--- layout: default navsection: installguide title: Install Workbench ... {% comment %} Copyright (C) The Arvados Authors. All rights reserved. SPDX-License-Identifier: CC-BY-SA-3.0 {% endcomment %} # "Install dependencies":#dependencies # "Update config.yml":#update-config # "Update Nginx configuration":#update-nginx # "Trusted client flag":#trusted_client # "Install arvados-workbench":#install-packages # "Restart the API server and controller":#restart-api # "Confirm working installation":#confirm-working h2(#dependencies). Install dependencies # "Install Ruby and Bundler":ruby.html # "Install nginx":nginx.html # "Install Phusion Passenger":https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/nginx/oss/install_passenger_main.html h2(#configure). Update config.yml Edit @config.yml@ to set the keys below. The full set of configuration options are in the "Workbench section of config.yml":{{site.baseurl}}/admin/config.html
    Services:
      Workbench1:
        ExternalURL: "https://workbench.ClusterID.example.com"
    Workbench:
      SecretKeyBase: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    Users:
      AutoAdminFirstUser: true
This application needs a secret token. Generate a new secret:
~$ ruby -e 'puts rand(2**400).to_s(36)'
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Then put that value in the @Workbench.SecretKeyBase@ field. You probably want to enable @Users.AutoAdminFirstUser@ . The first user to log in when no other admin user exists will automatically be made an admin. h2(#update-nginx). Update nginx configuration Use a text editor to create a new file @/etc/nginx/conf.d/arvados-workbench.conf@ with the following configuration. Options that need attention are marked in red.
server {
    listen       80;
    server_name  workbench.ClusterID.example.com;
    return 301   https://workbench.ClusterID.example.com$request_uri;
}

server {
  listen       *:443 ssl;
  server_name  workbench.ClusterID.example.com;

  ssl on;
  ssl_certificate     /YOUR/PATH/TO/cert.pem;
  ssl_certificate_key /YOUR/PATH/TO/cert.key;

  root /var/www/arvados-workbench/current/public;
  index  index.html;

  passenger_enabled on;
  # If you're using RVM, uncomment the line below.
  #passenger_ruby /usr/local/rvm/wrappers/default/ruby;

  # `client_max_body_size` should match the corresponding setting in
  # the API.MaxRequestSize and Controller's server's Nginx configuration.
  client_max_body_size 128m;
}
h2(#trusted_client). Trusted client flag In the API server project root, start the Rails console. {% include 'install_rails_command' %} Create an ApiClient record for your Workbench installation with the @is_trusted@ flag set.
irb(main):001:0> include CurrentApiClient
=> true
irb(main):002:0> act_as_system_user do ApiClient.create!(url_prefix: "https://workbench.ClusterID.example.com/", is_trusted: true) end
=> #<ApiClient id: 2, uuid: "...", owner_uuid: "...", modified_by_client_uuid: nil, modified_by_user_uuid: "...", modified_at: "2019-12-16 14:19:10", name: nil, url_prefix: "https://workbench.ClusterID.example.com/", created_at: "2019-12-16 14:19:10", updated_at: "2019-12-16 14:19:10", is_trusted: true>
{% assign arvados_component = 'arvados-workbench' %} {% include 'install_packages' %} {% include 'restart_api' %} h2(#confirm-working). Confirm working installation Visit @https://workbench.ClusterID.example.com@ in a browser. You should be able to log in using the login method you configured in the previous step. If @Users.AutoAdminFirstUser@ is true, you will be an admin user.