--- layout: default navsection: installguide title: Install Keepproxy server ... The Keepproxy server is a gateway into your Keep storage. Unlike the Keepstore servers, which are only accessible on the local LAN, Keepproxy is designed to provide secure access into Keep from anywhere on the internet. By convention, we use the following hostname for the Keepproxy:
~$ sudo apt-get install keepproxy
~$ sudo yum install keepproxy
~$ keepproxy -h
Usage of default:
-default-replicas=2: Default number of replicas to write if not specified by the client.
-listen=":25107": Interface on which to listen for requests, in the format ipaddr:port. e.g. -listen=10.0.1.24:8000. Use -listen=:port to listen on all network interfaces.
-no-get=false: If set, disable GET operations
-no-put=false: If set, disable PUT operations
-pid="": Path to write pid file
~/arvados/services/api/script$ RAILS_ENV=production bundle exec ./get_anonymous_user_token.rb
hoShoomoo2bai3Ju1xahg6aeng1siquuaZ1yae2gi2Uhaeng2r
ARVADOS_API_TOKEN=[generated token] ARVADOS_API_HOST=uuid_prefix.your.domain exec keepproxy
upstream keepproxy { server 127.0.0.1:25107 fail_timeout=10s; } server { listen [your public IP address]:443 ssl; server_name keep.@uuid_prefix@.your.domain ssl on; ssl_certificate /etc/nginx/keep.example.com-ssl.crt; ssl_certificate_key /etc/nginx/keep.example.com-ssl.key; # Clients need to be able to upload blocks of data up to 64MiB in size. client_max_body_size 64m; location / { proxy_pass http://keepproxy; proxy_redirect off; proxy_connect_timeout 90; proxy_read_timeout 300; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; proxy_set_header X-External-Client $external_client; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
~$ prefix=`arv --format=uuid user current | cut -d- -f1`
~$ echo "Site prefix is '$prefix'"
~$ read -rd $'\000' keepservice <<EOF; arv keep_service create --keep-service "$keepservice"
{
"service_host":"keep.$prefix.your.domain",
"service_port":443,
"service_ssl_flag":true,
"service_type":"proxy"
}
EOF