X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/28e50cc9480fdad416404542511a172cdc7253c7..afe3ee7d4dc3c5820e3af561f81c8267c671180b:/doc/install/install-keepproxy.html.textile.liquid?ds=sidebyside
diff --git a/doc/install/install-keepproxy.html.textile.liquid b/doc/install/install-keepproxy.html.textile.liquid
index 0839c0e521..999883b658 100644
--- a/doc/install/install-keepproxy.html.textile.liquid
+++ b/doc/install/install-keepproxy.html.textile.liquid
@@ -49,7 +49,7 @@ Edit the cluster config at @config.yml@ and set @Services.Keepproxy.ExternalURL@
h2(#update-nginx). Update Nginx configuration
-Put a reverse proxy with SSL support in front of Keepproxy. Keepproxy itself runs on the port 25107 (or whatever is specified in @Services.Keepproxy.InternalURL@) the reverse proxy runs on port 443 and forwards requests to Keepproxy.
+Put a reverse proxy with SSL support in front of Keepproxy. Keepproxy itself runs on the port 25107 (or whatever is specified in @Services.Keepproxy.InternalURL@) while the reverse proxy runs on port 443 and forwards requests to Keepproxy.
Use a text editor to create a new file @/etc/nginx/conf.d/keepproxy.conf@ with the following configuration. Options that need attention are marked in red.
@@ -58,7 +58,7 @@ Use a text editor to create a new file @/etc/nginx/conf.d/keepproxy.conf@ with t
}
server {
- listen *:443 ssl;
+ listen 443 ssl;
server_name keep.ClusterID.example.com;
proxy_connect_timeout 90s;
@@ -66,8 +66,8 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_request_buffering off;
+ proxy_max_temp_file_size 0;
- ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
ssl_certificate_key /YOUR/PATH/TO/cert.key;
@@ -92,6 +92,10 @@ Note: if the Web uploader is failing to upload data and there are no logs from k
h2(#confirm-working). Confirm working installation
+We recommend using the "Cluster diagnostics tool.":diagnostics.html Because Keepproxy is specifically a gateway used by outside clients, for this test you should run the diagnostics from a client machine outside the Arvados private network, and provide the @-external-client@ parameter.
+
+Here are some other checks you can perform manually.
+
Log into a host that is on a network external to your private Arvados network. The host should be able to contact your keepproxy server (eg @keep.ClusterID.example.com@), but not your keepstore servers (eg keep[0-9].ClusterID.example.com).
@ARVADOS_API_HOST@ and @ARVADOS_API_TOKEN@ must be set in the environment.