@@ -78,27 +89,26 @@ h3. Services
Services:
Controller:
- ExternalURL: "https://xxxxx.example.com"
+ ExternalURL: "https://ClusterID.example.com"
InternalURLs:
- "http://xxxxx.example.com:8003": {}
+ "http://localhost:8003": {}
RailsAPI:
# Does not have an ExternalURL
InternalURLs:
- "http://xxxxx.example.com:8004": {}
+ "http://localhost:8004": {}
-Replace @xxxxx.example.com@ with the hostname that you previously selected for the API server.
+Replace @ClusterID.example.com@ with the hostname that you previously selected for the API server.
The @Services@ section of the configuration helps Arvados components contact one another (service discovery). Each service has one or more @InternalURLs@ and an @ExternalURL@. The @InternalURLs@ describe where the service runs, and how the Nginx reverse proxy will connect to it. The @ExternalURL@ is how external clients contact the service.
h2(#update-nginx). Update nginx configuration
-Create a new file @/etc/nginx/conf.d/arvados-api-and-controller.conf@ . Configuration options that need attention are marked with "TODO".
+Use a text editor to create a new file @/etc/nginx/conf.d/arvados-api-and-controller.conf@ with the following configuration. Options that need attention are marked in red.
-
-proxy_http_version 1.1;
+proxy_http_version 1.1;
# When Keep clients request a list of Keep services from the API
# server, use the origin IP address to determine if the request came
@@ -110,29 +120,34 @@ proxy_http_version 1.1;
# "available keep services" request with either a list of internal keep
# servers (0) or with the keepproxy (1).
#
-# TODO: Following the example here, update the netmask to the
-# your internal subnet.
+# Following the example here, update the 10.20.30.0/24 netmask
+# to match your private subnet.
+# Update 1.2.3.4 and add lines as necessary with the public IP
+# address of all servers that can also access the private network to
+# ensure they are not considered 'external'.
geo $external_client {
default 1;
+ 127.0.0.0/24 0;
10.20.30.0/24 0;
+ 1.2.3.4/32 0;
}
# This is the port where nginx expects to contact arvados-controller.
upstream controller {
- server 127.0.0.1:8003 fail_timeout=10s;
+ server localhost:8003 fail_timeout=10s;
}
server {
# This configures the public https port that clients will actually connect to,
# the request is reverse proxied to the upstream 'controller'
- listen [TODO: replace with your public IP address]:443 ssl;
- server_name [TODO: replace with the api server hostname];
+ listen *:443 ssl;
+ server_name xxxxx.example.com;
ssl on;
- ssl_certificate /TODO/YOUR/PATH/TO/cert.pem;
- ssl_certificate_key /TODO/YOUR/PATH/TO/cert.key;
+ ssl_certificate /YOUR/PATH/TO/cert.pem;
+ ssl_certificate_key /YOUR/PATH/TO/cert.key;
# Refer to the comment about this setting in the passenger (arvados
# api server) section of your Nginx configuration.
@@ -156,14 +171,16 @@ server {
# This configures the Arvados API server. It is written using Ruby
# on Rails and uses the Passenger application server.
- listen 127.0.0.1:8004;
+ listen localhost:8004;
server_name localhost-api;
root /var/www/arvados-api/current/public;
index index.html index.htm index.php;
passenger_enabled on;
- # If you're using RVM, uncomment the line below.
+
+ # If you are using RVM, uncomment the line below.
+ # If you're using system ruby, leave it commented out.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
# This value effectively limits the size of API objects users can
@@ -176,48 +193,36 @@ server {
-h2(#install-packages). Install packages
+{% assign arvados_component = 'arvados-api-server arvados-controller' %}
-Step 1: "Install Ruby and Bundler":ruby.html
+{% include 'install_packages' %}
-Step 2: "Install Nginx and Phusion Passenger":https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/nginx/oss/install_passenger_main.html.
+{% assign arvados_component = 'arvados-controller' %}
-Step 3: Install arvados-api-server and arvados-controller
+{% include 'start_service' %}
-h3. Debian and Ubuntu
-
-
-~$ sudo apt-get install bison build-essential libcurl4-openssl-dev git arvados-api-server arvados-controller
-
-
-
-h3. Centos 7
-
-
-~$ sudo yum install bison make automake gcc gcc-c++ libcurl-devel git arvados-api-server arvados-controller
-
-
-
-h2. Confirm working installation
+h2(#confirm-working). Confirm working installation
Confirm working controller:
-
-$ curl https://xxxxx.example.com/arvados/v1/config
-
+$ curl https://ClusterID.example.com/arvados/v1/config
+
Confirm working Rails API server:
-
-$ curl https://xxxxx.example.com/discovery/v1/apis/arvados/v1/rest
-
+$ curl https://ClusterID.example.com/discovery/v1/apis/arvados/v1/rest
+
Confirm that you can use the system root token to act as the system root user:
-
-$ curl -H "Authorization: Bearer $system_root_token" https://xxxxx.example.com/arvados/v1/users/current
-
+
+$ curl -H "Authorization: Bearer $system_root_token" https://ClusterID.example.com/arvados/v1/users/current
+
+
+h3. Troubleshooting
+
+If you are getting TLS errors, make sure the @ssl_certificate@ directive in your nginx configuration has the "full certificate chain":http://nginx.org/en/docs/http/configuring_https_servers.html#chains
-h2. Troubleshooting
+Logs can be found in @/var/www/arvados-api/current/log/production.log@ and using @journalctl -u arvados-controller@.
-See the admin page on "Logging":{{site.baseurl}}/admin/logging.html .
+See also the admin page on "Logging":{{site.baseurl}}/admin/logging.html .