X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/03ab4eb9958846104db35b6da50749ff9212655a..e3363715769a2503fdcbbb1274d7d04c6852c9c3:/doc/install/install-api-server.html.textile.liquid
diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid
index 50596e262a..4c9f168e82 100644
--- a/doc/install/install-api-server.html.textile.liquid
+++ b/doc/install/install-api-server.html.textile.liquid
@@ -10,10 +10,12 @@ SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
# "Introduction":#introduction
+# "Install dependencies":#dependencies
# "Set up database":#database-setup
# "Update config.yml":#update-config
# "Update nginx configuration":#update-nginx
-# "Install packages":#install-packages
+# "Install arvados-api-server and arvados-controller":#install-packages
+# "Confirm working installation":#confirm-working
h2(#introduction). Introduction
@@ -23,9 +25,14 @@ Here is a simplified diagram showing the relationship between the core services.
!(full-width){{site.baseurl}}/images/proxy-chain.svg!
-h2(#database-setup). Set up database
+h2(#dependencies). Install dependencies
+
+# "Install PostgreSQL":install-postgresql.html
+# "Install Ruby and Bundler":ruby.html
+# "Install nginx":nginx.html
+# "Install Phusion Passenger":https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/nginx/oss/install_passenger_main.html
-"On the node that will host the database, install PostgreSQL":install-postgresql.html .
+h2(#database-setup). Set up database
{% assign service_role = "arvados" %}
{% assign service_database = "arvados_production" %}
@@ -41,21 +48,20 @@ h3. Tokens
SystemRootToken: "$system_root_token"
ManagementToken: "$management_token"
- API:
- RailsSessionSecretToken: "$rails_secret_token"
+ Collections:
+ BlobSigningKey: "$blob_signing_key"
~$ tr -dc 0-9a-zA-Z </dev/urandom | head -c50; echo
+
~$ tr -dc 0-9a-zA-Z </dev/urandom | head -c50 ; echo
Services:
Controller:
- ExternalURL: "https://xxxxx.example.com"
+ ExternalURL: "https://ClusterID.example.com"
InternalURLs:
- "http://xxxxx.example.com:8003": {}
+ "http://localhost:8003": {}
RailsAPI:
# Does not have an ExternalURL
InternalURLs:
- "http://xxxxx.example.com:8004": {}
+ "http://localhost:8004": {}
-proxy_http_version 1.1;
+
proxy_http_version 1.1;
# When Keep clients request a list of Keep services from the API
# server, use the origin IP address to determine if the request came
@@ -110,45 +115,55 @@ proxy_http_version 1.1;
# "available keep services" request with either a list of internal keep
# servers (0) or with the keepproxy (1).
#
-# TODO: Following the example here, update the netmask to the
-# your internal subnet.
+# Following the example here, update the 10.20.30.0/24 netmask
+# to match your private subnet.
+# Update 1.2.3.4 and add lines as necessary with the public IP
+# address of all servers that can also access the private network to
+# ensure they are not considered 'external'.
geo $external_client {
default 1;
+ 127.0.0.0/24 0;
10.20.30.0/24 0;
+ 1.2.3.4/32 0;
}
# This is the port where nginx expects to contact arvados-controller.
upstream controller {
- server 127.0.0.1:8003 fail_timeout=10s;
+ server localhost:8003 fail_timeout=10s;
}
server {
# This configures the public https port that clients will actually connect to,
# the request is reverse proxied to the upstream 'controller'
- listen [TODO: replace with your public IP address]:443 ssl;
- server_name [TODO: replace with the api server hostname];
+ listen 443 ssl;
+ server_name ClusterID.example.com;
- ssl on;
- ssl_certificate /TODO/YOUR/PATH/TO/cert.pem;
- ssl_certificate_key /TODO/YOUR/PATH/TO/cert.key;
+ ssl_certificate /YOUR/PATH/TO/cert.pem;
+ ssl_certificate_key /YOUR/PATH/TO/cert.key;
# Refer to the comment about this setting in the passenger (arvados
# api server) section of your Nginx configuration.
client_max_body_size 128m;
location / {
- proxy_pass http://controller;
- proxy_redirect off;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
-
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
+ proxy_pass http://controller;
+ proxy_redirect off;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+ proxy_max_temp_file_size 0;
+ proxy_request_buffering off;
+ proxy_buffering off;
+ proxy_http_version 1.1;
+
+ proxy_set_header Host $http_host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
proxy_set_header X-External-Client $external_client;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Real-IP $remote_addr;
}
}
@@ -156,14 +171,16 @@ server {
# This configures the Arvados API server. It is written using Ruby
# on Rails and uses the Passenger application server.
- listen 127.0.0.1:8004;
+ listen localhost:8004;
server_name localhost-api;
root /var/www/arvados-api/current/public;
index index.html index.htm index.php;
passenger_enabled on;
- # If you're using RVM, uncomment the line below.
+
+ # If you are using RVM, uncomment the line below.
+ # If you're using system ruby, leave it commented out.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
# This value effectively limits the size of API objects users can
@@ -176,48 +193,35 @@ server {
-~$ sudo apt-get install bison build-essential libcurl4-openssl-dev git arvados-api-server arvados-controller
-
-~$ sudo yum install bison make automake gcc gcc-c++ libcurl-devel git arvados-api-server arvados-controller
-
-$ curl https://xxxxx.example.com/arvados/v1/config -+
$ curl https://ClusterID.example.com/arvados/v1/config
+
-$ curl https://xxxxx.example.com/discovery/v1/apis/arvados/v1/rest -+
$ curl https://ClusterID.example.com/discovery/v1/apis/arvados/v1/rest
+
-$ curl -H "Authorization: Bearer $system_root_token" https://xxxxx.example.com/arvados/v1/users/current -+
$ curl -H "Authorization: Bearer $system_root_token" https://ClusterID.example.com/arvados/v1/users/current
+