--- layout: default navsection: installguide title: Install Keepproxy server ... {% comment %} Copyright (C) The Arvados Authors. All rights reserved. SPDX-License-Identifier: CC-BY-SA-3.0 {% endcomment %} # "Introduction":#introduction # "Update config.yml":#update-config # "Update nginx configuration":#update-nginx # "Install keepproxy package":#install-packages # "Start the service":#start-service # "Restart the API server and controller":#restart-api # "Confirm working installation":#confirm-working h2(#introduction). Introduction The Keepproxy server is a gateway into your Keep storage. Unlike the Keepstore servers, which are only accessible on the local LAN, Keepproxy is suitable for clients located elsewhere on the internet. Specifically, in contrast to Keepstore: * A client writing through Keepproxy sends a single copy of a data block, and Keepproxy distributes copies to the appropriate Keepstore servers. * A client can write through Keepproxy without precomputing content hashes. Notably, the browser-based upload feature in Workbench requires Keepproxy. * Keepproxy checks API token validity before processing requests. (Clients that can connect directly to Keepstore can use it as scratch space even without a valid API token.) By convention, we use the following hostname for the Keepproxy server:
Services:
Keepproxy:
ExternalURL: https://keep.ClusterID.example.com
InternalURLs:
"http://keep.ClusterID.example.com:25107": {}
upstream keepproxy {
server 127.0.0.1:25107;
}
server {
listen [TODO your public IP address]:443 ssl;
server_name keep.ClusterID.example.com;
proxy_connect_timeout 90s;
proxy_read_timeout 300s;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_request_buffering off;
ssl on;
ssl_certificate /TODO/YOUR/PATH/TO/cert.pem;
ssl_certificate_key /TODO/YOUR/PATH/TO/cert.key;
# Clients need to be able to upload blocks of data up to 64MiB in size.
client_max_body_size 64m;
location / {
proxy_pass http://keepproxy;
}
}