|keep-balance |no |yes|no ^3^|InternalURLs only used to expose Prometheus metrics|
|keep-web |yes |yes|yes ^5^|InternalURLs used by reverse proxy and container log API|
|websocket |yes |yes|no ^2^|InternalURLs only used by reverse proxy (e.g. Nginx)|
-|workbench1 |yes |no|no ||
|workbench2 |yes |no|no ||
</div>
^2^ If the reverse proxy (e.g. Nginx) does not run on the same host as the Arvados service it fronts, the @InternalURLs@ will need to be reachable from the host that runs the reverse proxy.
^3^ If the Prometheus metrics are not collected from the same machine that runs the service, the @InternalURLs@ will need to be reachable from the host that collects the metrics.
^4^ If dispatching containers to HPC (Slurm/LSF) and there are multiple @Controller@ services, they must be able to connect to one another using their InternalURLs, otherwise the "tunnel connections":{{site.baseurl}}/architecture/hpc.html enabling "container shell access":{{site.baseurl}}/install/container-shell-access.html will not work.
-^5^ All URLs in @Services.WebDAVDownload.InternalURLs@ must be reachable by all Controller services. Alternatively, each entry in @Services.Controller.InternalURLs@ must have a corresponding entry in @Services.WebDAVDownload.InternalURLs@ with the same hostname.
+^5^ All URLs in @Services.WebDAV.InternalURLs@ must be reachable by all Controller services. Alternatively, each entry in @Services.Controller.InternalURLs@ must have a corresponding entry in @Services.WebDAV.InternalURLs@ with the same hostname.
When @InternalURLs@ do not need to be reachable from other nodes, it is most secure to use loopback addresses as @InternalURLs@, e.g. @http://127.0.0.1:9005@.
If a client connects to the @Keepproxy@ service, it will talk to Nginx which will reverse proxy the traffic to the @Keepproxy@ service.
-h3. Workbench
-
-Consider this section for the @Workbench@ service:
-
-{% codeblock as yaml %}
- Workbench1:
- ExternalURL: "https://workbench.ClusterID.example.com"
-{% endcodeblock %}
-
-The @ExternalURL@ advertised is @https://workbench.ClusterID.example.com@. There is no value for @InternalURLs@ because Workbench1 is a Rails application served by Passenger. The only client connecting to the Passenger process is the reverse proxy (e.g. Nginx), and the listening host/post is configured in its configuration:
-
-<notextile><pre><code>
-server {
- listen 443 ssl;
- server_name workbench.ClusterID.example.com;
-
- ssl_certificate /YOUR/PATH/TO/cert.pem;
- ssl_certificate_key /YOUR/PATH/TO/cert.key;
-
- root /var/www/arvados-workbench/current/public;
- index index.html;
-
- passenger_enabled on;
- # If you're using RVM, uncomment the line below.
- #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
-
- # `client_max_body_size` should match the corresponding setting in
- # the API.MaxRequestSize and Controller's server's Nginx configuration.
- client_max_body_size 128m;
-}
-</code></pre></notextile>
-
h3. API server
Consider this section for the @RailsAPI@ service: