gitserver:~$ cd /var/www/arvados-api/current
-gitserver:/var/www/arvados-api/current$ sudo -u www-data RAILS_ENV=production `which rvm-exec` default bundle exec ./script/create_superuser_token.rb
+gitserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production `which rvm-exec` default bundle exec ./script/create_superuser_token.rb
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
gitserver:~$ cd /var/www/arvados-api/current
-gitserver:/var/www/arvados-api/current$ sudo -u www-data RAILS_ENV=production bundle exec ./script/create_superuser_token.rb
+gitserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production bundle exec ./script/create_superuser_token.rb
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
git@[...]:username/reponame.git
).
@@ -165,6 +169,13 @@ Add the following lines inside the section that begins @%RC = (@:
+Inside that section, adjust the 'UMASK' setting to @022@, to ensure the API server has permission to read repositories:
+
+ UMASK => 022,
+
+git_repo_ssh_base: git@git.uuid_prefix.your.domain:
+git_repo_ssh_base: "git@git.uuid_prefix.your.domain:"
sudo -u git \
+ ARVADOS_API_HOST=uuid_prefix.your.domain \
+ GITOLITE_HTTP_HOME=/var/lib/arvados/git \
+ GL_BYPASS_ACCESS_CHECKS=1 \
+ PATH="$PATH:/var/lib/arvados/git/bin" \
+ arvados-git-httpd -address=:9001 -git-command=/var/lib/arvados/git/gitolite/src/gitolite-shell -repo-root=/var/lib/arvados/git/repositories 2>&1
+
+
upstream arvados-git-httpd {
@@ -305,6 +331,8 @@ upstream arvados-git-httpd {
server {
listen [your public IP address]:443 ssl;
server_name git.uuid_prefix.your.domain;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
@@ -312,15 +340,6 @@ server {
location / {
proxy_pass http://arvados-git-httpd;
- proxy_redirect off;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
-
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
- proxy_set_header X-External-Client $external_client;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
@@ -328,7 +347,7 @@ server {
h3. Configure the API server to advertise the correct HTTPS URLs
-In your API server's @config/application.yml@ file, add the following entry:
+In your API server's @application.yml@ file, add the following entry:
git_repo_http_base: https://git.uuid_prefix.your.domain/
@@ -337,9 +356,9 @@ In your API server's @config/application.yml@ file, add the following entry:
Make sure to include the trailing slash.
-h2. Restart nginx
+h2. Restart Nginx
-Restart nginx to make the nginx and API server configuration changes take effect.
+Restart Nginx to make the Nginx and API server configuration changes take effect.
gitserver:~$ sudo nginx -s reload