{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.
SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
Copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ in the remote directory where you copied the @provision.sh@ script. The provision script will find the certificates there.
For a @single hostname@ setup, the certificate and its key need to be copied to a file named after @HOSTNAME_EXT@.
For example, if @HOSTNAME_EXT@ is defined as @my-arvados.example.net@, the script will look for
For a @multiple hostnames@ setup, the script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both download / collections):
* "controller"
* "websocket"
* "workbench"
* "workbench2"
* "webshell"
* "download" # Part of keepweb
* "collections" # Part of keepweb
* "keepproxy"
E.g. for 'keepproxy', the script will look for
All certificate files will be used by nginx. You may need to include intermediate certificates in your certificate files. See "the nginx documentation":http://nginx.org/en/docs/http/configuring_https_servers.html#chains for more details.
Make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable.