---
layout: default
navsection: installguide
title: Install the API server
...
h2. Install prerequisites
The Arvados package repository includes an API server package that can help automate much of the deployment.
h3(#install_ruby_and_bundler). Install Ruby and Bundler
{% include 'install_ruby_and_bundler' %}
h3(#install_postgres). Install PostgreSQL
{% include 'install_postgres' %}
h2(#install_apiserver). Install API server and dependencies
On a Debian-based system, install the following packages:
Install runit to supervise the Puma daemon. {% include 'install_runit' %} Install the script below as the run script for the Puma service, modifying it as directed by the comments. Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for both it and Puma. You might add a block like the following, adding SSL and logging parameters to taste: Restart Nginx:~$ sudo apt-get install bison build-essential libcurl4-openssl-dev git arvados-api-server
~$ sudo yum install bison make automake gcc gcc-c++ libcurl-devel git arvados-api-server
~$ ruby -e 'puts rand(2**128).to_s(36)'
6gqa1vu492idd7yca9tfandj3
~$ sudo -u postgres createuser --encrypted -R -S --pwprompt arvados
[sudo] password for you: yourpassword
Enter password for new role: paste-password-you-generated
Enter it again: paste-password-again
~$ sudo -u postgres createdb arvados_production -T template0 -E UTF8 -O arvados
uuid_prefix: zzzzz
~$ ruby -e 'puts rand(2**400).to_s(36)'
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
secret_token: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
~$ ruby -e 'puts rand(2**400).to_s(36)'
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
blob_signing_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sso_app_id: arvados-server
sso_app_secret: wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
sso_provider_url: https://sso.example.com
workbench_address: https://workbench.zzzzz.example.com
websocket_address: wss://ws.zzzzz.example.com/websocket
~$ sudo mkdir -p /var/lib/arvados/git/repositories
git_repositories_dir: /var/lib/arvados/git/repositories
git_internal_dir: /var/lib/arvados/internal.git
#!/bin/bash
set -e
exec 2>&1
# Uncomment the line below if you're using RVM.
#source /etc/profile.d/rvm.sh
envdir="`pwd`/env"
mkdir -p "$envdir"
echo ws-only > "$envdir/ARVADOS_WEBSOCKETS"
cd /var/www/arvados-api/current
echo "Starting puma in `pwd`"
# Change arguments below to match your deployment, "webserver-user" and
# "webserver-group" should be changed to the user and group of the web server
# process. This is typically "www-data:www-data" on Debian systems by default,
# other systems may use different defaults such the name of the web server
# software (for example, "nginx:nginx").
exec chpst -m 1073741824 -u webserver-user:webserver-group -e "$envdir" \
bundle exec puma -t 0:512 -e production -b tcp://127.0.0.1:8100
server {
listen 127.0.0.1:8000;
server_name localhost-api;
root /var/www/arvados-api/current/public;
index index.html index.htm index.php;
passenger_enabled on;
# If you're using RVM, uncomment the line below.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
# This value effectively limits the size of API objects users can
# create, especially collections. If you change this, you should
# also ensure the following settings match it:
# * `client_max_body_size` in the server section below
# * `client_max_body_size` in the Workbench Nginx configuration (twice)
# * `max_request_size` in the API server's application.yml file
client_max_body_size 128m;
}
upstream api {
server 127.0.0.1:8000 fail_timeout=10s;
}
upstream websockets {
# The address below must match the one specified in puma's -b option.
server 127.0.0.1:8100 fail_timeout=10s;
}
proxy_http_version 1.1;
# When Keep clients request a list of Keep services from the API server, the
# server will automatically return the list of available proxies if
# the request headers include X-External-Client: 1. Following the example
# here, at the end of this section, add a line for each netmask that has
# direct access to Keep storage daemons to set this header value to 0.
geo $external_client {
default 1;
10.20.30.0/24 0;
}
server {
listen [your public IP address]:443 ssl;
server_name uuid_prefix.your.domain;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
ssl_certificate_key /YOUR/PATH/TO/cert.key;
index index.html index.htm index.php;
# Refer to the comment about this setting in the server section above.
client_max_body_size 128m;
location / {
proxy_pass http://api;
proxy_redirect off;
proxy_connect_timeout 90s;
proxy_read_timeout 300s;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-External-Client $external_client;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen [your public IP address]:443 ssl;
server_name ws.uuid_prefix.your.domain;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
ssl_certificate_key /YOUR/PATH/TO/cert.key;
index index.html index.htm index.php;
location / {
proxy_pass http://websockets;
proxy_redirect off;
proxy_connect_timeout 90s;
proxy_read_timeout 300s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
~$ sudo nginx -s reload
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.
fatal: Not a git repository (or any of the parent directories): .git{% include 'notebox_end' %}