If you restrict access to your Arvados services based on network topology -- for example, your proxy server is not reachable from the public internet -- additional proxy configuration might be needed to thwart cross-site scripting attacks that would circumvent your restrictions. Read the "'Intranet mode' section of the Keep-web documentation":https://godoc.org/github.com/curoverse/arvados/services/keep-web#hdr-Intranet_mode now.
{% include 'notebox_end' %}
-h3. Configure DNS
+h3(#dns). Configure DNS
Configure your DNS servers so the following names resolve to your Nginx proxy's public IP address.
* @download.uuid_prefix.your.domain@
<notextile>
<pre><code>Clusters:
<span class="userinput">uuid_prefix</span>:
- SystemRootToken: "{{railsout}}"
Services:
Controller:
ExternalURL: "https://<span class="userinput">uuid_prefix</span>.your.domain"
"http://keep_web_hostname_goes_here:9002/": {}
ExternalURL: "https://download.<span class="userinput">uuid_prefix</span>.your.domain"
Users:
- AnonymousUserToken: "xxxxxxxxxxxxxxxxxxxx"
+ AnonymousUserToken: "{{railsout}}"
Collections:
TrustAllContent: false
TLS:
The basic command to start Keep-web in the service run script is:
<notextile>
-<pre><code>exec sudo -u nobody keep-web
+<pre><code>exec keep-web
</code></pre>
</notextile>
-{% include 'notebox_begin' %}
-Please take into consideration that the config file should be world-readable.
-{% include 'notebox_end' %}