X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/399a90e3372ce5255231179777190770934e585a..baccfce65b0c997202c22e36a2ebfc455eff0334:/doc/install/install-keepproxy.html.textile.liquid

diff --git a/doc/install/install-keepproxy.html.textile.liquid b/doc/install/install-keepproxy.html.textile.liquid
index 43c1c67265..e800bf45a5 100644
--- a/doc/install/install-keepproxy.html.textile.liquid
+++ b/doc/install/install-keepproxy.html.textile.liquid
@@ -4,8 +4,6 @@ navsection: installguide
 title: Install Keepproxy server
 ...
 
-This installation guide assumes you are on a 64 bit Debian or Ubuntu system.
-
 The Keepproxy server is a gateway into your Keep storage. Unlike the Keepstore servers, which are only accessible on the local LAN, Keepproxy is designed to provide secure access into Keep from anywhere on the internet.
 
 By convention, we use the following hostname for the Keepproxy:
@@ -20,13 +18,17 @@ This hostname should resolve from anywhere on the internet.
 
 h2. Install Keepproxy
 
-First add the Arvados apt repository, and then install the Keepproxy package.
+On Debian-based systems:
+
+<notextile>
+<pre><code>~$ <span class="userinput">sudo apt-get install keepproxy</span>
+</code></pre>
+</notextile>
+
+On Red Hat-based systems:
 
 <notextile>
-<pre><code>~$ <span class="userinput">echo "deb http://apt.arvados.org/ wheezy main" | sudo tee /etc/apt/sources.list.d/apt.arvados.org.list</span>
-~$ <span class="userinput">sudo /usr/bin/apt-key adv --keyserver pool.sks-keyservers.net --recv 1078ECD7</span>
-~$ <span class="userinput">sudo /usr/bin/apt-get update</span>
-~$ <span class="userinput">sudo /usr/bin/apt-get install keepproxy</span>
+<pre><code>~$ <span class="userinput">sudo yum install keepproxy</span>
 </code></pre>
 </notextile>
 
@@ -43,7 +45,7 @@ Usage of default:
 </code></pre>
 </notextile>
 
-It's recommended to run Keepproxy under "runit":https://packages.debian.org/search?keywords=runit or something similar.
+It's recommended to run Keepproxy under "runit":http://smarden.org/runit/ or something similar.
 
 h3. Create an API token for the Keepproxy server
 
@@ -64,6 +66,21 @@ Because the Keepproxy is intended for access from anywhere on the internet, it i
 
 This is best achieved by putting a reverse proxy with SSL support in front of Keepproxy. Keepproxy itself runs on port 25107 by default; your reverse proxy can run on port 443 and pass requests to Keepproxy on port 25107.
 
+If possible, the proxy should be configured to add CORS headers to its own error responses -- otherwise in-browser applications can't report proxy errors. For example, in nginx >= 1.7.5:
+
+<notextile><pre>
+server {
+  server_name keep.example.com
+  ...
+  add_header 'Access-Control-Allow-Methods' 'GET, HEAD, POST, PUT, OPTIONS' always
+  add_header 'Access-Control-Allow-Origin' '*' always
+  add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas' always
+  add_header 'Access-Control-Max-Age' '86486400' always
+}
+</pre></notextile>
+
+*Warning:* Make sure you don't inadvertently add CORS headers for services _other than keepproxy_ while you're doing this.
+
 h3. Tell the API server about the Keepproxy server
 
 The API server needs to be informed about the presence of your Keepproxy server. Please execute the following commands on your <strong>shell server</strong>.