2 Copyright (C) The Arvados Authors. All rights reserved.
4 SPDX-License-Identifier: CC-BY-SA-3.0
7 If you plan to use custom certificates, please set the variable <i>SSL_MODE=bring-your-own</i> and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing.
9 When using custom certificates in a single-host / single-hostname setup, the certificate and its key need to be copied to a file named after <i>${HOSTNAME_EXT}</i>. Ie., for "HOSTNAME_EXT='my-arvados.example.net', the script will lookup for
12 # ${CUSTOM_CERTS_DIR}/my-arvados.example.net.crt
13 # ${CUSTOM_CERTS_DIR}/my-arvados.example.net.key
17 For a setup with multiple hostnames, the script expects cert/key files with these basenames (matching the role except for <i>keepweb</i>, which is split in both <i>download / collections</i>):
24 * "download" # Part of keepweb
25 * "collections" # Part of keepweb
28 Ie., for 'keepproxy', the script will look for
31 <pre><code>${CUSTOM_CERTS_DIR}/keepproxy.crt
32 ${CUSTOM_CERTS_DIR}/keepproxy.key
36 Make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable.