---
layout: default
navsection: installguide
title: Install Workbench
...
{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.
SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
# "Install dependencies":#dependencies
# "Update config.yml":#update-config
# "Update Nginx configuration":#update-nginx
# "Trusted client flag":#trusted_client
# "Install arvados-workbench":#install-packages
# "Restart the API server and controller":#restart-api
# "Confirm working installation":#confirm-working
h2(#dependencies). Install dependencies
# "Install Ruby and Bundler":ruby.html
# "Install nginx":nginx.html
# "Install Phusion Passenger":https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/nginx/oss/install_passenger_main.html
h2(#configure). Update config.yml
Edit @config.yml@ to set the keys below. The full set of configuration options are in the "Workbench section of config.yml":{{site.baseurl}}/admin/config.html
<notextile>
<pre><code> Services:
Workbench1:
ExternalURL: <span class="userinput">"https://workbench.ClusterID.example.com"</span>
Workbench:
SecretKeyBase: <span class="userinput">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</span>
Users:
AutoAdminFirstUser: true
</code></pre>
</notextile>
This application needs a secret token. Generate a new secret:
<notextile>
<pre><code>~$ <span class="userinput">ruby -e 'puts rand(2**400).to_s(36)'</span>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
</code></pre>
</notextile>
Then put that value in the @Workbench.SecretKeyBase@ field.
You probably want to enable @Users.AutoAdminFirstUser@ . The first user to log in when no other admin user exists will automatically be made an admin.
h2(#update-nginx). Update nginx configuration
Use a text editor to create a new file @/etc/nginx/conf.d/arvados-workbench.conf@ with the following configuration. Options that need attention are marked in <span class="userinput">red</span>.
<notextile>
<pre><code>server {
listen 80;
server_name workbench.<span class="userinput">ClusterID.example.com</span>;
return 301 https://workbench.<span class="userinput">ClusterID.example.com</span>$request_uri;
}
server {
listen *:443 ssl;
server_name workbench.<span class="userinput">ClusterID.example.com</span>;
ssl on;
ssl_certificate <span class="userinput">/YOUR/PATH/TO/cert.pem</span>;
ssl_certificate_key <span class="userinput">/YOUR/PATH/TO/cert.key</span>;
root /var/www/arvados-workbench/current/public;
index index.html;
passenger_enabled on;
# If you're using RVM, uncomment the line below.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
# `client_max_body_size` should match the corresponding setting in
# the API.MaxRequestSize and Controller's server's Nginx configuration.
client_max_body_size 128m;
}
</code></pre>
</notextile>
h2(#trusted_client). Trusted client flag
In the <strong>API server</strong> project root, start the Rails console. {% include 'install_rails_command' %}
Create an ApiClient record for your Workbench installation with the @is_trusted@ flag set.
<notextile><pre><code>irb(main):001:0> <span class="userinput">include CurrentApiClient</span>
=> true
irb(main):002:0> <span class="userinput">act_as_system_user do ApiClient.create!(url_prefix: "https://workbench.ClusterID.example.com/", is_trusted: true) end</span>
=> #<ApiClient id: 2, uuid: "...", owner_uuid: "...", modified_by_client_uuid: nil, modified_by_user_uuid: "...", modified_at: "2019-12-16 14:19:10", name: nil, url_prefix: "https://workbench.ClusterID.example.com/", created_at: "2019-12-16 14:19:10", updated_at: "2019-12-16 14:19:10", is_trusted: true>
</code></pre>
</notextile>
{% assign arvados_component = 'arvados-workbench' %}
{% include 'install_packages' %}
{% include 'restart_api' %}
h2(#confirm-working). Confirm working installation
Visit @https://workbench.ClusterID.example.com@ in a browser. You should be able to log in using the login method you configured in the previous step. If @Users.AutoAdminFirstUser@ is true, you will be an admin user.