X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/39c17737ac69d7693684fe2f95bef0ec235a28bf..d3550a82c0111f46270af815668ca34d72d6a8df:/doc/install/install-keepproxy.html.textile.liquid
diff --git a/doc/install/install-keepproxy.html.textile.liquid b/doc/install/install-keepproxy.html.textile.liquid
index 9f580c0f8b..d3a60ad0f3 100644
--- a/doc/install/install-keepproxy.html.textile.liquid
+++ b/doc/install/install-keepproxy.html.textile.liquid
@@ -44,27 +44,30 @@ Verify that Keepproxy is functional:
~$ keepproxy -h
-...
-Usage: keepproxy [-config path/to/keepproxy.yml]
-...
+Usage of keepproxy:
+ -config file
+ Site configuration file (default may be overridden by setting an ARVADOS_CONFIG environment variable) (default "/etc/arvados/config.yml")
+ -dump-config
+ write current configuration to stdout and exit
+[...]
+ -version
+ print version information and exit.
-h3. Create an API token for the Keepproxy server
-
-{% assign railscmd = "bundle exec ./script/get_anonymous_user_token.rb --get" %}
-{% assign railsout = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" %}
-The Keepproxy server needs a token to talk to the API server. On the API server, use the following command to create the token. {% include 'install_rails_command' %}
-
-h3. Set up the Keepproxy service
+h3. Update the cluster config
-Install runit to supervise the keepproxy daemon. {% include 'install_runit' %}
-
-The run script for the keepproxy service should set the environment variables @ARVADOS_API_TOKEN@ (with the token you just generated), @ARVADOS_API_HOST@, and, if needed, @ARVADOS_API_HOST_INSECURE@. The core keepproxy command to run is:
+Edit the cluster config at @/etc/arvados/config.yml@ and set @Services.Keepproxy.ExternalURL@ and @Services.Keepproxy.InternalURLs@. Replace @uuid_prefix@ with your cluster id.
-ARVADOS_API_TOKEN={{railsout}} ARVADOS_API_HOST=uuid_prefix.your.domain exec keepproxy
-
+Clusters:
+ uuid_prefix:
+ Services:
+ Keepproxy:
+ ExternalURL: https://keep.uuid_prefix.your.domain
+ InternalURLs:
+ "http://localhost:25107": {}
+
h3. Set up a reverse proxy with SSL support
@@ -79,22 +82,24 @@ upstream keepproxy {
}
server {
- listen [your public IP address]:443 ssl;
- server_name keep.uuid_prefix.your.domain;
+ listen [your public IP address]:443 ssl;
+ server_name keep.uuid_prefix.your.domain;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
- proxy_set_header X-Real-IP $remote_addr;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_http_version 1.1;
+ proxy_request_buffering off;
- ssl on;
- ssl_certificate /etc/nginx/keep.uuid_prefix.your.domain-ssl.crt;
- ssl_certificate_key /etc/nginx/keep.uuid_prefix.your.domain-ssl.key;
+ ssl on;
+ ssl_certificate /etc/nginx/keep.uuid_prefix.your.domain-ssl.crt;
+ ssl_certificate_key /etc/nginx/keep.uuid_prefix.your.domain-ssl.key;
# Clients need to be able to upload blocks of data up to 64MiB in size.
- client_max_body_size 64m;
+ client_max_body_size 64m;
location / {
- proxy_pass http://keepproxy;
+ proxy_pass http://keepproxy;
}
}
@@ -105,7 +110,7 @@ h3. Tell the API server about the Keepproxy server
The API server needs to be informed about the presence of your Keepproxy server.
-First, if you don't already have an admin token, create a superuser token:
+First, if you don't already have an admin token, create a superuser token.
{% include 'create_superuser_token' %}
@@ -129,6 +134,32 @@ export ARVADOS_API_TOKEN=zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
EOF
+h2. Run Keepproxy
+
+h3. Start the service (option 1: systemd)
+
+If your system does not use systemd, skip this section and follow the "runit instructions":#runit instead.
+
+If your system uses systemd, the keepproxy service should already be set up. Start it and check its status:
+
+
+~$ sudo systemctl restart keepproxy
+~$ sudo systemctl status keepproxy
+● keepproxy.service - Arvados Keep Proxy
+ Loaded: loaded (/lib/systemd/system/keepproxy.service; enabled)
+ Active: active (running) since Tue 2019-07-23 09:33:47 EDT; 3 weeks 1 days ago
+ Docs: https://doc.arvados.org/
+ Main PID: 1150 (Keepproxy)
+ CGroup: /system.slice/keepproxy.service
+ ââ1150 /usr/bin/keepproxy
+[...]
+
+
+
+h3(#runit). Start the service (option 2: runit)
+
+Install runit to supervise the Keep-web daemon. {% include 'install_runit' %}
+
h3. Testing keepproxy
Log into a host that is on an external network from your private Arvados network. The host should be able to contact your keepproxy server (eg keep.$uuid_prefix.arvadosapi.com), but not your keepstore servers (eg keep[0-9].$uuid_prefix.arvadosapi.com).