, where ArchivesSpace’s public interface sits. The purpose of ProxyPassReverse is to intercept outgoing traffic and rewrite the header to match the URL that the browser is expecting to see (public.myarchive.org).
nginx
Using nginx as a reverse proxy needs a configuration file like so:
  server {  listen 80;  listen [::]:80;  server_name staff.myarchive.org;  location / {      proxy_pass http://localhost:8080/;    }  }        server {  listen 80;  listen [::]:80;  server_name public.myarchive.org;  location / {      proxy_pass http://localhost:8081/;    }  }Step 3: Configuring ArchivesSpace
The only configuration within ArchivesSpace that needs to occur is adding your domain names to the following lines in config.rb:
 AppConfig[:frontend_proxy_url] = 'http://staff.myarchive.org' AppConfig[:public_proxy_url] = 'http://public.myarchive.org'This configuration allows the staff edit links to appear on the public site to users logged in to the staff interface.
Do not change AppConfig[:public_url] or AppConfig[:frontend_url]; these must retain their port numbers in order for the application to run.