---
layout: default
navsection: installguide
title: Install the API server
...
h2. Install prerequisites
The Arvados package repository includes an API server package that can help automate much of the deployment.
h3(#install_ruby_and_bundler). Install Ruby and Bundler
{% include 'install_ruby_and_bundler' %}
h3(#install_postgres). Install PostgreSQL
{% include 'install_postgres' %}
h2(#install_apiserver). Install API server and dependencies
On a Debian-based system, install the following packages:
Puma is already included with the API server's gems. We recommend you run it as a service under runit or a similar tool. Here's a sample runit script for that: Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for both it and Puma. You might add a block like the following, adding SSL and logging parameters to taste: Restart Nginx:~$ sudo apt-get install bison build-essential libcurl4-openssl-dev git arvados-api-server
~$ sudo yum install bison make automake gcc gcc-c++ libcurl-devel git arvados-api-server
~$ ruby -e 'puts rand(2**128).to_s(36)'
6gqa1vu492idd7yca9tfandj3
~$ sudo -u postgres createuser --encrypted -R -S --pwprompt arvados
[sudo] password for you: yourpassword
Enter password for new role: paste-password-you-generated
Enter it again: paste-password-again
~$ sudo -u postgres createdb arvados_production -T template0 -E UTF8 -O arvados
~$ sudo mkdir -p /etc/arvados/api
~$ sudo chmod 700 /etc/arvados/api
~$ cd /var/www/arvados-api/current
/var/www/arvados-api/current$ sudo cp config/database.yml.example /etc/arvados/api/database.yml
/var/www/arvados-api/current$ sudo cp config/application.yml.example /etc/arvados/api/application.yml
uuid_prefix: zzzzz
~$ ruby -e 'puts rand(2**400).to_s(36)'
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
secret_token: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
~$ ruby -e 'puts rand(2**400).to_s(36)'
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
blob_signing_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sso_app_id: arvados-server
sso_app_secret: wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
sso_provider_url: https://sso.example.com
workbench_address: https://workbench.zzzzz.example.com
websocket_address: wss://ws.zzzzz.example.com/websocket
~$ sudo mkdir -p /var/lib/arvados/git/repositories
git_repositories_dir: /var/lib/arvados/git/repositories
git_internal_dir: /var/lib/arvados/internal.git
#!/bin/bash
set -e
exec 2>&1
# Uncomment the line below if you're using RVM.
#source /etc/profile.d/rvm.sh
envdir="`pwd`/env"
mkdir -p "$envdir"
echo ws-only > "$envdir/ARVADOS_WEBSOCKETS"
cd /var/www/arvados-api/current
echo "Starting puma in `pwd`"
# Change arguments below to match your deployment, "webserver-user" and
# "webserver-group" should be changed to the user and group of the web server
# process. This is typically "www-data:www-data" on Debian systems by default,
# other systems may use different defaults such the name of the web server
# software (for example, "nginx:nginx").
exec chpst -m 1073741824 -u webserver-user:webserver-group -e "$envdir" \
bundle exec puma -t 0:512 -e production -b tcp://127.0.0.1:8100
server {
listen 127.0.0.1:8000;
server_name localhost-api;
root /var/www/arvados-api/current/public;
index index.html index.htm index.php;
passenger_enabled on;
# If you're using RVM, uncomment the line below.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
# This value effectively limits the size of API objects users can
# create, especially collections. If you change this, you should
# also ensure the following settings match it:
# * `client_max_body_size` in the server section below
# * `client_max_body_size` in the Workbench Nginx configuration (twice)
# * `max_request_size` in the API server's application.yml file
client_max_body_size 128m;
}
upstream api {
server 127.0.0.1:8000 fail_timeout=10s;
}
upstream websockets {
# The address below must match the one specified in puma's -b option.
server 127.0.0.1:8100 fail_timeout=10s;
}
proxy_http_version 1.1;
# When Keep clients request a list of Keep services from the API server, the
# server will automatically return the list of available proxies if
# the request headers include X-External-Client: 1. Following the example
# here, at the end of this section, add a line for each netmask that has
# direct access to Keep storage daemons to set this header value to 0.
geo $external_client {
default 1;
10.20.30.0/24 0;
}
server {
listen [your public IP address]:443 ssl;
server_name uuid_prefix.your.domain;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
ssl_certificate_key /YOUR/PATH/TO/cert.key;
index index.html index.htm index.php;
# Refer to the comment about this setting in the server section above.
client_max_body_size 128m;
location / {
proxy_pass http://api;
proxy_redirect off;
proxy_connect_timeout 90s;
proxy_read_timeout 300s;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-External-Client $external_client;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen [your public IP address]:443 ssl;
server_name ws.uuid_prefix.your.domain;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
ssl_certificate_key /YOUR/PATH/TO/cert.key;
index index.html index.htm index.php;
location / {
proxy_pass http://websockets;
proxy_redirect off;
proxy_connect_timeout 90s;
proxy_read_timeout 300s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
~$ sudo nginx -s reload
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.
fatal: Not a git repository (or any of the parent directories): .git{% include 'notebox_end' %}